TechSpot

Win7 64-bit infected with Trojan:DOS/Aluron.E

Solved
By s1m0n
Feb 7, 2012
  1. Hello everyone, my pc got infected few days ago by some virus that pretty much corrupted my windows, i have windows 7 64bit.

    I formated drive C, and instaled new windows, and suddnely i noticed my Microsoft Security Essentials started reporting i`m infected with: Trojan:DOS/Aluron.E

    [​IMG]

    No matter what i did i cant remove it, i saw you guys request logs from aswMBR & Bootkit.

    So i`ve attached them:

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-07 23:38:07
    -----------------------------
    23:38:07.847 OS Version: Windows x64 6.1.7601 Service Pack 1
    23:38:07.848 Number of processors: 8 586 0x1A05
    23:38:07.849 ComputerName: S1M0N-PC UserName: s1m0n
    23:38:08.552 Initialize success
    23:38:20.222 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    23:38:20.224 Disk 0 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953869MB BusType: 3
    23:38:20.227 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-3
    23:38:20.229 Disk 1 Vendor: WDC_WD20EARS-00J2GB0 80.00A80 Size: 1907729MB BusType: 3
    23:38:20.232 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T0L0-6
    23:38:20.235 Disk 2 Vendor: WDC_WD20EARS-00J2GB0 80.00A80 Size: 1907729MB BusType: 3
    23:38:20.239 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP4T0L0-5
    23:38:20.242 Disk 3 Vendor: Hitachi_HDP725050GLA360 GM4OA52A Size: 476940MB BusType: 3
    23:38:20.257 Disk 0 MBR read successfully
    23:38:20.261 Disk 0 MBR scan
    23:38:20.265 Disk 0 Windows 7 default MBR code
    23:38:20.269 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99900 MB offset 206848
    23:38:20.279 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100 MB offset 204802048
    23:38:20.291 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 853767 MB offset 205006848
    23:38:20.295 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 1 MB offset 1953521664
    23:38:20.299 Service scanning
    23:38:21.458 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    23:38:22.823 Modules scanning
    23:38:22.829 Disk 0 trace - called modules:
    23:38:22.840 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    23:38:22.846 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800adf6790]
    23:38:22.853 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800abce580]
    23:38:22.859 5 ACPI.sys[fffff88000f5d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800abcb060]
    23:38:22.865 Scan finished successfully
    23:39:11.521 Disk 0 MBR has been saved successfully to "C:\Users\s1m0n\Documents\MBR.dat"
    23:39:11.563 The log file has been saved successfully to "C:\Users\s1m0n\Documents\aswMBR.txt"
    23:39:21.759 Disk 0 MBR has been saved successfully to "C:\Users\s1m0n\Desktop\MBR.dat"
    23:39:21.764 The log file has been saved successfully to "C:\Users\s1m0n\Desktop\aswMBR.txt"


    --------


    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 64
    -bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    TDSKiller Log:

