Solved Win7 64-bit infected with Trojan:DOS/Aluron.E

[s1m0n]

Hello everyone, my pc got infected few days ago by some virus that pretty much corrupted my windows, i have windows 7 64bit.

I formated drive C, and instaled new windows, and suddnely i noticed my Microsoft Security Essentials started reporting i`m infected with: TrojanOS/Aluron.E

No matter what i did i cant remove it, i saw you guys request logs from aswMBR & Bootkit.

So i`ve attached them:

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-07 23:38:07
-----------------------------
23:38:07.847 OS Version: Windows x64 6.1.7601 Service Pack 1
23:38:07.848 Number of processors: 8 586 0x1A05
23:38:07.849 ComputerName: S1M0N-PC UserName: s1m0n
23:38:08.552 Initialize success
23:38:20.222 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
23:38:20.224 Disk 0 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953869MB BusType: 3
23:38:20.227 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-3
23:38:20.229 Disk 1 Vendor: WDC_WD20EARS-00J2GB0 80.00A80 Size: 1907729MB BusType: 3
23:38:20.232 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T0L0-6
23:38:20.235 Disk 2 Vendor: WDC_WD20EARS-00J2GB0 80.00A80 Size: 1907729MB BusType: 3
23:38:20.239 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP4T0L0-5
23:38:20.242 Disk 3 Vendor: Hitachi_HDP725050GLA360 GM4OA52A Size: 476940MB BusType: 3
23:38:20.257 Disk 0 MBR read successfully
23:38:20.261 Disk 0 MBR scan
23:38:20.265 Disk 0 Windows 7 default MBR code
23:38:20.269 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99900 MB offset 206848
23:38:20.279 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100 MB offset 204802048
23:38:20.291 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 853767 MB offset 205006848
23:38:20.295 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 1 MB offset 1953521664
23:38:20.299 Service scanning
23:38:21.458 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
23:38:22.823 Modules scanning
23:38:22.829 Disk 0 trace - called modules:
23:38:22.840 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:38:22.846 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800adf6790]
23:38:22.853 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800abce580]
23:38:22.859 5 ACPI.sys[fffff88000f5d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800abcb060]
23:38:22.865 Scan finished successfully
23:39:11.521 Disk 0 MBR has been saved successfully to "C:\Users\s1m0n\Documents\MBR.dat"
23:39:11.563 The log file has been saved successfully to "C:\Users\s1m0n\Documents\aswMBR.txt"
23:39:21.759 Disk 0 MBR has been saved successfully to "C:\Users\s1m0n\Desktop\MBR.dat"
23:39:21.764 The log file has been saved successfully to "C:\Users\s1m0n\Desktop\aswMBR.txt"


--------


Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 64
-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


TDSKiller Log:

22:59:25.0640 4772 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
22:59:25.0897 4772 ============================================================
22:59:25.0897 4772 Current date / time: 2012/02/07 22:59:25.0897
22:59:25.0897 4772 SystemInfo:
22:59:25.0898 4772
22:59:25.0898 4772 OS Version: 6.1.7601 ServicePack: 1.0
22:59:25.0898 4772 Product type: Workstation
22:59:25.0898 4772 ComputerName: S1M0N-PC
22:59:25.0898 4772 UserName: s1m0n
22:59:25.0898 4772 Windows directory: C:\Windows
22:59:25.0898 4772 System windows directory: C:\Windows
22:59:25.0898 4772 Running under WOW64
22:59:25.0898 4772 Processor architecture: Intel x64
22:59:25.0898 4772 Number of processors: 8
22:59:25.0898 4772 Page size: 0x1000
22:59:25.0898 4772 Boot type: Normal boot
22:59:25.0898 4772 ============================================================
22:59:27.0417 4772 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:59:27.0432 4772 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:59:27.0432 4772 Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:59:27.0432 4772 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:59:27.0436 4772 \Device\Harddisk0\DR0:
22:59:27.0436 4772 MBR used
22:59:27.0436 4772 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
22:59:27.0436 4772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x32000
22:59:27.0436 4772 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC382800, BlocksNum 0x68383800
22:59:27.0437 4772 \Device\Harddisk1\DR1:
22:59:27.0437 4772 MBR used
22:59:27.0437 4772 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
22:59:27.0437 4772 \Device\Harddisk3\DR3:
22:59:27.0437 4772 MBR used
22:59:27.0437 4772 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
22:59:27.0437 4772 \Device\Harddisk2\DR2:
22:59:27.0437 4772 MBR used
22:59:27.0437 4772 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
22:59:27.0548 4772 Initialize success
22:59:27.0548 4772 ============================================================
22:59:35.0080 3496 ============================================================
22:59:35.0080 3496 Scan started
22:59:35.0080 3496 Mode: Manual; SigCheck; TDLFS;
22:59:35.0080 3496 ============================================================
22:59:36.0238 3496 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:59:36.0298 3496 1394ohci - ok
22:59:36.0333 3496 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:59:36.0351 3496 ACPI - ok
22:59:36.0379 3496 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:59:36.0428 3496 AcpiPmi - ok
22:59:36.0458 3496 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:59:36.0482 3496 adp94xx - ok
22:59:36.0497 3496 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:59:36.0516 3496 adpahci - ok
22:59:36.0524 3496 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:59:36.0541 3496 adpu320 - ok
22:59:36.0581 3496 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:59:36.0630 3496 AFD - ok
22:59:36.0651 3496 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:59:36.0663 3496 agp440 - ok
22:59:36.0677 3496 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:59:36.0686 3496 aliide - ok
22:59:36.0714 3496 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:59:36.0724 3496 amdide - ok
22:59:36.0740 3496 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:59:36.0796 3496 AmdK8 - ok
22:59:37.0066 3496 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
22:59:37.0326 3496 amdkmdag - ok
22:59:37.0346 3496 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
22:59:37.0389 3496 amdkmdap - ok
22:59:37.0409 3496 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:59:37.0434 3496 AmdPPM - ok
22:59:37.0468 3496 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:59:37.0479 3496 amdsata - ok
22:59:37.0491 3496 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:59:37.0507 3496 amdsbs - ok
22:59:37.0514 3496 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:59:37.0523 3496 amdxata - ok
22:59:37.0562 3496 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:59:37.0664 3496 AppID - ok
22:59:37.0683 3496 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:59:37.0697 3496 arc - ok
22:59:37.0703 3496 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:59:37.0717 3496 arcsas - ok
22:59:37.0733 3496 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:59:37.0826 3496 AsyncMac - ok
22:59:37.0851 3496 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:59:37.0861 3496 atapi - ok
22:59:37.0888 3496 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
22:59:37.0917 3496 AtiHDAudioService - ok
22:59:37.0944 3496 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:59:37.0988 3496 b06bdrv - ok
22:59:38.0013 3496 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:59:38.0046 3496 b57nd60a - ok
22:59:38.0068 3496 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:59:38.0100 3496 Beep - ok
22:59:38.0138 3496 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:59:38.0156 3496 blbdrive - ok
22:59:38.0179 3496 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:59:38.0210 3496 bowser - ok
22:59:38.0216 3496 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:59:38.0263 3496 BrFiltLo - ok
22:59:38.0268 3496 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:59:38.0283 3496 BrFiltUp - ok