    22:59:25.0640 4772 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
    22:59:25.0897 4772 ============================================================
    22:59:25.0897 4772 Current date / time: 2012/02/07 22:59:25.0897
    22:59:25.0897 4772 SystemInfo:
    22:59:25.0898 4772
    22:59:25.0898 4772 OS Version: 6.1.7601 ServicePack: 1.0
    22:59:25.0898 4772 Product type: Workstation
    22:59:25.0898 4772 ComputerName: S1M0N-PC
    22:59:25.0898 4772 UserName: s1m0n
    22:59:25.0898 4772 Windows directory: C:\Windows
    22:59:25.0898 4772 System windows directory: C:\Windows
    22:59:25.0898 4772 Running under WOW64
    22:59:25.0898 4772 Processor architecture: Intel x64
    22:59:25.0898 4772 Number of processors: 8
    22:59:25.0898 4772 Page size: 0x1000
    22:59:25.0898 4772 Boot type: Normal boot
    22:59:25.0898 4772 ============================================================
    22:59:27.0417 4772 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:59:27.0432 4772 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:59:27.0432 4772 Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:59:27.0432 4772 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:59:27.0436 4772 \Device\Harddisk0\DR0:
    22:59:27.0436 4772 MBR used
    22:59:27.0436 4772 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
    22:59:27.0436 4772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x32000
    22:59:27.0436 4772 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC382800, BlocksNum 0x68383800
    22:59:27.0437 4772 \Device\Harddisk1\DR1:
    22:59:27.0437 4772 MBR used
    22:59:27.0437 4772 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
    22:59:27.0437 4772 \Device\Harddisk3\DR3:
    22:59:27.0437 4772 MBR used
    22:59:27.0437 4772 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
    22:59:27.0437 4772 \Device\Harddisk2\DR2:
    22:59:27.0437 4772 MBR used
    22:59:27.0437 4772 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
    22:59:27.0548 4772 Initialize success
    22:59:27.0548 4772 ============================================================
    22:59:35.0080 3496 ============================================================
    22:59:35.0080 3496 Scan started
    22:59:35.0080 3496 Mode: Manual; SigCheck; TDLFS;
    22:59:35.0080 3496 ============================================================
    22:59:36.0238 3496 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    22:59:36.0298 3496 1394ohci - ok
    22:59:36.0333 3496 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    22:59:36.0351 3496 ACPI - ok
    22:59:36.0379 3496 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    22:59:36.0428 3496 AcpiPmi - ok
    22:59:36.0458 3496 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    22:59:36.0482 3496 adp94xx - ok
    22:59:36.0497 3496 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    22:59:36.0516 3496 adpahci - ok
    22:59:36.0524 3496 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    22:59:36.0541 3496 adpu320 - ok
    22:59:36.0581 3496 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    22:59:36.0630 3496 AFD - ok
    22:59:36.0651 3496 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    22:59:36.0663 3496 agp440 - ok
    22:59:36.0677 3496 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    22:59:36.0686 3496 aliide - ok
    22:59:36.0714 3496 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    22:59:36.0724 3496 amdide - ok
    22:59:36.0740 3496 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    22:59:36.0796 3496 AmdK8 - ok
    22:59:37.0066 3496 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
    22:59:37.0326 3496 amdkmdag - ok
    22:59:37.0346 3496 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
    22:59:37.0389 3496 amdkmdap - ok
    22:59:37.0409 3496 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    22:59:37.0434 3496 AmdPPM - ok
    22:59:37.0468 3496 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    22:59:37.0479 3496 amdsata - ok
    22:59:37.0491 3496 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    22:59:37.0507 3496 amdsbs - ok
    22:59:37.0514 3496 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    22:59:37.0523 3496 amdxata - ok
    22:59:37.0562 3496 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    22:59:37.0664 3496 AppID - ok
    22:59:37.0683 3496 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    22:59:37.0697 3496 arc - ok
    22:59:37.0703 3496 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    22:59:37.0717 3496 arcsas - ok
    22:59:37.0733 3496 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    22:59:37.0826 3496 AsyncMac - ok
    22:59:37.0851 3496 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    22:59:37.0861 3496 atapi - ok
    22:59:37.0888 3496 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
    22:59:37.0917 3496 AtiHDAudioService - ok
    22:59:37.0944 3496 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    22:59:37.0988 3496 b06bdrv - ok
    22:59:38.0013 3496 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:59:38.0046 3496 b57nd60a - ok
    22:59:38.0068 3496 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    22:59:38.0100 3496 Beep - ok
    22:59:38.0138 3496 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    22:59:38.0156 3496 blbdrive - ok
    22:59:38.0179 3496 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    22:59:38.0210 3496 bowser - ok
    22:59:38.0216 3496 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    22:59:38.0263 3496 BrFiltLo - ok
    22:59:38.0268 3496 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    22:59:38.0283 3496 BrFiltUp - ok
    22:59:38.0310 3496 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\system32\DRIVERS\BrSerId.sys
    22:59:38.0339 3496 Brserid - ok
    22:59:38.0346 3496 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    22:59:38.0371 3496 BrSerWdm - ok
    22:59:38.0378 3496 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:59:38.0393 3496 BrUsbMdm - ok
    22:59:38.0399 3496 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\DRIVERS\BrUsbSer.sys
    22:59:38.0421 3496 BrUsbSer - ok
    22:59:38.0428 3496 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    22:59:38.0455 3496 BTHMODEM - ok
    22:59:38.0478 3496 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    22:59:38.0513 3496 cdfs - ok
    22:59:38.0554 3496 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    22:59:38.0592 3496 cdrom - ok
    22:59:38.0607 3496 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    22:59:38.0640 3496 circlass - ok
    22:59:38.0685 3496 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    22:59:38.0708 3496 CLFS - ok
    22:59:38.0732 3496 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    22:59:38.0746 3496 CmBatt - ok
    22:59:38.0769 3496 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    22:59:38.0778 3496 cmdide - ok
    22:59:38.0825 3496 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    22:59:38.0857 3496 CNG - ok
    22:59:38.0868 3496 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    22:59:38.0881 3496 Compbatt - ok
    22:59:38.0916 3496 CompFilter64 (403433d758c2d8908937265c1fb34f34) C:\Windows\system32\DRIVERS\lvbflt64.sys
    22:59:38.0925 3496 CompFilter64 - ok
    22:59:38.0947 3496 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    22:59:38.0963 3496 CompositeBus - ok
    22:59:38.0978 3496 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    22:59:38.0991 3496 crcdisk - ok
    22:59:39.0033 3496 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    22:59:39.0082 3496 CSC - ok
    22:59:39.0104 3496 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    22:59:39.0139 3496 DfsC - ok
    22:59:39.0147 3496 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    22:59:39.0185 3496 discache - ok
    22:59:39.0205 3496 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    22:59:39.0216 3496 Disk - ok
    22:59:39.0249 3496 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    22:59:39.0270 3496 drmkaud - ok
    22:59:39.0304 3496 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    22:59:39.0327 3496 DXGKrnl - ok
    22:59:39.0381 3496 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    22:59:39.0451 3496 ebdrv - ok
    22:59:39.0465 3496 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    22:59:39.0489 3496 elxstor - ok
    22:59:39.0515 3496 emAudio (09cdf93151ae257c40591905975c0e36) C:\Windows\system32\drivers\emAudio64.sys
    22:59:39.0545 3496 emAudio - ok
    22:59:39.0565 3496 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    22:59:39.0586 3496 ErrDev - ok
    22:59:39.0597 3496 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    22:59:39.0632 3496 exfat - ok
    22:59:39.0640 3496 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    22:59:39.0675 3496 fastfat - ok
    22:59:39.0689 3496 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    22:59:39.0720 3496 fdc - ok
    22:59:39.0729 3496 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    22:59:39.0746 3496 FileInfo - ok
    22:59:39.0761 3496 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    22:59:39.0806 3496 Filetrace - ok
    22:59:39.0812 3496 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    22:59:39.0825 3496 flpydisk - ok
    22:59:39.0850 3496 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    22:59:39.0877 3496 FltMgr - ok
    22:59:39.0902 3496 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    22:59:39.0913 3496 FsDepends - ok
    22:59:39.0930 3496 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    22:59:39.0939 3496 Fs_Rec - ok
    22:59:39.0969 3496 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    22:59:39.0985 3496 fvevol - ok
    22:59:40.0001 3496 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    22:59:40.0015 3496 gagp30kx - ok
    22:59:40.0034 3496 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    22:59:40.0059 3496 hcw85cir - ok
    22:59:40.0097 3496 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    22:59:40.0131 3496 HdAudAddService - ok
    22:59:40.0153 3496 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    22:59:40.0170 3496 HDAudBus - ok
    22:59:40.0191 3496 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    22:59:40.0214 3496 HidBatt - ok
    22:59:40.0222 3496 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    22:59:40.0240 3496 HidBth - ok
    22:59:40.0246 3496 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    22:59:40.0269 3496 HidIr - ok
    22:59:40.0288 3496 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    22:59:40.0306 3496 HidUsb - ok
    22:59:40.0331 3496 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    22:59:40.0342 3496 HpSAMD - ok
    22:59:40.0376 3496 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    22:59:40.0427 3496 HTTP - ok
    22:59:40.0459 3496 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    22:59:40.0468 3496 hwpolicy - ok
    22:59:40.0491 3496 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    22:59:40.0508 3496 i8042prt - ok
    22:59:40.0537 3496 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    22:59:40.0554 3496 iaStorV - ok
    22:59:40.0573 3496 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    22:59:40.0586 3496 iirsp - ok
    22:59:40.0602 3496 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    22:59:40.0612 3496 intelide - ok
    22:59:40.0618 3496 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    22:59:40.0635 3496 intelppm - ok
    22:59:40.0718 3496 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:59:40.0758 3496 IpFilterDriver - ok
    22:59:40.0861 3496 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    22:59:40.0887 3496 IPMIDRV - ok
    22:59:40.0904 3496 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    22:59:40.0944 3496 IPNAT - ok
    22:59:40.0950 3496 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    22:59:40.0992 3496 IRENUM - ok
    22:59:41.0008 3496 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    22:59:41.0018 3496 isapnp - ok
    22:59:41.0044 3496 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    22:59:41.0060 3496 iScsiPrt - ok
    22:59:41.0074 3496 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    22:59:41.0084 3496 kbdclass - ok
    22:59:41.0105 3496 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    22:59:41.0121 3496 kbdhid - ok
    22:59:41.0140 3496 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    22:59:41.0152 3496 KSecDD - ok
    22:59:41.0159 3496 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    22:59:41.0173 3496 KSecPkg - ok
    22:59:41.0184 3496 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    22:59:41.0223 3496 ksthunk - ok
    22:59:41.0241 3496 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    22:59:41.0277 3496 lltdio - ok
    22:59:41.0297 3496 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    22:59:41.0312 3496 LSI_FC - ok
    22:59:41.0318 3496 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    22:59:41.0340 3496 LSI_SAS - ok
    22:59:41.0346 3496 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    22:59:41.0359 3496 LSI_SAS2 - ok
    22:59:41.0366 3496 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    22:59:41.0380 3496 LSI_SCSI - ok
    22:59:41.0388 3496 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    22:59:41.0429 3496 luafv - ok
    22:59:41.0465 3496 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
    22:59:41.0480 3496 LVRS64 - ok
    22:59:41.0630 3496 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
    22:59:41.0686 3496 LVUVC64 - ok
    22:59:41.0694 3496 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    22:59:41.0706 3496 megasas - ok
    22:59:41.0719 3496 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    22:59:41.0743 3496 MegaSR - ok
    22:59:41.0751 3496 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    22:59:41.0788 3496 Modem - ok
    22:59:41.0807 3496 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    22:59:41.0829 3496 monitor - ok
    22:59:41.0856 3496 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    22:59:41.0866 3496 mouclass - ok
    22:59:41.0880 3496 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    22:59:41.0901 3496 mouhid - ok
    22:59:41.0925 3496 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    22:59:41.0939 3496 mountmgr - ok
    22:59:41.0966 3496 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
    22:59:41.0980 3496 MpFilter - ok
    22:59:42.0005 3496 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    22:59:42.0018 3496 mpio - ok
    22:59:42.0032 3496 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
    22:59:42.0043 3496 MpNWMon - ok
    22:59:42.0059 3496 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    22:59:42.0095 3496 mpsdrv - ok
    22:59:42.0115 3496 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    22:59:42.0160 3496 MRxDAV - ok
    22:59:42.0179 3496 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:59:42.0217 3496 mrxsmb - ok
    22:59:42.0235 3496 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:59:42.0262 3496 mrxsmb10 - ok
    22:59:42.0284 3496 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:59:42.0303 3496 mrxsmb20 - ok
    22:59:42.0323 3496 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    22:59:42.0332 3496 msahci - ok
    22:59:42.0363 3496 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    22:59:42.0375 3496 msdsm - ok
    22:59:42.0403 3496 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    22:59:42.0432 3496 Msfs - ok
    22:59:42.0443 3496 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    22:59:42.0476 3496 mshidkmdf - ok
    22:59:42.0505 3496 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    22:59:42.0514 3496 msisadrv - ok
    22:59:42.0544 3496 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    22:59:42.0580 3496 MSKSSRV - ok
    22:59:42.0598 3496 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    22:59:42.0630 3496 MSPCLOCK - ok
    22:59:42.0639 3496 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    22:59:42.0674 3496 MSPQM - ok
    22:59:42.0706 3496 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    22:59:42.0724 3496 MsRPC - ok
    22:59:42.0731 3496 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    22:59:42.0742 3496 mssmbios - ok
    22:59:42.0757 3496 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    22:59:42.0787 3496 MSTEE - ok
    22:59:42.0797 3496 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    22:59:42.0824 3496 MTConfig - ok
    22:59:42.0851 3496 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
    22:59:42.0874 3496 MTsensor - ok
    22:59:42.0890 3496 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    22:59:42.0904 3496 Mup - ok
    22:59:42.0923 3496 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    22:59:42.0955 3496 NativeWifiP - ok
    22:59:42.0992 3496 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    22:59:43.0021 3496 NDIS - ok
    22:59:43.0033 3496 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    22:59:43.0062 3496 NdisCap - ok
    22:59:43.0076 3496 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    22:59:43.0117 3496 NdisTapi - ok
    22:59:43.0156 3496 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    22:59:43.0186 3496 Ndisuio - ok
    22:59:43.0207 3496 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    22:59:43.0251 3496 NdisWan - ok
    22:59:43.0281 3496 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    22:59:43.0318 3496 NDProxy - ok
    22:59:43.0325 3496 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    22:59:43.0354 3496 NetBIOS - ok
    22:59:43.0384 3496 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    22:59:43.0438 3496 NetBT - ok
    22:59:43.0467 3496 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    22:59:43.0480 3496 nfrd960 - ok
    22:59:43.0503 3496 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    22:59:43.0513 3496 NisDrv - ok
    22:59:43.0521 3496 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    22:59:43.0563 3496 Npfs - ok
    22:59:43.0570 3496 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    22:59:43.0610 3496 nsiproxy - ok
    22:59:43.0737 3496 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    22:59:43.0776 3496 Ntfs - ok
    22:59:43.0788 3496 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    22:59:43.0831 3496 Null - ok
    22:59:43.0858 3496 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    22:59:43.0871 3496 nvraid - ok
    22:59:43.0886 3496 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    22:59:43.0897 3496 nvstor - ok
    22:59:43.0910 3496 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    22:59:43.0923 3496 nv_agp - ok
    22:59:43.0939 3496 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    22:59:43.0957 3496 ohci1394 - ok
    22:59:43.0970 3496 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    22:59:43.0988 3496 Parport - ok
    22:59:44.0009 3496 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    22:59:44.0021 3496 partmgr - ok
    22:59:44.0038 3496 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    22:59:44.0051 3496 pci - ok
    22:59:44.0068 3496 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    22:59:44.0076 3496 pciide - ok
    22:59:44.0084 3496 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    22:59:44.0104 3496 pcmcia - ok
    22:59:44.0117 3496 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    22:59:44.0131 3496 pcw - ok
    22:59:44.0149 3496 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    22:59:44.0189 3496 PEAUTH - ok
    22:59:44.0232 3496 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    22:59:44.0265 3496 PptpMiniport - ok
    22:59:44.0271 3496 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    22:59:44.0295 3496 Processor - ok
    22:59:44.0331 3496 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    22:59:44.0369 3496 Psched - ok
    22:59:44.0416 3496 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    22:59:44.0453 3496 ql2300 - ok
    22:59:44.0469 3496 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    22:59:44.0483 3496 ql40xx - ok
    22:59:44.0497 3496 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    22:59:44.0515 3496 QWAVEdrv - ok
    22:59:44.0522 3496 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    22:59:44.0550 3496 RasAcd - ok
    22:59:44.0571 3496 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:59:44.0601 3496 RasAgileVpn - ok
    22:59:44.0627 3496 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:59:44.0668 3496 Rasl2tp - ok
    22:59:44.0676 3496 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    22:59:44.0707 3496 RasPppoe - ok
    22:59:44.0716 3496 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    22:59:44.0748 3496 RasSstp - ok
    22:59:44.0784 3496 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    22:59:44.0827 3496 rdbss - ok
    22:59:44.0833 3496 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    22:59:44.0849 3496 rdpbus - ok
    22:59:44.0865 3496 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:59:44.0890 3496 RDPCDD - ok
    22:59:44.0930 3496 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    22:59:44.0965 3496 RDPDR - ok
    22:59:44.0980 3496 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    22:59:45.0015 3496 RDPENCDD - ok
    22:59:45.0022 3496 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    22:59:45.0046 3496 RDPREFMP - ok
    22:59:45.0074 3496 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
    22:59:45.0109 3496 RdpVideoMiniport - ok
    22:59:45.0138 3496 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    22:59:45.0172 3496 RDPWD - ok
    22:59:45.0207 3496 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    22:59:45.0220 3496 rdyboost - ok
    22:59:45.0248 3496 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    22:59:45.0281 3496 rspndr - ok
    22:59:45.0296 3496 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    22:59:45.0324 3496 s3cap - ok
    22:59:45.0348 3496 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    22:59:45.0359 3496 sbp2port - ok
    22:59:45.0376 3496 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    22:59:45.0416 3496 scfilter - ok
    22:59:45.0426 3496 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    22:59:45.0465 3496 secdrv - ok
    22:59:45.0494 3496 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    22:59:45.0516 3496 Serenum - ok
    22:59:45.0532 3496 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    22:59:45.0547 3496 Serial - ok
    22:59:45.0555 3496 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    22:59:45.0578 3496 sermouse - ok
    22:59:45.0615 3496 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    22:59:45.0646 3496 sffdisk - ok
    22:59:45.0661 3496 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    22:59:45.0684 3496 sffp_mmc - ok
    22:59:45.0690 3496 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    22:59:45.0711 3496 sffp_sd - ok
    22:59:45.0717 3496 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    22:59:45.0731 3496 sfloppy - ok
    22:59:45.0750 3496 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    22:59:45.0763 3496 SiSRaid2 - ok
    22:59:45.0769 3496 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    22:59:45.0783 3496 SiSRaid4 - ok
    22:59:45.0815 3496 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    22:59:45.0852 3496 Smb - ok
    22:59:45.0871 3496 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    22:59:45.0883 3496 spldr - ok
    22:59:45.0922 3496 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    22:59:45.0955 3496 srv - ok
    22:59:45.0978 3496 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    22:59:46.0012 3496 srv2 - ok
    22:59:46.0031 3496 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    22:59:46.0052 3496 srvnet - ok
    22:59:46.0061 3496 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    22:59:46.0073 3496 stexstor - ok
    22:59:46.0102 3496 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    22:59:46.0112 3496 storflt - ok
    22:59:46.0125 3496 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    22:59:46.0135 3496 storvsc - ok
    22:59:46.0145 3496 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    22:59:46.0155 3496 swenum - ok
    22:59:46.0172 3496 Synth3dVsc - ok
    22:59:46.0240 3496 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    22:59:46.0287 3496 Tcpip - ok
    22:59:46.0321 3496 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    22:59:46.0356 3496 TCPIP6 - ok
    22:59:46.0379 3496 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    22:59:46.0419 3496 tcpipreg - ok
    22:59:46.0436 3496 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    22:59:46.0475 3496 TDPIPE - ok
    22:59:46.0481 3496 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    22:59:46.0510 3496 TDTCP - ok
    22:59:46.0543 3496 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    22:59:46.0575 3496 tdx - ok
    22:59:46.0591 3496 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    22:59:46.0601 3496 TermDD - ok
    22:59:46.0639 3496 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:59:46.0678 3496 tssecsrv - ok
    22:59:46.0697 3496 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    22:59:46.0732 3496 TsUsbFlt - ok
    22:59:46.0743 3496 tsusbhub - ok
    22:59:46.0789 3496 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    22:59:46.0828 3496 tunnel - ok
    22:59:46.0834 3496 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    22:59:46.0849 3496 uagp35 - ok
    22:59:46.0901 3496 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    22:59:46.0943 3496 udfs - ok
    22:59:46.0973 3496 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    22:59:46.0984 3496 uliagpkx - ok
    22:59:47.0026 3496 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    22:59:47.0049 3496 umbus - ok
    22:59:47.0070 3496 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    22:59:47.0087 3496 UmPass - ok
    22:59:47.0153 3496 USB28xxBGA (9494736e4865f9b3a0a525ee9ab0d991) C:\Windows\system32\DRIVERS\emBDA64.sys
    22:59:47.0190 3496 USB28xxBGA - ok
    22:59:47.0237 3496 USB28xxOEM (612fc1cb117ccf62d3c55488c8aebd82) C:\Windows\system32\DRIVERS\emOEM64.sys
    22:59:47.0278 3496 USB28xxOEM - ok
    22:59:47.0305 3496 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    22:59:47.0343 3496 usbaudio - ok
    22:59:47.0364 3496 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    22:59:47.0397 3496 usbccgp - ok
    22:59:47.0437 3496 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    22:59:47.0484 3496 usbcir - ok
    22:59:47.0560 3496 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    22:59:47.0585 3496 usbehci - ok
    22:59:47.0669 3496 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    22:59:47.0735 3496 usbhub - ok
    22:59:47.0789 3496 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    22:59:47.0816 3496 usbohci - ok
    22:59:47.0866 3496 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    22:59:47.0896 3496 usbprint - ok
    22:59:47.0956 3496 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    22:59:47.0981 3496 usbscan - ok
    22:59:48.0069 3496 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
    22:59:48.0112 3496 USBSTOR - ok
    22:59:48.0143 3496 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    22:59:48.0171 3496 usbuhci - ok
    22:59:48.0230 3496 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    22:59:48.0265 3496 usbvideo - ok
    22:59:48.0316 3496 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    22:59:48.0326 3496 vdrvroot - ok
    22:59:48.0376 3496 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    22:59:48.0403 3496 vga - ok
    22:59:48.0435 3496 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    22:59:48.0483 3496 VgaSave - ok
    22:59:48.0506 3496 VGPU - ok
    22:59:48.0564 3496 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    22:59:48.0584 3496 vhdmp - ok
    22:59:48.0647 3496 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    22:59:48.0665 3496 viaide - ok
    22:59:48.0725 3496 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    22:59:48.0739 3496 vmbus - ok
    22:59:48.0760 3496 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    22:59:48.0774 3496 VMBusHID - ok
    22:59:48.0824 3496 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    22:59:48.0846 3496 volmgr - ok
    22:59:48.0900 3496 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    22:59:48.0915 3496 volmgrx - ok
    22:59:48.0959 3496 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    22:59:48.0974 3496 volsnap - ok
    22:59:49.0046 3496 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    22:59:49.0081 3496 vsmraid - ok
    22:59:49.0101 3496 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    22:59:49.0132 3496 vwifibus - ok
    22:59:49.0154 3496 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    22:59:49.0179 3496 WacomPen - ok
    22:59:49.0239 3496 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    22:59:49.0313 3496 WANARP - ok
    22:59:49.0329 3496 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    22:59:49.0366 3496 Wanarpv6 - ok
    22:59:49.0421 3496 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    22:59:49.0456 3496 Wd - ok
    22:59:49.0581 3496 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    22:59:49.0627 3496 Wdf01000 - ok
    22:59:49.0662 3496 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    22:59:49.0701 3496 WfpLwf - ok
    22:59:49.0771 3496 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    22:59:49.0796 3496 WIMMount - ok
    22:59:49.0895 3496 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    22:59:49.0950 3496 WinUsb - ok
    22:59:50.0007 3496 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    22:59:50.0032 3496 WmiAcpi - ok
    22:59:50.0099 3496 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    22:59:50.0172 3496 ws2ifsl - ok
    22:59:50.0253 3496 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    22:59:50.0326 3496 WudfPf - ok
    22:59:50.0349 3496 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:59:50.0400 3496 WUDFRd - ok
    22:59:50.0454 3496 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
    22:59:50.0559 3496 yukonw7 - ok
    22:59:50.0584 3496 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    22:59:50.0768 3496 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    22:59:50.0769 3496 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    22:59:50.0772 3496 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    22:59:51.0261 3496 \Device\Harddisk1\DR1 - ok
    22:59:51.0263 3496 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
    22:59:51.0329 3496 \Device\Harddisk3\DR3 - ok
    22:59:51.0331 3496 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
    22:59:51.0798 3496 \Device\Harddisk2\DR2 - ok
    22:59:51.0810 3496 Boot (0x1200) (36e2f8bff9966fae6be63bb8d6327a8e) \Device\Harddisk0\DR0\Partition0
    22:59:51.0811 3496 \Device\Harddisk0\DR0\Partition0 - ok
    22:59:51.0823 3496 Boot (0x1200) (c1e11ffd0d3cb674c9ff56f466f1ef93) \Device\Harddisk0\DR0\Partition1
    22:59:51.0824 3496 \Device\Harddisk0\DR0\Partition1 - ok
    22:59:51.0835 3496 Boot (0x1200) (07c4493cefad2ffa40a07d63d5504ed0) \Device\Harddisk0\DR0\Partition2
    22:59:51.0836 3496 \Device\Harddisk0\DR0\Partition2 - ok
    22:59:51.0839 3496 Boot (0x1200) (fb29f55cb2c54ba7f1a93428ef178c79) \Device\Harddisk1\DR1\Partition0
    22:59:51.0840 3496 \Device\Harddisk1\DR1\Partition0 - ok
    22:59:51.0843 3496 Boot (0x1200) (361e48abbc5e42ee987675ce8904ea9b) \Device\Harddisk3\DR3\Partition0
    22:59:51.0844 3496 \Device\Harddisk3\DR3\Partition0 - ok
    22:59:51.0847 3496 Boot (0x1200) (faf6c3c99087d63ff8a9c446906b4e70) \Device\Harddisk2\DR2\Partition0
    22:59:51.0847 3496 \Device\Harddisk2\DR2\Partition0 - ok
    22:59:51.0848 3496 ============================================================
    22:59:51.0848 3496 Scan finished
    22:59:51.0848 3496 ============================================================
    22:59:51.0855 4368 Detected object count: 1
    22:59:51.0855 4368 Actual detected object count: 1
    23:00:08.0260 4368 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
    23:00:08.0302 4368 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
    23:00:08.0308 4368 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
    23:00:08.0310 4368 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
    23:00:08.0311 4368 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
    23:00:08.0314 4368 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
    23:00:08.0374 4368 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
    23:00:08.0383 4368 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
    23:00:08.0387 4368 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
    23:00:08.0415 4368 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    23:00:08.0473 4368 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    23:00:08.0523 4368 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    23:00:08.0572 4368 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    23:00:08.0622 4368 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
    23:00:08.0630 4368 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
    23:00:08.0632 4368 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
    23:00:08.0634 4368 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
    23:00:08.0680 4368 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
    23:00:08.0717 4368 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
    23:00:08.0772 4368 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
    23:00:08.0851 4368 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
    23:00:08.0909 4368 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
    23:00:09.0141 4368 \Device\Harddisk0\DR0\TDLFS\sant64 - copied to quarantine
    23:00:09.0310 4368 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
    23:00:09.0316 4368 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
    23:00:09.0342 4368 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
    23:00:09.0344 4368 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
    23:03:03.0442 4504 Deinitialize success


    Done;
    Press any key to quit...

    Any help would be more then appreciated.
  2. s1m0n

    s1m0n TS Rookie Topic Starter Posts: 24

    DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by s1m0n at 0:11:59 on 2012-02-08
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.9815 [GMT 2:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
    E:\Apps\QIP\QIP 2010\qip.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\DisplayFusion\AppHookx86.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig
    mWinlogon: Userinit=userinit.exe
    BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Google Update] "C:\Users\s1m0n\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
    uRun: [Infium] "E:\Apps\QIP\QIP 2010\qip.exe" /autorun
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    TCP: DhcpNameServer = 192.168.14.1
    TCP: Interfaces\{FAD6EBC1-9E99-4501-86F3-557970E0CB69} : DhcpNameServer = 192.168.14.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO-X64: RoboForm BHO - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\s1m0n\AppData\Roaming\Mozilla\Firefox\Profiles\7eye2j3i.default\
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrlui.dll
    FF - plugin: C:\Users\s1m0n\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-7 652360]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-7 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-7 136176]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-02-07 22:03:55 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EA897F2D-9C74-4AFC-94FD-E206EF6CAE12}\offreg.dll
    2012-02-07 21:49:18 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-02-07 21:49:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-02-07 21:31:39 -------- d-----w- C:\Windows\SysWow64\ru
    2012-02-07 21:31:39 -------- d-----w- C:\Windows\SysWow64\drivers\ru-RU
    2012-02-07 21:31:37 -------- d-----w- C:\Windows\SysWow64\wbem\ru-RU
    2012-02-07 21:31:26 -------- d-----w- C:\Windows\System32\drivers\UMDF\ru-RU
    2012-02-07 21:31:25 -------- d-----w- C:\Windows\System32\drivers\ru-RU
    2012-02-07 21:31:21 -------- d-----w- C:\Windows\System32\wbem\ru-RU
    2012-02-07 21:31:21 -------- d-----w- C:\Windows\System32\ru
    2012-02-07 21:31:12 -------- d-----w- C:\Windows\ru-RU
    2012-02-07 21:27:59 5120 ----a-w- C:\Windows\System32\drivers\ru-RU\fltmgr.sys.mui
    2012-02-07 21:26:36 -------- d-----w- C:\Windows\SysWow64\XPSViewer
    2012-02-07 21:26:36 -------- d-----w- C:\Windows\SysWow64\he
    2012-02-07 21:26:36 -------- d-----w- C:\Windows\SysWow64\drivers\he-IL
    2012-02-07 21:26:35 -------- d-----w- C:\Windows\SysWow64\wbem\he-IL
    2012-02-07 21:26:27 -------- d-----w- C:\Windows\System32\he
    2012-02-07 21:26:27 -------- d-----w- C:\Windows\System32\drivers\UMDF\he-IL
    2012-02-07 21:26:26 -------- d-----w- C:\Windows\System32\drivers\he-IL
    2012-02-07 21:26:22 -------- d-----w- C:\Windows\System32\wbem\he-IL
    2012-02-07 21:26:11 -------- d-----w- C:\Windows\he-IL
    2012-02-07 21:23:10 24576 ----a-w- C:\Windows\System32\drivers\he-IL\usbport.sys.mui
    2012-02-07 21:23:08 5632 ----a-w- C:\Windows\System32\drivers\he-IL\rdvgkmd.sys.mui
    2012-02-07 21:23:08 2560 ----a-w- C:\Windows\System32\drivers\he-IL\rdpwd.sys.mui
    2012-02-07 21:23:07 7168 ----a-w- C:\Windows\System32\drivers\he-IL\tunnel.sys.mui
    2012-02-07 21:23:07 4096 ----a-w- C:\Windows\System32\drivers\he-IL\tsusbhub.sys.mui
    2012-02-07 21:23:07 3072 ----a-w- C:\Windows\System32\drivers\he-IL\tsusbflt.sys.mui
    2012-02-07 21:23:05 9728 ----a-w- C:\Windows\System32\drivers\he-IL\battc.sys.mui
    2012-02-07 20:22:25 -------- d-----w- C:\Windows\Panther
    2012-02-07 20:22:12 -------- d-sh--w- C:\Boot
    2012-02-07 18:55:24 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-07 18:31:15 -------- d-----w- C:\Users\s1m0n\AppData\Roaming\Malwarebytes
    2012-02-07 18:31:04 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-02-07 17:39:33 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF30BF7C-EF1C-4F57-B5A3-F603B9830E62}\gapaengine.dll
    2012-02-07 17:39:29 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EA897F2D-9C74-4AFC-94FD-E206EF6CAE12}\mpengine.dll
    2012-02-07 17:38:19 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-02-07 17:38:16 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-02-07 17:38:10 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
    2012-02-07 17:37:08 -------- d-----w- C:\Windows\System32\SPReview
    2012-02-07 17:36:54 -------- d-----w- C:\Windows\System32\EventProviders
    2012-02-07 17:33:59 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
    2012-02-07 13:16:55 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2012-02-07 13:12:07 -------- d-----w- C:\Users\s1m0n\AppData\Local\AIM
    2012-02-07 13:10:34 -------- d-----w- C:\Windows\pss
    2012-02-07 13:07:50 -------- d-----w- C:\Users\s1m0n\AppData\Local\{335CCFA5-AE7D-4BB8-B4C6-99E2C71FCA45}
    2012-02-07 13:07:40 -------- d-----w- C:\Users\s1m0n\AppData\Local\{01CE22F7-C3CE-41BD-B87F-E7D52F0188C0}
    2012-02-07 13:07:28 -------- d-----w- C:\Users\s1m0n\Tracing
    2012-02-07 13:04:54 -------- d-----w- C:\Windows\PCHEALTH
    2012-02-07 13:03:34 -------- d-----w- C:\Users\s1m0n\AppData\Local\Windows Live
    2012-02-07 13:03:32 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
    2012-02-07 11:29:57 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2012-02-07 11:29:56 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-02-07 11:29:56 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-02-07 11:29:56 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-02-07 11:29:56 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-02-07 11:26:58 -------- d-----w- C:\Users\s1m0n\AppData\Local\ATI
    2012-02-07 11:25:33 0 ----a-w- C:\Windows\ativpsrm.bin
    2012-02-07 11:16:36 -------- d-----w- C:\Program Files (x86)\Siber Systems
    2012-02-07 11:15:28 -------- d-----w- C:\Users\s1m0n\AppData\Local\Logitech® Webcam Software
    2012-02-07 11:12:10 53248 ----a-r- C:\Users\s1m0n\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2012-02-07 11:11:54 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
    2012-02-07 11:09:32 -------- d-----r- C:\Program Files (x86)\Skype
    2012-02-07 11:06:26 -------- d-----w- C:\Program Files (x86)\ATI Technologies
    2012-02-07 11:06:24 -------- d-----w- C:\Program Files\ATI
    2012-02-07 11:06:16 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CDD4194D-6E11-4B09-AACD-9975AA04B2ED}\mpengine.dll
    2012-02-07 11:06:15 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-02-07 11:05:28 -------- d-----w- C:\Program Files\ATI Technologies
    2012-02-07 11:04:55 -------- d-----w- C:\AMD
    2012-02-07 10:51:56 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-02-07 10:51:56 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-02-07 10:51:40 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2012-02-07 10:46:14 -------- d-----w- C:\Users\s1m0n\AppData\Roaming\DisplayFusion
    2012-02-07 10:46:11 -------- d-----w- C:\Program Files (x86)\DisplayFusion
    2012-02-07 10:41:19 468480 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-02-07 10:41:12 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-02-07 10:38:43 -------- d-sh--w- C:\Windows\Installer
    2012-02-07 10:38:13 -------- d-sh--w- C:\Recovery
    .
    ==================== Find3M ====================
    .
    2012-02-07 18:07:16 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-02-07 18:07:16 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-12-06 03:45:40 10720256 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2011-12-06 03:18:38 25371136 ----a-w- C:\Windows\System32\atio6axx.dll
    2011-12-06 03:17:50 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
    2011-12-06 03:17:36 778752 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-12-06 03:16:00 933888 ----a-w- C:\Windows\System32\aticfx64.dll
    2011-12-06 03:12:52 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2011-12-06 03:12:36 494080 ----a-w- C:\Windows\System32\atieclxx.exe
    2011-12-06 03:11:56 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
    2011-12-06 03:10:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2011-12-06 03:10:20 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2011-12-06 03:10:12 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-12-06 03:10:00 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-12-06 03:09:56 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2011-12-06 03:09:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2011-12-06 03:09:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-12-06 03:06:38 6159872 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-12-06 02:56:40 19125760 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-12-06 02:51:22 7520768 ----a-w- C:\Windows\System32\atidxx64.dll
    2011-12-06 02:39:58 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
    2011-12-06 02:39:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2011-12-06 02:39:12 4072960 ----a-w- C:\Windows\System32\atiumd6a.dll
    2011-12-06 02:34:28 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2011-12-06 02:34:24 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-12-06 02:34:16 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2011-12-06 02:34:14 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-12-06 02:34:00 13738496 ----a-w- C:\Windows\System32\aticaldd64.dll
    2011-12-06 02:33:36 5919232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-12-06 02:29:30 11484672 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-12-06 02:28:50 4206592 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-12-06 02:24:02 7511040 ----a-w- C:\Windows\System32\atiumd64.dll
    2011-12-06 02:18:46 58880 ----a-w- C:\Windows\System32\coinst.dll
    2011-12-06 02:13:02 509952 ----a-w- C:\Windows\System32\atiadlxx.dll
    2011-12-06 02:12:52 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-12-06 02:12:38 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
    2011-12-06 02:12:34 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-12-06 02:12:34 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
    2011-12-06 02:12:30 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2011-12-06 02:12:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-12-06 02:12:14 327168 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2011-12-06 02:11:24 42496 ----a-w- C:\Windows\System32\atiuxp64.dll
    2011-12-06 02:11:16 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-12-06 02:11:10 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
    2011-12-06 02:11:02 29696 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-12-06 02:10:48 54784 ----a-w- C:\Windows\System32\atimpc64.dll
    2011-12-06 02:10:48 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
    2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2011-12-06 02:10:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
    2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
    2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll
    2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
    2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
    2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
    2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
    2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
    2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
    2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
    2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    .
    ============= FINISH: 0:12:34.20 ===============
  3. s1m0n

    s1m0n TS Rookie Topic Starter Posts: 24

    Malware Bytes:

    Malwarebytes Anti-Malware (PRO) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.07.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    s1m0n :: S1M0N-PC [administrator]

    Protection: Enabled

    2/8/2012 12:04:44 AM
    mbam-log-2012-02-08 (00-04-44).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 178783
    Time elapsed: 3 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    ----------
  4. s1m0n

    s1m0n TS Rookie Topic Starter Posts: 24

    DDS Attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/7/2012 12:43:55 PM
    System Uptime: 2/8/2012 12:03:24 AM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P6TD DELUXE
    Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz | LGA1366 | 3068/133mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 98 GiB total, 55.003 GiB free.
    D: is FIXED (NTFS) - 1863 GiB total, 600.016 GiB free.
    E: is FIXED (NTFS) - 1863 GiB total, 732.904 GiB free.
    F: is FIXED (NTFS) - 466 GiB total, 397.098 GiB free.
    G: is FIXED (NTFS) - 0 GiB total, 0.068 GiB free.
    H: is FIXED (NTFS) - 834 GiB total, 282.262 GiB free.
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_00000000&REV_04\4&37C265C7&0&0008
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_00000000&REV_04\4&37C265C7&0&0008
    Service:
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: USB EMP Audio Device
    Device ID: USB\VID_EB1A&PID_2861&MI_01\6&27BFB38&0&0001
    Manufacturer: eMPIA Technology - Audio
    Name: USB EMP Audio Device
    PNP Device ID: USB\VID_EB1A&PID_2861&MI_01\6&27BFB38&0&0001
    Service: emAudio
    .
    ==== System Restore Points ===================
    .
    RP190: 7/31/2011 7:00:33 PM - Windows Backup
    RP191: 8/4/2011 3:00:10 AM - Windows Update
    RP192: 8/5/2011 3:40:45 PM - CheckIfInstallerIsBusy
    RP193: 8/5/2011 3:41:37 PM - Windows Live Essentials
    RP194: 8/5/2011 3:42:27 PM - Installed DirectX
    RP195: 8/5/2011 3:42:42 PM - Installed DirectX
    RP196: 8/5/2011 3:43:13 PM - WLSetup
    RP197: 8/7/2011 3:08:04 AM - Windows Update
    RP198: 8/7/2011 7:00:53 PM - Windows Backup
    RP10: 2/7/2012 7:37:01 PM - Windows 7 Service Pack 1
    RP11: 2/7/2012 7:39:04 PM - Windows Update
    RP12: 2/7/2012 11:04:34 PM - Windows Update
    RP13: 2/7/2012 11:11:46 PM - Windows Update
    RP14: 2/7/2012 11:15:11 PM - Windows Update
    RP15: 2/7/2012 11:21:31 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Shockwave Player 11.5
    CameraHelperMsi
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    D3DX10
    DisplayFusion 3.4.1
    erLT
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Java(TM) 6 Update 21
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 10.0 (x86 en-US)
    MSVCRT
    RoboForm 7-7-0 (All Users)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype Click to Call
    Skype™ 5.8
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Winamp
    Winamp Detector Plug-in
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/8/2012 12:03:59 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    2/7/2012 8:53:18 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.119.1479.0, AS: 1.119.1479.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.8001.0, NIS: 2.0.7707.0
    2/7/2012 8:23:42 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: s1m0n-PC\s1m0n Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.119.1479.0, AS: 1.119.1479.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.8001.0, NIS: 2.0.7707.0
    2/7/2012 8:23:02 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    2/7/2012 8:20:51 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: s1m0n-PC\s1m0n Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator.
  5. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    GMER log is missing so please provide that.

    Then.....

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
  6. s1m0n

    s1m0n TS Rookie Topic Starter Posts: 24

    ListParts by Farbar
    Ran by s1m0n on 08-02-2012 at 08:04:26
    Windows 7 (X64)
    Running From: C:\Users\s1m0n\Desktop
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 12%
    Total physical RAM: 12279.12 MB
    Available physical RAM: 10705.1 MB
    Total Pagefile: 24556.43 MB
    Available Pagefile: 22671.82 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    2 Drive c: () (Fixed) (Total:97.56 GB) (Free:53.68 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
    3 Drive d: (Content) (Fixed) (Total:1863.01 GB) (Free:600.02 GB) NTFS
    4 Drive e: (GRADUS) (Fixed) (Total:1863.01 GB) (Free:732.9 GB) NTFS
    5 Drive f: () (Fixed) (Total:465.75 GB) (Free:397.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    6 Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    7 Drive h: (Downloads) (Fixed) (Total:833.76 GB) (Free:282.26 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 1863 GB 0 B
    Disk 2 Online 465 GB 9 MB
    Disk 3 Online 1863 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 97 GB 101 MB
    Partition 2 Primary 100 MB 97 GB
    Partition 3 Primary 833 GB 97 GB
    Partition 4 Primary 1744 KB 931 GB

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 97 GB Healthy System (partition with boot components)

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 G System Rese NTFS Partition 100 MB Healthy

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 H Downloads NTFS Partition 833 GB Healthy

    Disk: 0
    Partition 4
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1863 GB 1024 KB

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 D Content NTFS Partition 1863 GB Healthy

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 31 KB

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 F NTFS Partition 465 GB Healthy

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1863 GB 1024 KB

    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 E GRADUS NTFS Partition 1863 GB Healthy



    ****** End Of Log ******



    I Run GMER but it produces no log and does nothing after it runs....
  7. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    You have TDL rootkit there.

    WARNING!
    Proceed with extreme caution!
    Deleting wrong partition will result with your computer being unusable.
    If you have any doubts, ask.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Download GETxPUD.exe to the desktop of your clean computer

    • Double click on GETxPUD.exe
    • A new folder will appear on the desktop.
    • Open the GETxPUD folder and click on the get&burn.bat
    • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
    • Insert blank CD into your CD drive.
    • Click on Start and follow the prompts to burn the image to a CD.
    • Boot bad computer from the CD
    • Press Tool at the top
    • Choose Open Terminal
    • Type parted /dev/sda set 1 boot on
    • Press Enter
    • Type parted /dev/sda rm 4
    • Press Enter
    • Remove xPUD CD, reboot, run aswMBR and post the log
  8. s1m0n

    s1m0n TS Rookie Topic Starter Posts: 24

    I Burned it on CLEAN pc, loaded BAD pc from it, it asked me to select lang, i choose english... and then i got here:

    http://i.imgur.com/9SM5o.jpg

    there is some error or something? or this IS the terminal i should write in?
  9. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    We'll try different way....

    Download Download gparted-live-0.11.0-7.iso (119.8 MB)

    Burn it to a CD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    Boot off of the newly created Gparted CD.

    You should be here:
    [​IMG]
    Press Enter.

    By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER:
    [​IMG]

    Choose your language and press ENTER. English is default [33]:
    [​IMG]

    Once again, at this prompt, press ENTER:
    [​IMG]

    You will now be taken to the main GUI screen below:
    [​IMG]
    According to your logs, the partition that you want to delete is the small partition of 1744 KB.
    Click on it to highlight it.
    Click the trash can icon to delete and then click Apply.

    You should now be here confirming your actions:
    [​IMG]

    Now you should be here:
    [​IMG]

    Is "boot" next to your OS drive?
    [​IMG]

    If "boot" is NOT next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags.

    In the menu that pops up, place a checkmark in boot like the picture below:
    [​IMG]

    Now double-click the [​IMG] button.

    You should receive a small pop up like this:
    [​IMG]

    Choose reboot and then press OK.
  10. s1m0n

    s1m0n TS Rookie Topic Starter Posts: 24

    I did it all and it`s the first time i actually loaded my pc and DIDNT have this virus pop on me, i scanned the system and its seems i`m virus free finally!

    Thank you so so much!!!!!!!!!
  11. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Very good but we're absolutely not done :)

    Post new aswMBR log and....

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  12. s1m0n

    s1m0n TS Rookie Topic Starter Posts: 24

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 64
    -bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
  13. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    ...
  14. s1m0n

    s1m0n TS Rookie Topic Starter Posts: 24

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-08 20:43:26
    -----------------------------
    20:43:26.585 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:43:26.585 Number of processors: 8 586 0x1A05
    20:43:26.586 ComputerName: S1M0N-PC UserName: s1m0n
    20:43:27.262 Initialize success
    20:45:02.249 AVAST engine defs: 12020800
    20:45:06.624 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    20:45:06.627 Disk 0 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953869MB BusType: 3
    20:45:06.630 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
    20:45:06.632 Disk 1 Vendor: WDC_WD20EARS-00J2GB0 80.00A80 Size: 1907729MB BusType: 3
    20:45:06.636 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-3
    20:45:06.639 Disk 2 Vendor: Hitachi_HDP725050GLA360 GM4OA52A Size: 476940MB BusType: 3
    20:45:06.643 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T0L0-4
    20:45:06.647 Disk 3 Vendor: WDC_WD20EARS-00J2GB0 80.00A80 Size: 1907729MB BusType: 3
    20:45:06.660 Disk 0 MBR read successfully
    20:45:06.664 Disk 0 MBR scan
    20:45:06.729 Disk 0 Windows 7 default MBR code
    20:45:06.741 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99900 MB offset 206848
    20:45:06.774 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100 MB offset 204802048
    20:45:06.803 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 853767 MB offset 205006848
    20:45:06.824 Service scanning
    20:45:07.537 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    20:45:07.586 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    20:45:08.121 Modules scanning
    20:45:08.127 Disk 0 trace - called modules:
    20:45:08.136 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800aa942c0]<<sprm.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    20:45:08.142 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800aed7790]
    20:45:08.148 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa800ac08e40]
    20:45:08.154 5 ACPI.sys[fffff88000f007a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800ac0d060]
    20:45:08.160 \Driver\atapi[0xfffffa800abe82c0] -> IRP_MJ_CREATE -> 0xfffffa800aa942c0
    20:45:08.842 AVAST engine scan C:\Windows
    20:45:10.734 AVAST engine scan C:\Windows\system32
    20:47:31.461 AVAST engine scan C:\Windows\system32\drivers
    20:47:42.537 AVAST engine scan C:\Users\s1m0n
    20:52:08.774 AVAST engine scan C:\ProgramData
    20:52:24.159 Scan finished successfully
    20:52:34.841 Disk 0 MBR has been saved successfully to "C:\Users\s1m0n\Desktop\MBR.dat"
    20:52:34.882 The log file has been saved successfully to "C:\Users\s1m0n\Desktop\aswMBR.txt"
  15. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  16. s1m0n