22:59:38.0310 3496 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\system32\DRIVERS\BrSerId.sys
22:59:38.0339 3496 Brserid - ok
22:59:38.0346 3496 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:59:38.0371 3496 BrSerWdm - ok
22:59:38.0378 3496 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:59:38.0393 3496 BrUsbMdm - ok
22:59:38.0399 3496 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\DRIVERS\BrUsbSer.sys
22:59:38.0421 3496 BrUsbSer - ok
22:59:38.0428 3496 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:59:38.0455 3496 BTHMODEM - ok
22:59:38.0478 3496 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:59:38.0513 3496 cdfs - ok
22:59:38.0554 3496 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:59:38.0592 3496 cdrom - ok
22:59:38.0607 3496 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:59:38.0640 3496 circlass - ok
22:59:38.0685 3496 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:59:38.0708 3496 CLFS - ok
22:59:38.0732 3496 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:59:38.0746 3496 CmBatt - ok
22:59:38.0769 3496 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:59:38.0778 3496 cmdide - ok
22:59:38.0825 3496 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:59:38.0857 3496 CNG - ok
22:59:38.0868 3496 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:59:38.0881 3496 Compbatt - ok
22:59:38.0916 3496 CompFilter64 (403433d758c2d8908937265c1fb34f34) C:\Windows\system32\DRIVERS\lvbflt64.sys
22:59:38.0925 3496 CompFilter64 - ok
22:59:38.0947 3496 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:59:38.0963 3496 CompositeBus - ok
22:59:38.0978 3496 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:59:38.0991 3496 crcdisk - ok
22:59:39.0033 3496 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:59:39.0082 3496 CSC - ok
22:59:39.0104 3496 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:59:39.0139 3496 DfsC - ok
22:59:39.0147 3496 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:59:39.0185 3496 discache - ok
22:59:39.0205 3496 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:59:39.0216 3496 Disk - ok
22:59:39.0249 3496 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:59:39.0270 3496 drmkaud - ok
22:59:39.0304 3496 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:59:39.0327 3496 DXGKrnl - ok
22:59:39.0381 3496 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:59:39.0451 3496 ebdrv - ok
22:59:39.0465 3496 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:59:39.0489 3496 elxstor - ok
22:59:39.0515 3496 emAudio (09cdf93151ae257c40591905975c0e36) C:\Windows\system32\drivers\emAudio64.sys
22:59:39.0545 3496 emAudio - ok
22:59:39.0565 3496 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:59:39.0586 3496 ErrDev - ok
22:59:39.0597 3496 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:59:39.0632 3496 exfat - ok
22:59:39.0640 3496 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:59:39.0675 3496 fastfat - ok
22:59:39.0689 3496 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:59:39.0720 3496 fdc - ok
22:59:39.0729 3496 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:59:39.0746 3496 FileInfo - ok
22:59:39.0761 3496 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:59:39.0806 3496 Filetrace - ok
22:59:39.0812 3496 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:59:39.0825 3496 flpydisk - ok
22:59:39.0850 3496 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:59:39.0877 3496 FltMgr - ok
22:59:39.0902 3496 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:59:39.0913 3496 FsDepends - ok
22:59:39.0930 3496 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:59:39.0939 3496 Fs_Rec - ok
22:59:39.0969 3496 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:59:39.0985 3496 fvevol - ok
22:59:40.0001 3496 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:59:40.0015 3496 gagp30kx - ok
22:59:40.0034 3496 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:59:40.0059 3496 hcw85cir - ok
22:59:40.0097 3496 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:59:40.0131 3496 HdAudAddService - ok
22:59:40.0153 3496 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:59:40.0170 3496 HDAudBus - ok
22:59:40.0191 3496 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:59:40.0214 3496 HidBatt - ok
22:59:40.0222 3496 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:59:40.0240 3496 HidBth - ok
22:59:40.0246 3496 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:59:40.0269 3496 HidIr - ok
22:59:40.0288 3496 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
22:59:40.0306 3496 HidUsb - ok
22:59:40.0331 3496 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:59:40.0342 3496 HpSAMD - ok
22:59:40.0376 3496 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:59:40.0427 3496 HTTP - ok
22:59:40.0459 3496 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:59:40.0468 3496 hwpolicy - ok
22:59:40.0491 3496 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:59:40.0508 3496 i8042prt - ok
22:59:40.0537 3496 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:59:40.0554 3496 iaStorV - ok
22:59:40.0573 3496 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:59:40.0586 3496 iirsp - ok
22:59:40.0602 3496 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:59:40.0612 3496 intelide - ok
22:59:40.0618 3496 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:59:40.0635 3496 intelppm - ok