    s1m0n TS Rookie Topic Starter Posts: 24

    ComboFix 12-02-08.02 - s1m0n 02/08/2012 21:04:37.1.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.10116 [GMT 2:00]
    Running from: c:\users\s1m0n\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-08 19:07 . 2012-02-08 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-08 18:36 . 2012-02-08 18:36 -------- d-----w- c:\program files\Common Files\ATI Technologies
    2012-02-08 18:35 . 2012-02-08 18:35 -------- d-----w- C:\ATI
    2012-02-08 18:34 . 2012-02-08 18:34 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2012-02-08 18:33 . 2012-02-08 18:33 -------- d-----w- c:\program files\Microsoft IntelliType Pro
    2012-02-08 18:25 . 2012-02-08 18:25 -------- d-----w- c:\program files (x86)\Renesas Electronics
    2012-02-08 18:24 . 2012-02-08 18:24 -------- d-----w- c:\programdata\Downloaded Installations
    2012-02-08 18:21 . 2012-02-08 18:21 -------- d-----w- c:\program files (x86)\Driver-Soft
    2012-02-08 18:08 . 2012-02-08 18:13 -------- d-----w- c:\programdata\DriverGenius
    2012-02-08 18:07 . 2012-02-08 18:09 -------- d-----w- c:\program files (x86)\Driver Genius
    2012-02-08 18:04 . 2012-02-08 18:04 -------- d-----w- c:\program files\Frameworkx
    2012-02-08 17:59 . 2012-02-08 17:59 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
    2012-02-08 17:49 . 2012-02-08 17:49 -------- d-----w- c:\programdata\SonicFocus
    2012-02-08 17:49 . 2012-02-08 17:49 -------- d-----w- c:\program files (x86)\Analog Devices
    2012-02-08 15:16 . 2012-02-08 15:16 -------- d-----w- c:\program files (x86)\Express Gate
    2012-02-08 15:16 . 2012-02-08 15:16 -------- d-----w- C:\ASUS.SYS
    2012-02-08 15:16 . 2012-02-08 15:26 -------- d-----w- C:\temp
    2012-02-08 15:16 . 2012-02-08 15:26 -------- d-----w- C:\dvmexp
    2012-02-08 15:12 . 2012-02-08 17:35 -------- d-----w- c:\program files\ASUS
    2012-02-08 15:06 . 2012-02-08 15:06 -------- d-----w- c:\windows\AsusInstAll
    2012-02-08 14:59 . 2012-02-08 15:00 -------- d-----w- c:\program files (x86)\Your Uninstaller! 7
    2012-02-08 14:58 . 2012-02-08 14:58 419840 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-02-08 14:58 . 2012-02-08 14:58 -------- d-----w- c:\program files (x86)\Creative
    2012-02-08 14:58 . 2012-02-08 14:58 133632 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-02-08 14:58 . 2008-09-17 13:07 1503232 ------w- c:\windows\SysWow64\adi_oal.dll
    2012-02-08 14:58 . 2008-09-17 13:11 1828352 ------w- c:\windows\system32\adi_oal.dll
    2012-02-08 14:56 . 2012-02-08 15:05 -------- d-----w- c:\programdata\Norton
    2012-02-08 14:43 . 2012-02-08 14:43 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2012-02-08 14:34 . 2012-01-05 19:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A289343F-84CA-49E9-A8EE-A70F70BBFCBC}\mpengine.dll
    2012-02-08 14:25 . 2012-02-08 14:25 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
    2012-02-08 14:25 . 2012-02-08 14:44 -------- d-----w- c:\programdata\Microsoft Help
    2012-02-08 14:25 . 2012-02-08 14:25 -------- d-----r- C:\MSOCache
    2012-02-08 14:16 . 2012-02-08 14:16 -------- d-----w- c:\program files (x86)\Passware
    2012-02-08 14:16 . 2012-02-08 14:16 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
    2012-02-08 14:16 . 2012-02-08 14:16 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
    2012-02-08 14:15 . 2012-02-08 14:15 -------- d-----w- c:\programdata\DAEMON Tools Lite
    2012-02-08 14:01 . 2009-07-16 09:38 15416 ----a-w- c:\windows\system32\drivers\ASACPI.sys
    2012-02-08 13:27 . 2009-09-30 03:33 24576 ----a-r- c:\windows\SysWow64\AsIO.dll
    2012-02-08 13:27 . 2009-08-04 02:28 13440 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys
    2012-02-08 13:27 . 2009-07-06 08:48 13368 ----a-w- c:\windows\SysWow64\drivers\AsUpIO.sys
    2012-02-08 13:10 . 2012-02-08 13:10 -------- d-----w- c:\program files (x86)\Intel
    2012-02-08 13:10 . 2009-06-16 10:05 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
    2012-02-08 13:08 . 2012-02-08 13:08 -------- d-----w- C:\Intel
    2012-02-08 13:00 . 2012-02-08 18:25 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
    2012-02-08 13:00 . 2012-02-08 15:12 -------- d-----w- c:\program files (x86)\ASUS
    2012-02-08 13:00 . 2010-05-05 14:38 14592 ----a-w- c:\windows\system32\drivers\AiCharger.sys
    2012-02-08 13:00 . 2012-02-08 14:58 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
    2012-02-08 12:59 . 2012-02-08 18:27 -------- d-----w- c:\program files (x86)\Marvell
    2012-02-07 22:28 . 2012-01-05 19:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-07 21:49 . 2012-02-07 21:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-02-07 21:49 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-07 21:31 . 2012-02-07 21:31 -------- d-----w- c:\windows\SysWow64\ru
    2012-02-07 21:31 . 2012-02-07 21:31 -------- d-----w- c:\windows\SysWow64\drivers\ru-RU
    2012-02-07 21:31 . 2012-02-07 21:31 -------- d-----w- c:\windows\SysWow64\wbem\ru-RU
    2012-02-07 21:31 . 2012-02-07 21:31 -------- d-----w- c:\windows\system32\drivers\UMDF\ru-RU
    2012-02-07 21:31 . 2012-02-07 21:31 -------- d-----w- c:\windows\system32\drivers\ru-RU
    2012-02-07 21:31 . 2012-02-07 21:31 -------- d-----w- c:\windows\system32\wbem\ru-RU
    2012-02-07 21:31 . 2012-02-07 21:31 -------- d-----w- c:\windows\system32\ru
    2012-02-07 21:31 . 2012-02-07 21:31 -------- d-----w- c:\windows\ru-RU
    2012-02-07 21:28 . 2009-07-13 17:06 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\ru-RU\LXKPTPRC.DLL.mui
    2012-02-07 21:26 . 2012-02-07 21:31 -------- d-----w- c:\windows\SysWow64\XPSViewer
    2012-02-07 21:26 . 2012-02-07 21:26 -------- d-----w- c:\windows\SysWow64\he
    2012-02-07 21:26 . 2012-02-07 21:26 -------- d-----w- c:\windows\SysWow64\drivers\he-IL
    2012-02-07 21:26 . 2012-02-07 21:26 -------- d-----w- c:\windows\SysWow64\wbem\he-IL
    2012-02-07 21:26 . 2012-02-07 21:26 -------- d-----w- c:\windows\system32\he
    2012-02-07 21:26 . 2012-02-07 21:26 -------- d-----w- c:\windows\system32\drivers\UMDF\he-IL
    2012-02-07 21:26 . 2012-02-07 21:26 -------- d-----w- c:\windows\system32\drivers\he-IL
    2012-02-07 21:26 . 2012-02-07 21:26 -------- d-----w- c:\windows\system32\wbem\he-IL
    2012-02-07 21:26 . 2012-02-07 21:26 -------- d-----w- c:\windows\he-IL
    2012-02-07 21:22 . 2009-07-13 16:53 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\he-IL\LXKPTPRC.DLL.mui
    2012-02-07 20:22 . 2012-02-07 10:43 -------- d-----w- c:\windows\Panther
    2012-02-07 20:22 . 2012-02-07 18:16 -------- d-----w- C:\Boot
    2012-02-07 18:55 . 2012-02-07 21:00 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-07 18:31 . 2012-02-07 18:31 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-07 17:39 . 2012-02-07 17:39 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF30BF7C-EF1C-4F57-B5A3-F603B9830E62}\gapaengine.dll
    2012-02-07 17:38 . 2012-02-07 17:38 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-02-07 17:38 . 2012-02-07 17:38 -------- d-----w- c:\program files\Microsoft Security Client
    2012-02-07 17:38 . 2012-02-07 17:38 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
    2012-02-07 17:37 . 2012-02-07 17:37 -------- d-----w- c:\windows\system32\SPReview
    2012-02-07 17:36 . 2012-02-07 17:36 -------- d-----w- c:\windows\system32\EventProviders
    2012-02-07 17:33 . 2010-11-20 13:34 363392 ----a-w- c:\windows\system32\drivers\volmgrx.sys
    2012-02-07 13:16 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2012-02-07 13:05 . 2012-02-07 13:05 -------- d-----w- c:\program files (x86)\Windows Live
    2012-02-07 13:04 . 2012-02-07 13:04 -------- d-----w- c:\windows\PCHEALTH
    2012-02-07 13:03 . 2012-02-07 13:03 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
    2012-02-07 12:01 . 2012-02-07 12:01 -------- d-----w- c:\programdata\RoboForm
    2012-02-07 11:41 . 2012-02-07 11:41 -------- d-----w- c:\program files\Google
    2012-02-07 11:41 . 2012-02-07 11:41 -------- d-----w- c:\program files (x86)\Google
    2012-02-07 11:29 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2012-02-07 11:29 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-02-07 11:29 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
    2012-02-07 11:29 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-02-07 11:29 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2012-02-07 11:26 . 2012-02-07 11:26 -------- d-----w- c:\programdata\ATI
    2012-02-07 11:25 . 2012-02-07 11:25 0 ----a-w- c:\windows\ativpsrm.bin
    2012-02-07 11:16 . 2012-02-07 11:16 -------- d-----w- c:\program files (x86)\Siber Systems
    2012-02-07 11:11 . 2012-02-07 11:11 -------- d-----w- c:\programdata\Logitech
    2012-02-07 11:11 . 2012-02-07 11:11 -------- d-----w- c:\program files (x86)\Common Files\LWS
    2012-02-07 11:11 . 2012-02-07 11:12 -------- d-----w- c:\program files (x86)\Logitech
    2012-02-07 11:11 . 2012-02-07 11:11 -------- d-----w- c:\programdata\LogiShrd
    2012-02-07 11:09 . 2012-02-07 11:09 -------- d-----r- c:\program files (x86)\Skype
    2012-02-07 11:09 . 2012-02-07 11:09 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-02-07 11:09 . 2012-02-07 11:09 -------- d-----w- c:\programdata\Skype
    2012-02-07 11:08 . 2012-02-07 11:12 -------- d-----w- c:\program files (x86)\Common Files\logishrd
    2012-02-07 11:08 . 2012-02-07 11:12 -------- d-----w- c:\program files\Common Files\logishrd
    2012-02-07 11:06 . 2012-02-07 11:06 -------- d-----w- c:\program files (x86)\ATI Technologies
    2012-02-07 11:06 . 2012-02-07 11:06 -------- d-----w- c:\program files\ATI
    2012-02-07 11:06 . 2012-01-17 02:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDD4194D-6E11-4B09-AACD-9975AA04B2ED}\mpengine.dll
    2012-02-07 11:06 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-07 11:05 . 2012-02-07 11:07 -------- d-----w- c:\program files\ATI Technologies
    2012-02-07 11:04 . 2012-02-07 11:04 -------- d-----w- C:\AMD
    2012-02-07 10:51 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-02-07 10:51 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-02-07 10:51 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
    2012-02-07 10:46 . 2012-02-07 12:40 -------- d-----w- c:\program files (x86)\DisplayFusion
    2012-02-07 10:44 . 2012-02-07 13:07 -------- d-----w- c:\users\s1m0n
    2012-02-07 10:42 . 2012-02-08 14:26 -------- d-----w- c:\program files (x86)\Microsoft.NET
    2012-02-07 10:41 . 2012-02-07 10:41 468480 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-07 10:41 . 2012-02-07 10:41 -------- d-----w- c:\program files\Java
    2012-02-07 10:41 . 2012-02-07 10:41 423656 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-02-07 10:38 . 2012-02-08 18:36 -------- d-sh--w- c:\windows\Installer
    2012-02-07 10:38 . 2012-02-07 10:38 -------- d-----w- C:\Recovery
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-07 18:07 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2012-02-07 18:07 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-02-07 13:04 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-12-06 03:45 . 2011-12-06 03:45 10720256 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2011-12-06 03:18 . 2011-12-06 03:18 25371136 ----a-w- c:\windows\system32\atio6axx.dll
    2011-12-06 03:17 . 2011-12-06 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-12-06 03:17 . 2011-12-06 03:17 778752 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2011-12-06 03:16 . 2011-12-06 03:16 933888 ----a-w- c:\windows\system32\aticfx64.dll
    2011-12-06 03:12 . 2011-12-06 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-12-06 03:12 . 2011-12-06 03:12 494080 ----a-w- c:\windows\system32\atieclxx.exe
    2011-12-06 03:11 . 2011-12-06 03:11 235520 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-12-06 03:10 . 2011-12-06 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2011-12-06 03:10 . 2011-12-06 03:10 423424 ----a-w- c:\windows\system32\atipdl64.dll
    2011-12-06 03:10 . 2011-12-06 03:10 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2011-12-06 03:10 . 2011-12-06 03:10 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2011-12-06 03:09 . 2011-12-06 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2011-12-06 03:09 . 2011-12-06 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2011-12-06 03:09 . 2011-12-06 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2011-12-06 03:06 . 2011-12-06 03:06 6159872 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2011-12-06 02:56 . 2011-12-06 02:56 19125760 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2011-12-06 02:51 . 2011-12-06 02:51 7520768 ----a-w- c:\windows\system32\atidxx64.dll
    2011-12-06 02:39 . 2011-12-06 02:39 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
    2011-12-06 02:39 . 2011-12-06 02:39 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2011-12-06 02:39 . 2011-12-06 02:39 4072960 ----a-w- c:\windows\system32\atiumd6a.dll
    2011-12-06 02:34 . 2011-12-06 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2011-12-06 02:34 . 2011-12-06 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2011-12-06 02:34 . 2011-12-06 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2011-12-06 02:34 . 2011-12-06 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2011-12-06 02:34 . 2011-12-06 02:34 13738496 ----a-w- c:\windows\system32\aticaldd64.dll
    2011-12-06 02:33 . 2011-12-06 02:33 5919232 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2011-12-06 02:29 . 2011-12-06 02:29 11484672 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2011-12-06 02:28 . 2011-12-06 02:28 4206592 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2011-12-06 02:24 . 2011-12-06 02:24 7511040 ----a-w- c:\windows\system32\atiumd64.dll
    2011-12-06 02:18 . 2011-12-06 02:18 58880 ----a-w- c:\windows\system32\coinst.dll
    2011-12-06 02:13 . 2011-12-06 02:13 509952 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-12-06 02:12 . 2011-12-06 02:12 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2011-12-06 02:12 . 2011-12-06 02:12 17408 ----a-w- c:\windows\system32\atig6pxx.dll
    2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\system32\atiglpxx.dll
    2011-12-06 02:12 . 2011-12-06 02:12 39936 ----a-w- c:\windows\system32\atig6txx.dll
    2011-12-06 02:12 . 2011-12-06 02:12 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2011-12-06 02:12 . 2011-12-06 02:12 327168 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-12-06 02:11 . 2011-12-06 02:11 42496 ----a-w- c:\windows\system32\atiuxp64.dll
    2011-12-06 02:11 . 2011-12-06 02:11 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2011-12-06 02:11 . 2011-12-06 02:11 39936 ----a-w- c:\windows\system32\atiu9p64.dll
    2011-12-06 02:11 . 2011-12-06 02:11 29696 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\atimpc64.dll
    2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\amdpcom64.dll
    2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2011-12-06 02:10 . 2011-12-06 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-07 39408]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-01-31 17147528]
    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-02-07 107000]
    "DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2012-01-12 2789280]
    "Aim"="e:\program files\AIM\aim.exe" [2011-05-03 4321112]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    "Infium"="e:\program files\QIP 2010\qip.exe" [2011-12-28 7318992]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-04 465536]
    "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]
    S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 MDES;DVM Meta Data Export Service;c:\asus.sys\CONFIG\DVMExportService.exe [2009-03-24 319488]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 11:41]
    .
    2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 11:41]
    .
    2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75002929-81291-3837428588-1001Core.job
    - c:\users\s1m0n\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 11:18]
    .
    2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75002929-81291-3837428588-1001UA.job
    - c:\users\s1m0n\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 11:18]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    TCP: DhcpNameServer = 192.168.14.1
    FF - ProfilePath - c:\users\s1m0n\AppData\Roaming\Mozilla\Firefox\Profiles\7eye2j3i.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-TaskTray - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\ASUS\Six Engine\SixEngine.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-08 21:12:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-08 19:12
    .
    Pre-Run: 51,153,313,792 bytes free
    Post-Run: 51,551,051,776 bytes free
    .
    - - End Of File - - CA610A9206B99E6ED5C9ED5AA1AF7FF4
  17. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Looks good :)