22:59:40.0718 3496 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:59:40.0758 3496 IpFilterDriver - ok
22:59:40.0861 3496 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:59:40.0887 3496 IPMIDRV - ok
22:59:40.0904 3496 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:59:40.0944 3496 IPNAT - ok
22:59:40.0950 3496 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:59:40.0992 3496 IRENUM - ok
22:59:41.0008 3496 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:59:41.0018 3496 isapnp - ok
22:59:41.0044 3496 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:59:41.0060 3496 iScsiPrt - ok
22:59:41.0074 3496 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:59:41.0084 3496 kbdclass - ok
22:59:41.0105 3496 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:59:41.0121 3496 kbdhid - ok
22:59:41.0140 3496 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:59:41.0152 3496 KSecDD - ok
22:59:41.0159 3496 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:59:41.0173 3496 KSecPkg - ok
22:59:41.0184 3496 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:59:41.0223 3496 ksthunk - ok
22:59:41.0241 3496 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:59:41.0277 3496 lltdio - ok
22:59:41.0297 3496 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:59:41.0312 3496 LSI_FC - ok
22:59:41.0318 3496 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:59:41.0340 3496 LSI_SAS - ok
22:59:41.0346 3496 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:59:41.0359 3496 LSI_SAS2 - ok
22:59:41.0366 3496 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:59:41.0380 3496 LSI_SCSI - ok
22:59:41.0388 3496 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:59:41.0429 3496 luafv - ok
22:59:41.0465 3496 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
22:59:41.0480 3496 LVRS64 - ok
22:59:41.0630 3496 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
22:59:41.0686 3496 LVUVC64 - ok
22:59:41.0694 3496 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:59:41.0706 3496 megasas - ok
22:59:41.0719 3496 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:59:41.0743 3496 MegaSR - ok
22:59:41.0751 3496 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:59:41.0788 3496 Modem - ok
22:59:41.0807 3496 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:59:41.0829 3496 monitor - ok
22:59:41.0856 3496 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
22:59:41.0866 3496 mouclass - ok
22:59:41.0880 3496 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:59:41.0901 3496 mouhid - ok
22:59:41.0925 3496 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:59:41.0939 3496 mountmgr - ok
22:59:41.0966 3496 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
22:59:41.0980 3496 MpFilter - ok
22:59:42.0005 3496 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:59:42.0018 3496 mpio - ok
22:59:42.0032 3496 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
22:59:42.0043 3496 MpNWMon - ok
22:59:42.0059 3496 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:59:42.0095 3496 mpsdrv - ok
22:59:42.0115 3496 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:59:42.0160 3496 MRxDAV - ok
22:59:42.0179 3496 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:59:42.0217 3496 mrxsmb - ok
22:59:42.0235 3496 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:59:42.0262 3496 mrxsmb10 - ok
22:59:42.0284 3496 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:59:42.0303 3496 mrxsmb20 - ok
22:59:42.0323 3496 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:59:42.0332 3496 msahci - ok
22:59:42.0363 3496 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:59:42.0375 3496 msdsm - ok
22:59:42.0403 3496 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:59:42.0432 3496 Msfs - ok
22:59:42.0443 3496 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:59:42.0476 3496 mshidkmdf - ok
22:59:42.0505 3496 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:59:42.0514 3496 msisadrv - ok
22:59:42.0544 3496 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:59:42.0580 3496 MSKSSRV - ok
22:59:42.0598 3496 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:59:42.0630 3496 MSPCLOCK - ok
22:59:42.0639 3496 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:59:42.0674 3496 MSPQM - ok
22:59:42.0706 3496 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:59:42.0724 3496 MsRPC - ok
22:59:42.0731 3496 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:59:42.0742 3496 mssmbios - ok
22:59:42.0757 3496 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:59:42.0787 3496 MSTEE - ok
22:59:42.0797 3496 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:59:42.0824 3496 MTConfig - ok
22:59:42.0851 3496 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
22:59:42.0874 3496 MTsensor - ok
22:59:42.0890 3496 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:59:42.0904 3496 Mup - ok
22:59:42.0923 3496 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:59:42.0955 3496 NativeWifiP - ok
22:59:42.0992 3496 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:59:43.0021 3496 NDIS - ok
22:59:43.0033 3496 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:59:43.0062 3496 NdisCap - ok
22:59:43.0076 3496 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:59:43.0117 3496 NdisTapi - ok