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  18. s1m0n

    s1m0n TS Rookie Topic Starter Posts: 24

    OTL Part1

    OTL logfile created on: 2/8/2012 9:46:08 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\s1m0n\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    11.99 Gb Total Physical Memory | 9.69 Gb Available Physical Memory | 80.80% Memory free
    23.98 Gb Paging File | 21.62 Gb Available in Paging File | 90.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 97.56 Gb Total Space | 48.43 Gb Free Space | 49.65% Space Free | Partition Type: NTFS
    Drive D: | 1863.01 Gb Total Space | 599.05 Gb Free Space | 32.15% Space Free | Partition Type: NTFS
    Drive E: | 1863.01 Gb Total Space | 735.21 Gb Free Space | 39.46% Space Free | Partition Type: NTFS
    Drive F: | 465.75 Gb Total Space | 407.18 Gb Free Space | 87.42% Space Free | Partition Type: NTFS
    Drive G: | 100.00 Mb Total Space | 69.51 Mb Free Space | 69.51% Space Free | Partition Type: NTFS
    Drive H: | 833.76 Gb Total Space | 282.40 Gb Free Space | 33.87% Space Free | Partition Type: NTFS
    Drive K: | 1863.01 Gb Total Space | 977.94 Gb Free Space | 52.49% Space Free | Partition Type: NTFS

    Computer Name: S1M0N-PC | User Name: s1m0n | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/08 21:37:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\s1m0n\Desktop\OTL.exe
    PRC - [2012/02/07 14:01:38 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    PRC - [2012/02/07 13:41:48 | 000,307,312 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2012/02/07 12:40:45 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/01/12 11:54:26 | 000,095,640 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\AppHookx86.exe
    PRC - [2011/12/28 14:27:20 | 007,318,992 | ---- | M] (QIP) -- E:\Program Files\QIP 2010\qip.exe
    PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/05/03 17:43:14 | 004,321,112 | ---- | M] (AOL Inc.) -- E:\Program Files\AIM\aim.exe
    PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2010/05/04 19:50:58 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
    PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2009/10/02 19:42:22 | 006,154,240 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
    PRC - [2009/08/19 13:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    PRC - [2009/03/24 12:36:36 | 000,319,488 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\CONFIG\DVMExportService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/28 14:27:40 | 000,958,416 | ---- | M] () -- E:\Program Files\QIP 2010\Protos\Social\Social.dll
    MOD - [2011/12/28 14:27:36 | 001,641,424 | ---- | M] () -- E:\Program Files\QIP 2010\Protos\MRA\mra.dll
    MOD - [2011/12/28 14:27:36 | 000,049,104 | ---- | M] () -- E:\Program Files\QIP 2010\Protos\MRA\pics.dll
    MOD - [2011/12/28 14:27:30 | 002,523,600 | ---- | M] () -- E:\Program Files\QIP 2010\Protos\InfICQ\inficq.dll
    MOD - [2011/12/28 14:27:28 | 000,824,272 | ---- | M] () -- E:\Program Files\QIP 2010\Plugins\qipradio\qipradio.dll
    MOD - [2011/12/28 14:27:28 | 000,175,056 | ---- | M] () -- E:\Program Files\QIP 2010\Plugins\ogorod\ogorod.dll
    MOD - [2011/12/28 14:27:28 | 000,140,240 | ---- | M] () -- E:\Program Files\QIP 2010\Plugins\cards\cards.dll
    MOD - [2011/12/28 14:27:28 | 000,058,832 | ---- | M] () -- E:\Program Files\QIP 2010\Plugins\Win7Helper\Win7Helper.dll
    MOD - [2011/12/28 14:27:22 | 004,659,664 | ---- | M] () -- E:\Program Files\QIP 2010\Core\voip.dll
    MOD - [2011/05/03 17:38:52 | 000,176,128 | ---- | M] () -- E:\Program Files\AIM\nssckbi.dll
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2009/09/30 05:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
    MOD - [2009/08/27 19:41:46 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\pngio.dll
    MOD - [2009/08/27 19:41:46 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\AsSpindownTimeout.dll
    MOD - [2009/04/22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\AsusService.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/12/06 05:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/06/05 11:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
    SRV - [2012/01/31 15:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/08/19 13:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
    SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/03/24 12:36:36 | 000,319,488 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\CONFIG\DVMExportService.exe -- (MDES)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/02/08 16:16:34 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/12/06 05:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/12/06 04:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/10/17 19:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/08/19 09:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Pro Webcam C910(UVC)
    DRV:64bit: - [2011/08/19 09:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2011/08/19 09:27:22 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
    DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/09/23 11:11:28 | 000,394,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2010/08/20 03:45:28 | 000,654,720 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
    DRV:64bit: - [2010/08/20 03:44:48 | 000,943,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
    DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2010/05/05 16:38:26 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
    DRV:64bit: - [2009/07/16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/05 11:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV:64bit: - [2009/05/12 00:49:10 | 000,178,728 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
    DRV:64bit: - [2008/04/03 09:02:16 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
    DRV - [2012/02/08 21:18:52 | 000,035,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57B901B1-74D8-4E6E-B772-A3DBC5E7D85E}\MpKsl72f25df7.sys -- (MpKsl72f25df7)
    DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 4C 0F 58 8D E5 CC 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========


    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\s1m0n\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\s1m0n\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/02/07 14:01:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/07 13:21:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/07 14:58:31 | 000,000,000 | ---D | M]

    [2012/02/07 13:21:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\s1m0n\AppData\Roaming\Mozilla\Extensions
    [2012/02/07 13:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/01/29 17:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/12/09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
    [2012/01/29 15:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/01/29 15:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\s1m0n\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\s1m0n\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\s1m0n\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
    CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll
    CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\s1m0n\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
    CHR - Extension: Google Search = C:\Users\s1m0n\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: Gmail = C:\Users\s1m0n\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/02/08 21:09:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKCU..\Run: [Aim] E:\Program Files\AIM\aim.exe (AOL Inc.)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
    O4 - HKCU..\Run: [Infium] E:\Program Files\QIP 2010\qip.exe (QIP)
    O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (SysInfo Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.14.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAD6EBC1-9E99-4501-86F3-557970E0CB69}: DhcpNameServer = 192.168.14.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/08 21:37:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\s1m0n\Desktop\OTL.exe
    [2012/02/08 21:27:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012/02/08 21:16:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/02/08 21:12:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/02/08 21:03:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/08 21:03:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/08 21:03:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/08 21:03:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/02/08 20:57:05 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/08 20:54:20 | 004,399,064 | R--- | C] (Swearware) -- C:\Users\s1m0n\Desktop\ComboFix.exe
    [2012/02/08 20:42:14 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\s1m0n\Desktop\boot_cleaner.exe
    [2012/02/08 20:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
    [2012/02/08 20:35:14 | 000,000,000 | ---D | C] -- C:\ATI
    [2012/02/08 20:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
    [2012/02/08 20:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
    [2012/02/08 20:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
    [2012/02/08 20:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
    [2012/02/08 20:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
    [2012/02/08 20:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
    [2012/02/08 20:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
    [2012/02/08 20:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
    [2012/02/08 20:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
    [2012/02/08 20:19:55 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\Documents\DriverGenius
    [2012/02/08 20:11:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DriverGenius
    [2012/02/08 20:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
    [2012/02/08 20:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Genius
    [2012/02/08 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Frameworkx.com
    [2012/02/08 20:04:46 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Frameworkx
    [2012/02/08 20:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\Frameworkx
    [2012/02/08 19:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
    [2012/02/08 19:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus
    [2012/02/08 19:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Analog Devices
    [2012/02/08 17:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Gate
    [2012/02/08 17:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Express Gate
    [2012/02/08 17:16:32 | 000,000,000 | ---D | C] -- C:\ASUS.SYS
    [2012/02/08 17:16:29 | 000,000,000 | -H-D | C] -- C:\dvmexp
    [2012/02/08 17:16:29 | 000,000,000 | ---D | C] -- C:\temp
    [2012/02/08 17:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
    [2012/02/08 17:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
    [2012/02/08 17:10:14 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
    [2012/02/08 17:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marvell
    [2012/02/08 17:06:04 | 000,000,000 | ---D | C] -- C:\Windows\AsusInstAll
    [2012/02/08 17:00:04 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\URSoft
    [2012/02/08 17:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2012/02/08 16:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
    [2012/02/08 16:59:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Your Uninstaller! 7
    [2012/02/08 16:58:39 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2012/02/08 16:58:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
    [2012/02/08 16:58:37 | 001,503,232 | ---- | C] (Creative) -- C:\Windows\SysWow64\adi_oal.dll
    [2012/02/08 16:58:36 | 001,828,352 | ---- | C] (Creative) -- C:\Windows\SysNative\adi_oal.dll
    [2012/02/08 16:57:47 | 000,174,592 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFProc64.dll
    [2012/02/08 16:57:47 | 000,122,880 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFFXCPStr.dll
    [2012/02/08 16:57:47 | 000,078,848 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFSAPO64.dll
    [2012/02/08 16:57:46 | 000,163,840 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFCTPL64.dll
    [2012/02/08 16:57:46 | 000,078,336 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFHAPO64.dll
    [2012/02/08 16:57:46 | 000,069,120 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFComm64.dll
    [2012/02/08 16:57:46 | 000,059,392 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFMAPO64.dll
    [2012/02/08 16:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2012/02/08 16:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2012/02/08 16:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2012/02/08 16:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2012/02/08 16:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2012/02/08 16:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
    [2012/02/08 16:25:23 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Microsoft Help
    [2012/02/08 16:25:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2012/02/08 16:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2012/02/08 16:25:08 | 000,000,000 | R--D | C] -- C:\MSOCache
    [2012/02/08 16:16:35 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Passware
    [2012/02/08 16:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passware
    [2012/02/08 16:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Passware
    [2012/02/08 16:16:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
    [2012/02/08 16:15:55 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\DAEMON Tools Lite
    [2012/02/08 16:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
    [2012/02/08 15:10:25 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
    [2012/02/08 15:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
    [2012/02/08 15:08:52 | 000,000,000 | ---D | C] -- C:\Intel
    [2012/02/08 15:03:22 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\{3F9337FF-02B7-4CD0-B703-191E08E2B787}
    [2012/02/08 15:03:12 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\{80A1A57C-2727-4C83-805D-6298DEE7AE12}
    [2012/02/08 15:00:29 | 000,014,592 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysNative\drivers\AiCharger.sys
    [2012/02/08 15:00:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
    [2012/02/08 15:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
    [2012/02/08 15:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
    [2012/02/08 14:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
    [2012/02/08 14:24:18 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\ElevatedDiagnostics
    [2012/02/07 23:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/02/07 23:49:18 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/02/07 23:49:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/02/07 23:31:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ru-RU
    [2012/02/07 23:31:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ru
    [2012/02/07 23:31:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
    [2012/02/07 23:31:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ru
    [2012/02/07 23:31:12 | 000,000,000 | ---D | C] -- C:\Windows\ru-RU
    [2012/02/07 23:28:09 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\ru-RU\pscr.sys.mui
    [2012/02/07 23:28:01 | 000,002,560 | ---- | C] (Корпорация Майкрософт) -- C:\Windows\SysNative\drivers\ru-RU\mountmgr.sys.mui
    [2012/02/07 23:27:58 | 000,002,560 | ---- | C] (Корпорация Майкрософт) -- C:\Windows\SysNative\drivers\ru-RU\volmgrx.sys.mui
    [2012/02/07 23:27:57 | 000,010,752 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ru-RU\BrSerId.sys.mui
    [2012/02/07 23:27:57 | 000,010,752 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ru-RU\BrSerIb.sys.mui
    [2012/02/07 23:27:57 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ru-RU\BrParwdm.sys.mui
    [2012/02/07 23:26:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
    [2012/02/07 23:26:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\he-IL
    [2012/02/07 23:26:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\he
    [2012/02/07 23:26:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\he
    [2012/02/07 23:26:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
    [2012/02/07 23:26:11 | 000,000,000 | ---D | C] -- C:\Windows\he-IL
    [2012/02/07 23:22:41 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\he-IL\pscr.sys.mui
    [2012/02/07 23:22:20 | 000,008,704 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\he-IL\BrSerId.sys.mui
    [2012/02/07 23:22:20 | 000,008,704 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\he-IL\BrSerIb.sys.mui
    [2012/02/07 23:22:20 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\he-IL\BrParwdm.sys.mui
    [2012/02/07 22:28:12 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2012/02/07 22:23:54 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2012/02/07 22:23:41 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2012/02/07 22:22:25 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2012/02/07 22:22:12 | 000,000,000 | ---D | C] -- C:\Boot
    [2012/02/07 20:55:24 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/02/07 20:31:15 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Malwarebytes
    [2012/02/07 20:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/02/07 20:29:51 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\s1m0n\Desktop\TDSSKiller.exe
    [2012/02/07 19:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/02/07 19:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/02/07 19:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
    [2012/02/07 19:37:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
    [2012/02/07 19:36:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
    [2012/02/07 19:33:59 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
    [2012/02/07 19:33:54 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
    [2012/02/07 19:23:00 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\Documents\My Received Files
    [2012/02/07 15:12:07 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\AIM
    [2012/02/07 15:12:07 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\acccore
    [2012/02/07 15:10:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/02/07 15:07:50 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\{335CCFA5-AE7D-4BB8-B4C6-99E2C71FCA45}
    [2012/02/07 15:07:40 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\{01CE22F7-C3CE-41BD-B87F-E7D52F0188C0}
    [2012/02/07 15:07:28 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\Tracing
    [2012/02/07 15:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
    [2012/02/07 15:04:54 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2012/02/07 15:03:34 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Windows Live
    [2012/02/07 15:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
    [2012/02/07 14:58:31 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
    [2012/02/07 14:58:30 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Winamp
    [2012/02/07 14:04:50 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\WinRAR
    [2012/02/07 14:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
    [2012/02/07 14:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
    [2012/02/07 14:01:55 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\Documents\My RoboForm Data
    [2012/02/07 13:42:20 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Google
    [2012/02/07 13:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2012/02/07 13:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
    [2012/02/07 13:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2012/02/07 13:26:58 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\ATI
    [2012/02/07 13:26:58 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\ATI
    [2012/02/07 13:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2012/02/07 13:21:30 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Mozilla
    [2012/02/07 13:21:30 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Mozilla
    [2012/02/07 13:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/02/07 13:18:55 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/02/07 13:18:32 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Google
    [2012/02/07 13:18:25 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Deployment
    [2012/02/07 13:18:25 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Apps
    [2012/02/07 13:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
    [2012/02/07 13:15:28 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Logitech® Webcam Software
    [2012/02/07 13:12:10 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Leadertech
    [2012/02/07 13:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
    [2012/02/07 13:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LWS
    [2012/02/07 13:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    [2012/02/07 13:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
    [2012/02/07 13:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
    [2012/02/07 13:09:37 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Skype
    [2012/02/07 13:09:32 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
    [2012/02/07 13:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/02/07 13:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2012/02/07 13:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2012/02/07 13:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
    [2012/02/07 13:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
    [2012/02/07 13:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    [2012/02/07 13:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
    [2012/02/07 13:06:24 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2012/02/07 13:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
    [2012/02/07 13:04:55 | 000,000,000 | ---D | C] -- C:\AMD
    [2012/02/07 12:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
    [2012/02/07 12:51:05 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Macromedia
    [2012/02/07 12:50:10 | 000,000,000 | ---D | C] -- C:\NVIDIA
    [2012/02/07 12:46:58 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2012/02/07 12:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2012/02/07 12:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
    [2012/02/07 12:46:14 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\DisplayFusion
    [2012/02/07 12:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
    [2012/02/07 12:46:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DisplayFusion
    [2012/02/07 12:46:02 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\Documents\DisplayFusion Backups
    [2012/02/07 12:45:11 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Adobe
    [2012/02/07 12:44:17 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2012/02/07 12:44:17 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Searches
    [2012/02/07 12:44:17 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2012/02/07 12:44:17 | 000,000,000 | -H-D | C] -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2012/02/07 12:44:10 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Identities
    [2012/02/07 12:44:09 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Contacts
    [2012/02/07 12:44:06 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\VirtualStore
    [2012/02/07 12:44:03 | 000,000,000 | --SD | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft
    [2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Videos
    [2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Saved Games
    [2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Pictures
    [2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Music
    [2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Links
    [2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Favorites
    [2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Downloads
    [2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Documents
    [2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Desktop
  19. s1m0n