22:59:43.0156 3496 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:59:43.0186 3496 Ndisuio - ok
22:59:43.0207 3496 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:59:43.0251 3496 NdisWan - ok
22:59:43.0281 3496 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:59:43.0318 3496 NDProxy - ok
22:59:43.0325 3496 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:59:43.0354 3496 NetBIOS - ok
22:59:43.0384 3496 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:59:43.0438 3496 NetBT - ok
22:59:43.0467 3496 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:59:43.0480 3496 nfrd960 - ok
22:59:43.0503 3496 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:59:43.0513 3496 NisDrv - ok
22:59:43.0521 3496 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:59:43.0563 3496 Npfs - ok
22:59:43.0570 3496 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:59:43.0610 3496 nsiproxy - ok
22:59:43.0737 3496 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:59:43.0776 3496 Ntfs - ok
22:59:43.0788 3496 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:59:43.0831 3496 Null - ok
22:59:43.0858 3496 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:59:43.0871 3496 nvraid - ok
22:59:43.0886 3496 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:59:43.0897 3496 nvstor - ok
22:59:43.0910 3496 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:59:43.0923 3496 nv_agp - ok
22:59:43.0939 3496 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:59:43.0957 3496 ohci1394 - ok
22:59:43.0970 3496 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:59:43.0988 3496 Parport - ok
22:59:44.0009 3496 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:59:44.0021 3496 partmgr - ok
22:59:44.0038 3496 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:59:44.0051 3496 pci - ok
22:59:44.0068 3496 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:59:44.0076 3496 pciide - ok
22:59:44.0084 3496 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:59:44.0104 3496 pcmcia - ok
22:59:44.0117 3496 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:59:44.0131 3496 pcw - ok
22:59:44.0149 3496 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:59:44.0189 3496 PEAUTH - ok
22:59:44.0232 3496 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:59:44.0265 3496 PptpMiniport - ok
22:59:44.0271 3496 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:59:44.0295 3496 Processor - ok
22:59:44.0331 3496 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:59:44.0369 3496 Psched - ok
22:59:44.0416 3496 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:59:44.0453 3496 ql2300 - ok
22:59:44.0469 3496 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:59:44.0483 3496 ql40xx - ok
22:59:44.0497 3496 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:59:44.0515 3496 QWAVEdrv - ok
22:59:44.0522 3496 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:59:44.0550 3496 RasAcd - ok
22:59:44.0571 3496 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:59:44.0601 3496 RasAgileVpn - ok
22:59:44.0627 3496 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:59:44.0668 3496 Rasl2tp - ok
22:59:44.0676 3496 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:59:44.0707 3496 RasPppoe - ok
22:59:44.0716 3496 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:59:44.0748 3496 RasSstp - ok
22:59:44.0784 3496 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:59:44.0827 3496 rdbss - ok
22:59:44.0833 3496 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:59:44.0849 3496 rdpbus - ok
22:59:44.0865 3496 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:59:44.0890 3496 RDPCDD - ok
22:59:44.0930 3496 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:59:44.0965 3496 RDPDR - ok
22:59:44.0980 3496 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:59:45.0015 3496 RDPENCDD - ok
22:59:45.0022 3496 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:59:45.0046 3496 RDPREFMP - ok
22:59:45.0074 3496 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
22:59:45.0109 3496 RdpVideoMiniport - ok
22:59:45.0138 3496 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:59:45.0172 3496 RDPWD - ok
22:59:45.0207 3496 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:59:45.0220 3496 rdyboost - ok
22:59:45.0248 3496 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:59:45.0281 3496 rspndr - ok
22:59:45.0296 3496 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:59:45.0324 3496 s3cap - ok
22:59:45.0348 3496 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:59:45.0359 3496 sbp2port - ok
22:59:45.0376 3496 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:59:45.0416 3496 scfilter - ok
22:59:45.0426 3496 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:59:45.0465 3496 secdrv - ok
22:59:45.0494 3496 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:59:45.0516 3496 Serenum - ok
22:59:45.0532 3496 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:59:45.0547 3496 Serial - ok
22:59:45.0555 3496 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:59:45.0578 3496 sermouse - ok
22:59:45.0615 3496 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:59:45.0646 3496 sffdisk - ok
22:59:45.0661 3496 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:59:45.0684 3496 sffp_mmc - ok