    s1m0n TS Rookie Topic Starter Posts: 24

    otl part2

    [2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\AppData\Local\Temporary Internet Files
    [2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\Templates
    [2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\Start Menu
    [2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\SendTo
    [2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\Recent
    [2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\PrintHood
    [2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\NetHood
    [2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\Documents\My Videos
    [2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\Documents\My Pictures
    [2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\Documents\My Music
    [2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\My Documents
    [2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\Local Settings
    [2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\AppData\Local\History
    [2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\Cookies
    [2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\Application Data
    [2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\AppData\Local\Application Data
    [2012/02/07 12:44:03 | 000,000,000 | -H-D | C] -- C:\Users\s1m0n\AppData
    [2012/02/07 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Temp
    [2012/02/07 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Microsoft
    [2012/02/07 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Media Center Programs
    [2012/02/07 12:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2012/02/07 12:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2012/02/07 12:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2012/02/07 12:40:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
    [2012/02/07 12:40:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2012/02/07 12:40:40 | 002,129,408 | ---- | C] (Python Software Foundation) -- C:\Windows\SysWow64\python31.dll
    [2012/02/07 12:40:40 | 001,017,344 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
    [2012/02/07 12:40:40 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2012/02/07 12:40:40 | 000,312,848 | ---- | C] (AutoIt Team) -- C:\Windows\SysWow64\AutoItX3.dll
    [2012/02/07 12:40:40 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
    [2012/02/07 12:40:40 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libssl32.dll
    [2012/02/07 12:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2012/02/07 12:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2012/02/07 12:38:43 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2012/02/07 12:38:13 | 000,000,000 | ---D | C] -- C:\Recovery

    ========== Files - Modified Within 30 Days ==========

    [2012/02/08 21:37:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\s1m0n\Desktop\OTL.exe
    [2012/02/08 21:25:56 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
    [2012/02/08 21:23:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-75002929-81291-3837428588-1001UA.job
    [2012/02/08 21:20:00 | 002,115,442 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/02/08 21:20:00 | 000,724,372 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
    [2012/02/08 21:20:00 | 000,662,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/02/08 21:20:00 | 000,392,632 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
    [2012/02/08 21:20:00 | 000,150,310 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
    [2012/02/08 21:20:00 | 000,122,024 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/02/08 21:20:00 | 000,084,730 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
    [2012/02/08 21:16:10 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/08 21:15:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/08 21:15:31 | 1066,754,046 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/08 21:14:09 | 000,010,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/08 21:14:09 | 000,010,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/08 21:14:09 | 000,000,038 | ---- | M] () -- C:\dvmaccounts.ini
    [2012/02/08 21:09:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/02/08 21:09:33 | 000,281,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/02/08 20:54:23 | 004,399,064 | R--- | M] (Swearware) -- C:\Users\s1m0n\Desktop\ComboFix.exe
    [2012/02/08 20:52:34 | 000,000,512 | ---- | M] () -- C:\Users\s1m0n\Desktop\MBR.dat
    [2012/02/08 20:51:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/08 20:34:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
    [2012/02/08 20:21:46 | 000,001,195 | ---- | M] () -- C:\Users\s1m0n\Desktop\Driver Genius Professional Edition.lnk
    [2012/02/08 19:10:26 | 106,838,448 | ---- | M] () -- C:\Users\s1m0n\Desktop\tigol.mp3
    [2012/02/08 17:16:55 | 000,035,982 | ---- | M] () -- C:\Windows\Ascd_log.ini
    [2012/02/08 17:12:37 | 000,000,670 | ---- | M] () -- C:\Windows\setup.iss
    [2012/02/08 17:00:03 | 000,001,060 | ---- | M] () -- C:\Users\s1m0n\Desktop\Uninstaller!.lnk
    [2012/02/08 16:58:39 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2012/02/08 16:54:48 | 000,025,261 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
    [2012/02/08 16:16:48 | 000,001,013 | ---- | M] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Asterisk Key.lnk
    [2012/02/08 16:16:34 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
    [2012/02/08 16:16:34 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    [2012/02/08 15:33:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012/02/08 15:08:52 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
    [2012/02/08 13:23:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-75002929-81291-3837428588-1001Core.job
    [2012/02/07 23:49:21 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\MBytes.lnk
    [2012/02/07 23:39:11 | 000,000,512 | ---- | M] () -- C:\Users\s1m0n\Documents\MBR.dat
    [2012/02/07 23:31:03 | 000,336,704 | ---- | M] () -- C:\Windows\SysNative\perfi019.dat
    [2012/02/07 23:31:03 | 000,039,446 | ---- | M] () -- C:\Windows\SysNative\perfd019.dat
    [2012/02/07 23:26:03 | 000,229,316 | ---- | M] () -- C:\Windows\SysNative\perfi00D.dat
    [2012/02/07 23:26:03 | 000,032,166 | ---- | M] () -- C:\Windows\SysNative\perfd00D.dat
    [2012/02/07 22:29:06 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2012/02/07 22:29:06 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2012/02/07 22:22:13 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/02/07 20:17:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2012/02/07 19:38:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/02/07 19:38:20 | 000,795,928 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/02/07 15:15:45 | 000,001,111 | ---- | M] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader - Shortcut.lnk
    [2012/02/07 15:15:44 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\s1m0n\Desktop\TDSSKiller.exe
    [2012/02/07 15:01:47 | 000,000,668 | ---- | M] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
    [2012/02/07 14:53:13 | 000,001,118 | ---- | M] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/02/07 14:53:10 | 000,002,300 | ---- | M] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/02/07 13:26:41 | 000,001,425 | ---- | M] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/02/07 13:25:33 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
    [2012/02/07 13:18:35 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/02/07 13:18:32 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/02/07 13:16:12 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2012/02/07 13:11:47 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
    [2012/02/07 13:09:37 | 000,000,410 | ---- | M] () -- C:\Windows\BRWMARK.INI
    [2012/02/07 13:09:37 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD7820N.DAT
    [2012/02/07 12:44:37 | 000,000,355 | ---- | M] () -- C:\Users\s1m0n\Desktop\Computer.lnk
    [2012/02/05 06:15:43 | 000,001,387 | ---- | M] () -- C:\Users\s1m0n\Desktop\LockIt!.lnk

    ========== Files Created - No Company Name ==========

    [2012/02/08 21:03:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/08 21:03:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/08 21:03:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/08 21:03:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/08 21:03:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/08 20:34:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
    [2012/02/08 20:21:46 | 000,001,195 | ---- | C] () -- C:\Users\s1m0n\Desktop\Driver Genius Professional Edition.lnk
    [2012/02/08 19:42:15 | 000,000,038 | ---- | C] () -- C:\dvmaccounts.ini
    [2012/02/08 19:09:48 | 106,838,448 | ---- | C] () -- C:\Users\s1m0n\Desktop\tigol.mp3
    [2012/02/08 17:26:41 | 000,000,177 | -H-- | C] () -- C:\dvmexp.idx
    [2012/02/08 17:12:00 | 000,000,670 | ---- | C] () -- C:\Windows\setup.iss
    [2012/02/08 17:00:03 | 000,001,060 | ---- | C] () -- C:\Users\s1m0n\Desktop\Uninstaller!.lnk
    [2012/02/08 16:54:59 | 000,035,982 | ---- | C] () -- C:\Windows\Ascd_log.ini
    [2012/02/08 16:54:39 | 000,025,261 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2012/02/08 16:16:48 | 000,001,013 | ---- | C] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Asterisk Key.lnk
    [2012/02/08 16:16:34 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
    [2012/02/08 16:16:34 | 000,001,938 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    [2012/02/08 16:01:43 | 000,015,416 | ---- | C] () -- C:\Windows\SysNative\drivers\ASACPI.sys
    [2012/02/08 15:33:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012/02/08 15:27:53 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2012/02/08 15:27:53 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2012/02/08 15:27:53 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
    [2012/02/08 15:08:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012/02/07 23:49:21 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\MBytes.lnk
    [2012/02/07 23:39:21 | 000,000,512 | ---- | C] () -- C:\Users\s1m0n\Desktop\MBR.dat
    [2012/02/07 23:39:11 | 000,000,512 | ---- | C] () -- C:\Users\s1m0n\Documents\MBR.dat
    [2012/02/07 23:32:21 | 000,724,372 | ---- | C] () -- C:\Windows\SysNative\perfh019.dat
    [2012/02/07 23:32:21 | 000,336,704 | ---- | C] () -- C:\Windows\SysNative\perfi019.dat
    [2012/02/07 23:32:21 | 000,150,310 | ---- | C] () -- C:\Windows\SysNative\perfc019.dat
    [2012/02/07 23:32:21 | 000,039,446 | ---- | C] () -- C:\Windows\SysNative\perfd019.dat
    [2012/02/07 23:27:22 | 000,392,632 | ---- | C] () -- C:\Windows\SysNative\perfh00D.dat
    [2012/02/07 23:27:22 | 000,229,316 | ---- | C] () -- C:\Windows\SysNative\perfi00D.dat
    [2012/02/07 23:27:22 | 000,084,730 | ---- | C] () -- C:\Windows\SysNative\perfc00D.dat
    [2012/02/07 23:27:22 | 000,032,166 | ---- | C] () -- C:\Windows\SysNative\perfd00D.dat
    [2012/02/07 22:28:50 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/02/07 22:28:45 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/02/07 22:23:41 | 1066,754,046 | -HS- | C] () -- C:\hiberfil.sys
    [2012/02/07 22:22:13 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
    [2012/02/07 22:22:12 | 000,383,786 | RHS- | C] () -- C:\bootmgr
    [2012/02/07 20:17:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2012/02/07 19:38:23 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/02/07 19:38:17 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/02/07 19:34:30 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
    [2012/02/07 19:34:22 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
    [2012/02/07 19:33:51 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
    [2012/02/07 19:33:49 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
    [2012/02/07 19:33:49 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
    [2012/02/07 19:33:45 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
    [2012/02/07 19:33:45 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
    [2012/02/07 18:34:18 | 000,001,387 | ---- | C] () -- C:\Users\s1m0n\Desktop\LockIt!.lnk
    [2012/02/07 15:15:45 | 000,001,111 | ---- | C] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader - Shortcut.lnk
    [2012/02/07 15:05:57 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    [2012/02/07 14:58:31 | 000,000,668 | ---- | C] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
    [2012/02/07 14:53:13 | 000,001,118 | ---- | C] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/02/07 14:53:10 | 000,002,300 | ---- | C] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/02/07 13:41:52 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/07 13:41:51 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/07 13:25:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/02/07 13:21:27 | 000,001,130 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/02/07 13:18:35 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/02/07 13:18:33 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-75002929-81291-3837428588-1001UA.job
    [2012/02/07 13:18:32 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/02/07 13:18:32 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-75002929-81291-3837428588-1001Core.job
    [2012/02/07 13:16:12 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
    [2012/02/07 13:11:47 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
    [2012/02/07 13:09:37 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2012/02/07 13:09:37 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7820N.DAT
    [2012/02/07 12:45:06 | 000,001,425 | ---- | C] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/02/07 12:44:37 | 000,000,355 | ---- | C] () -- C:\Users\s1m0n\Desktop\Computer.lnk
    [2012/02/07 12:44:20 | 000,001,397 | ---- | C] () -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2012/02/07 12:44:19 | 000,001,431 | ---- | C] () -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2012/02/07 12:42:59 | 000,795,928 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/02/07 12:40:40 | 000,921,665 | ---- | C] () -- C:\Windows\SysWow64\msvcrt-ruby18.dll
    [2012/02/07 12:40:40 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\vbrun100.dll
    [2012/02/07 12:40:40 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
    [2012/02/07 12:40:40 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\pythonw.exe
    [2012/02/07 12:40:40 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\python.exe
    [2012/02/07 12:40:40 | 000,020,537 | ---- | C] () -- C:\Windows\SysWow64\rubyw.exe
    [2012/02/07 12:40:40 | 000,020,536 | ---- | C] () -- C:\Windows\SysWow64\ruby.exe
    [2011/12/06 04:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2011/12/06 04:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2011/09/13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2008/12/01 18:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
    [2007/12/28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