22:59:45.0690 3496 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:59:45.0711 3496 sffp_sd - ok
22:59:45.0717 3496 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:59:45.0731 3496 sfloppy - ok
22:59:45.0750 3496 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:59:45.0763 3496 SiSRaid2 - ok
22:59:45.0769 3496 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:59:45.0783 3496 SiSRaid4 - ok
22:59:45.0815 3496 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:59:45.0852 3496 Smb - ok
22:59:45.0871 3496 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:59:45.0883 3496 spldr - ok
22:59:45.0922 3496 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:59:45.0955 3496 srv - ok
22:59:45.0978 3496 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:59:46.0012 3496 srv2 - ok
22:59:46.0031 3496 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:59:46.0052 3496 srvnet - ok
22:59:46.0061 3496 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:59:46.0073 3496 stexstor - ok
22:59:46.0102 3496 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:59:46.0112 3496 storflt - ok
22:59:46.0125 3496 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:59:46.0135 3496 storvsc - ok
22:59:46.0145 3496 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:59:46.0155 3496 swenum - ok
22:59:46.0172 3496 Synth3dVsc - ok
22:59:46.0240 3496 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:59:46.0287 3496 Tcpip - ok
22:59:46.0321 3496 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:59:46.0356 3496 TCPIP6 - ok
22:59:46.0379 3496 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:59:46.0419 3496 tcpipreg - ok
22:59:46.0436 3496 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:59:46.0475 3496 TDPIPE - ok
22:59:46.0481 3496 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:59:46.0510 3496 TDTCP - ok
22:59:46.0543 3496 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:59:46.0575 3496 tdx - ok
22:59:46.0591 3496 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:59:46.0601 3496 TermDD - ok
22:59:46.0639 3496 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:59:46.0678 3496 tssecsrv - ok
22:59:46.0697 3496 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:59:46.0732 3496 TsUsbFlt - ok
22:59:46.0743 3496 tsusbhub - ok
22:59:46.0789 3496 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:59:46.0828 3496 tunnel - ok
22:59:46.0834 3496 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:59:46.0849 3496 uagp35 - ok
22:59:46.0901 3496 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:59:46.0943 3496 udfs - ok
22:59:46.0973 3496 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:59:46.0984 3496 uliagpkx - ok
22:59:47.0026 3496 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:59:47.0049 3496 umbus - ok
22:59:47.0070 3496 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:59:47.0087 3496 UmPass - ok
22:59:47.0153 3496 USB28xxBGA (9494736e4865f9b3a0a525ee9ab0d991) C:\Windows\system32\DRIVERS\emBDA64.sys
22:59:47.0190 3496 USB28xxBGA - ok
22:59:47.0237 3496 USB28xxOEM (612fc1cb117ccf62d3c55488c8aebd82) C:\Windows\system32\DRIVERS\emOEM64.sys
22:59:47.0278 3496 USB28xxOEM - ok
22:59:47.0305 3496 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:59:47.0343 3496 usbaudio - ok
22:59:47.0364 3496 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:59:47.0397 3496 usbccgp - ok
22:59:47.0437 3496 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:59:47.0484 3496 usbcir - ok
22:59:47.0560 3496 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:59:47.0585 3496 usbehci - ok
22:59:47.0669 3496 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:59:47.0735 3496 usbhub - ok
22:59:47.0789 3496 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:59:47.0816 3496 usbohci - ok
22:59:47.0866 3496 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:59:47.0896 3496 usbprint - ok
22:59:47.0956 3496 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:59:47.0981 3496 usbscan - ok
22:59:48.0069 3496 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
22:59:48.0112 3496 USBSTOR - ok
22:59:48.0143 3496 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
22:59:48.0171 3496 usbuhci - ok
22:59:48.0230 3496 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:59:48.0265 3496 usbvideo - ok
22:59:48.0316 3496 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:59:48.0326 3496 vdrvroot - ok
22:59:48.0376 3496 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:59:48.0403 3496 vga - ok
22:59:48.0435 3496 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:59:48.0483 3496 VgaSave - ok
22:59:48.0506 3496 VGPU - ok
22:59:48.0564 3496 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:59:48.0584 3496 vhdmp - ok
22:59:48.0647 3496 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:59:48.0665 3496 viaide - ok
22:59:48.0725 3496 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:59:48.0739 3496 vmbus - ok
22:59:48.0760 3496 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:59:48.0774 3496 VMBusHID - ok
22:59:48.0824 3496 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:59:48.0846 3496 volmgr - ok
22:59:48.0900 3496 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:59:48.0915 3496 volmgrx - ok
22:59:48.0959 3496 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:59:48.0974 3496 volsnap - ok