    ========== LOP Check ==========

    [2012/02/07 15:12:17 | 000,000,000 | ---D | M] -- C:\Users\s1m0n\AppData\Roaming\acccore
    [2012/02/08 16:22:11 | 000,000,000 | ---D | M] -- C:\Users\s1m0n\AppData\Roaming\DAEMON Tools Lite
    [2012/02/07 20:28:08 | 000,000,000 | ---D | M] -- C:\Users\s1m0n\AppData\Roaming\DisplayFusion
    [2012/02/07 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\s1m0n\AppData\Roaming\Leadertech
    [2012/02/08 17:00:04 | 000,000,000 | ---D | M] -- C:\Users\s1m0n\AppData\Roaming\URSoft
    [2009/07/14 07:08:49 | 000,008,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/11/20 14:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2012/02/07 22:22:13 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/02/08 21:12:50 | 000,027,768 | ---- | M] () -- C:\ComboFix.txt
    [2012/02/08 21:14:09 | 000,000,038 | ---- | M] () -- C:\dvmaccounts.ini
    [2012/02/08 21:25:56 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
    [2012/02/08 21:15:31 | 1066,754,046 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/08 21:15:37 | 4285,652,990 | -HS- | M] () -- C:\pagefile.sys
    [2012/02/07 20:30:34 | 000,081,980 | ---- | M] () -- C:\TDSSKiller.2.7.10.0_07.02.2012_20.29.56_log.txt
    [2012/02/07 20:55:33 | 000,083,302 | ---- | M] () -- C:\TDSSKiller.2.7.10.0_07.02.2012_20.54.16_log.txt
    [2012/02/07 23:03:03 | 000,086,444 | ---- | M] () -- C:\TDSSKiller.2.7.10.0_07.02.2012_22.59.25_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/02/07 13:26:41 | 000,000,221 | -HS- | M] () -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\s1m0n\Desktop\boot_cleaner.exe
    [2012/02/08 20:54:23 | 004,399,064 | R--- | M] (Swearware) -- C:\Users\s1m0n\Desktop\ComboFix.exe
    [2012/02/08 21:37:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\s1m0n\Desktop\OTL.exe
    [2012/02/07 15:15:44 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\s1m0n\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 23:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/07 20:17:11 | 000,000,402 | -HS- | M] () -- C:\Users\s1m0n\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:1CE11B51

    < End of report >
  20. s1m0n

    s1m0n TS Rookie Topic Starter Posts: 24

    Extras1

    OTL Extras logfile created on: 2/8/2012 9:46:08 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\s1m0n\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    11.99 Gb Total Physical Memory | 9.69 Gb Available Physical Memory | 80.80% Memory free
    23.98 Gb Paging File | 21.62 Gb Available in Paging File | 90.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 97.56 Gb Total Space | 48.43 Gb Free Space | 49.65% Space Free | Partition Type: NTFS
    Drive D: | 1863.01 Gb Total Space | 599.05 Gb Free Space | 32.15% Space Free | Partition Type: NTFS
    Drive E: | 1863.01 Gb Total Space | 735.21 Gb Free Space | 39.46% Space Free | Partition Type: NTFS
    Drive F: | 465.75 Gb Total Space | 407.18 Gb Free Space | 87.42% Space Free | Partition Type: NTFS
    Drive G: | 100.00 Mb Total Space | 69.51 Mb Free Space | 69.51% Space Free | Partition Type: NTFS
    Drive H: | 833.76 Gb Total Space | 282.40 Gb Free Space | 33.87% Space Free | Partition Type: NTFS
    Drive K: | 1863.01 Gb Total Space | 977.94 Gb Free Space | 52.49% Space Free | Partition Type: NTFS

    Computer Name: S1M0N-PC | User Name: s1m0n | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "E:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "E:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "E:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "E:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "E:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "E:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
    "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
    "{9E3B2120-0BD8-9865-0387-E9BAC2A53AD3}" = ccc-utility64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{BE882A12-5A45-3DFF-9FD0-306DE65EB8A5}" = AMD Catalyst Install Manager
    "{C7311329-C491-427B-8880-133E84869B3A}" = Vista Shortcut Manager x64
    "{C9378F0F-B547-5506-165D-98F235F11514}" = ATI AVIVO64 Codecs
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "NVIDIA Drivers" = NVIDIA Drivers
  21. s1m0n

    s1m0n TS Rookie Topic Starter Posts: 24

    extras2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
    "{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
    "{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
    "{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
    "{32394A59-A39C-4C90-A9A5-F16B0C7442E1}" = Express Gate Tools
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
    "{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
    "{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7FB64E72-9B0E-4460-A821-040C341E414A}" = ASUS Ai Charger
    "{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
    "{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy
    "{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
    "{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
    "{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
    "{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = Catalyst Control Center
    "{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
    "{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
    "{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "AI RoboForm" = RoboForm 7-7-0 (All Users)
    "asterisk key" = Asterisk Key 10.0
    "B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.1
    "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
    "Host OpenAL (ADI)" = Host OpenAL (ADI)
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Marvell Miniport Driver" = Marvell Miniport Driver
    "Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
    "mv61xxDriver" = marvell 61xx
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Winamp" = Winamp
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "YU2010_is1" = Your Uninstaller! 7

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/7/2012 7:27:14 AM | Computer Name = s1m0n-PC | Source = SkypeUpdate | ID = 201
    Description = File C:\Windows\TEMP\SKY115E.tmp has invalid version.

    Error - 2/8/2012 10:16:23 AM | Computer Name = s1m0n-PC | Source = VSS | ID = 8194
    Description =

    Error - 2/8/2012 10:23:42 AM | Computer Name = s1m0n-PC | Source = MsiInstaller | ID = 11713
    Description =

    Error - 2/8/2012 10:51:14 AM | Computer Name = s1m0n-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: cc.exe, version: 0.0.0.0, time stamp: 0x2a425e19
    Faulting
    module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319 Exception
    code: 0x0eedfade Fault offset: 0x0000b9bc Faulting process id: 0x208 Faulting application
    start time: 0x01cce6711a501016 Faulting application path: C:\Users\s1m0n\AppData\Local\Temp\is-MUI4D.tmp\cc.exe
    Faulting
    module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 58727899-5264-11e1-b62a-e0cb4e98f790

    Error - 2/8/2012 11:38:21 AM | Computer Name = s1m0n-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    [ System Events ]
    Error - 2/8/2012 10:28:50 AM | Computer Name = s1m0n-PC | Source = Microsoft Antimalware | ID = 1119
    Description = %%860 has encountered a critical error when taking action on malware
    or other potentially unwanted software. For more information please see the following:
    xhttp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952

    Name:
    Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3
    (Type 17) Detection Origin: %%845 Detection Type: %%822 Detection Source: %%820 User:
    NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: %%808 Action
    Status: To finish removing malware and other potentially unwanted software, restart
    the computer. To see how to finish removing malware and other potentially unwanted
    software, see the support article on the Microsoft Security website. Error Code:
    0x800704ec Error description: This program is blocked by group policy. For more
    information, contact your system administrator. Signature Version: AV: 1.119.1486.0,
    AS: 1.119.1486.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.8001.0, NIS: 2.0.7707.0

    Error - 2/8/2012 10:49:53 AM | Computer Name = s1m0n-PC | Source = Microsoft Antimalware | ID = 1119
    Description = %%860 has encountered a critical error when taking action on malware
    or other potentially unwanted software. For more information please see the following:
    xhttp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952

    Name:
    Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\

    Detection
    Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

    Process
    Name: System Action: %%808 Action Status: To finish removing malware and other potentially
    unwanted software, restart the computer. To see how to finish removing malware
    and other potentially unwanted software, see the support article on the Microsoft
    Security website. Error Code: 0x800704ec Error description: This program is blocked
    by group policy. For more information, contact your system administrator. Signature
    Version: AV: 1.119.1558.0, AS: 1.119.1558.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.8001.0,
  22. s1m0n

    s1m0n TS Rookie Topic Starter Posts: 24

    extras3

    NIS: 2.0.7707.0

    Error - 2/8/2012 10:54:04 AM | Computer Name = s1m0n-PC | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

    Error - 2/8/2012 11:04:02 AM | Computer Name = s1m0n-PC | Source = Microsoft Antimalware | ID = 1119
    Description = %%860 has encountered a critical error when taking action on malware
    or other potentially unwanted software. For more information please see the following:
    xhttp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952

    Name:
    Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3
    (Type 17) Detection Origin: %%845 Detection Type: %%822 Detection Source: %%820 User:
    NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: %%808 Action
    Status: To finish removing malware and other potentially unwanted software, restart
    the computer. To see how to finish removing malware and other potentially unwanted
    software, see the support article on the Microsoft Security website. Error Code:
    0x800704ec Error description: This program is blocked by group policy. For more
    information, contact your system administrator. Signature Version: AV: 1.119.1558.0,
    AS: 1.119.1558.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.8001.0, NIS: 2.0.7707.0

    Error - 2/8/2012 11:15:33 AM | Computer Name = s1m0n-PC | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

    Error - 2/8/2012 11:25:29 AM | Computer Name = s1m0n-PC | Source = Microsoft Antimalware | ID = 1119
    Description = %%860 has encountered a critical error when taking action on malware
    or other potentially unwanted software. For more information please see the following:
    xhttp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952

    Name:
    Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3
    (Type 17) Detection Origin: %%845 Detection Type: %%822 Detection Source: %%820 User:
    NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: %%808 Action
    Status: To finish removing malware and other potentially unwanted software, restart
    the computer. To see how to finish removing malware and other potentially unwanted
    software, see the support article on the Microsoft Security website. Error Code:
    0x800704ec Error description: This program is blocked by group policy. For more
    information, contact your system administrator. Signature Version: AV: 1.119.1558.0,
    AS: 1.119.1558.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.8001.0, NIS: 2.0.7707.0

    Error - 2/8/2012 11:45:47 AM | Computer Name = s1m0n-PC | Source = Microsoft Antimalware | ID = 1119
    Description = %%860 has encountered a critical error when taking action on malware
    or other potentially unwanted software. For more information please see the following:
    xhttp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952

    Name:
    Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\

    Detection
    Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

    Process
    Name: System Action: %%808 Action Status: To finish removing malware and other potentially
    unwanted software, restart the computer. To see how to finish removing malware
    and other potentially unwanted software, see the support article on the Microsoft
    Security website. Error Code: 0x800704ec Error description: This program is blocked
    by group policy. For more information, contact your system administrator. Signature
    Version: AV: 1.119.1558.0, AS: 1.119.1558.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.8001.0,
    NIS: 2.0.7707.0

    Error - 2/8/2012 12:23:50 PM | Computer Name = s1m0n-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume F: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 2/8/2012 3:06:05 PM | Computer Name = s1m0n-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 2/8/2012 3:07:50 PM | Computer Name = s1m0n-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
  23. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    You didn't say:
    OTL log is perfectly clean.

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  24. s1m0n

    s1m0n TS Rookie Topic Starter Posts: 24

    No i see no special issues, all is good and i`m happy:


    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 30
    Adobe Reader X (10.1.2)
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````

    others are comming in few min.
  25. s1m0n

    s1m0n TS Rookie Topic Starter Posts: 24

    Farbar Service Scanner Version: 08-02-2012
    Ran by s1m0n (administrator) on 08-02-2012 at 23:10:01
    Running from "C:\Users\s1m0n\Desktop"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.