22:59:49.0046 3496 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:59:49.0081 3496 vsmraid - ok
22:59:49.0101 3496 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:59:49.0132 3496 vwifibus - ok
22:59:49.0154 3496 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:59:49.0179 3496 WacomPen - ok
22:59:49.0239 3496 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:59:49.0313 3496 WANARP - ok
22:59:49.0329 3496 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:59:49.0366 3496 Wanarpv6 - ok
22:59:49.0421 3496 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:59:49.0456 3496 Wd - ok
22:59:49.0581 3496 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:59:49.0627 3496 Wdf01000 - ok
22:59:49.0662 3496 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:59:49.0701 3496 WfpLwf - ok
22:59:49.0771 3496 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:59:49.0796 3496 WIMMount - ok
22:59:49.0895 3496 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:59:49.0950 3496 WinUsb - ok
22:59:50.0007 3496 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:59:50.0032 3496 WmiAcpi - ok
22:59:50.0099 3496 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:59:50.0172 3496 ws2ifsl - ok
22:59:50.0253 3496 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:59:50.0326 3496 WudfPf - ok
22:59:50.0349 3496 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:59:50.0400 3496 WUDFRd - ok
22:59:50.0454 3496 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
22:59:50.0559 3496 yukonw7 - ok
22:59:50.0584 3496 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:59:50.0768 3496 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:59:50.0769 3496 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:59:50.0772 3496 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
22:59:51.0261 3496 \Device\Harddisk1\DR1 - ok
22:59:51.0263 3496 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
22:59:51.0329 3496 \Device\Harddisk3\DR3 - ok
22:59:51.0331 3496 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
22:59:51.0798 3496 \Device\Harddisk2\DR2 - ok
22:59:51.0810 3496 Boot (0x1200) (36e2f8bff9966fae6be63bb8d6327a8e) \Device\Harddisk0\DR0\Partition0
22:59:51.0811 3496 \Device\Harddisk0\DR0\Partition0 - ok
22:59:51.0823 3496 Boot (0x1200) (c1e11ffd0d3cb674c9ff56f466f1ef93) \Device\Harddisk0\DR0\Partition1
22:59:51.0824 3496 \Device\Harddisk0\DR0\Partition1 - ok
22:59:51.0835 3496 Boot (0x1200) (07c4493cefad2ffa40a07d63d5504ed0) \Device\Harddisk0\DR0\Partition2
22:59:51.0836 3496 \Device\Harddisk0\DR0\Partition2 - ok
22:59:51.0839 3496 Boot (0x1200) (fb29f55cb2c54ba7f1a93428ef178c79) \Device\Harddisk1\DR1\Partition0
22:59:51.0840 3496 \Device\Harddisk1\DR1\Partition0 - ok
22:59:51.0843 3496 Boot (0x1200) (361e48abbc5e42ee987675ce8904ea9b) \Device\Harddisk3\DR3\Partition0
22:59:51.0844 3496 \Device\Harddisk3\DR3\Partition0 - ok
22:59:51.0847 3496 Boot (0x1200) (faf6c3c99087d63ff8a9c446906b4e70) \Device\Harddisk2\DR2\Partition0
22:59:51.0847 3496 \Device\Harddisk2\DR2\Partition0 - ok
22:59:51.0848 3496 ============================================================
22:59:51.0848 3496 Scan finished
22:59:51.0848 3496 ============================================================
22:59:51.0855 4368 Detected object count: 1
22:59:51.0855 4368 Actual detected object count: 1
23:00:08.0260 4368 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
23:00:08.0302 4368 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
23:00:08.0308 4368 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
23:00:08.0310 4368 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
23:00:08.0311 4368 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
23:00:08.0314 4368 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
23:00:08.0374 4368 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
23:00:08.0383 4368 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
23:00:08.0387 4368 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
23:00:08.0415 4368 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
23:00:08.0473 4368 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
23:00:08.0523 4368 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
23:00:08.0572 4368 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
23:00:08.0622 4368 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
23:00:08.0630 4368 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
23:00:08.0632 4368 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
23:00:08.0634 4368 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
23:00:08.0680 4368 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
23:00:08.0717 4368 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
23:00:08.0772 4368 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
23:00:08.0851 4368 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
23:00:08.0909 4368 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
23:00:09.0141 4368 \Device\Harddisk0\DR0\TDLFS\sant64 - copied to quarantine
23:00:09.0310 4368 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
23:00:09.0316 4368 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
23:00:09.0342 4368 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
23:00:09.0344 4368 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
23:03:03.0442 4504 Deinitialize success


Done;
Press any key to quit...

Any help would be more then appreciated.

 

[s1m0n]

DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by s1m0n at 0:11:59 on 2012-02-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.9815 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
E:\Apps\QIP\QIP 2010\qip.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\DisplayFusion\AppHookx86.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
mWinlogon: Userinit=userinit.exe
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "C:\Users\s1m0n\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [Infium] "E:\Apps\QIP\QIP 2010\qip.exe" /autorun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 192.168.14.1
TCP: Interfaces\{FAD6EBC1-9E99-4501-86F3-557970E0CB69} : DhcpNameServer = 192.168.14.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\s1m0n\AppData\Roaming\Mozilla\Firefox\Profiles\7eye2j3i.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: C:\Users\s1m0n\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-7 652360]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-7 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-7 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-07 22:03:55 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EA897F2D-9C74-4AFC-94FD-E206EF6CAE12}\offreg.dll
2012-02-07 21:49:18 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-07 21:49:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-07 21:31:39 -------- d-----w- C:\Windows\SysWow64\ru
2012-02-07 21:31:39 -------- d-----w- C:\Windows\SysWow64\drivers\ru-RU
2012-02-07 21:31:37 -------- d-----w- C:\Windows\SysWow64\wbem\ru-RU
2012-02-07 21:31:26 -------- d-----w- C:\Windows\System32\drivers\UMDF\ru-RU
2012-02-07 21:31:25 -------- d-----w- C:\Windows\System32\drivers\ru-RU
2012-02-07 21:31:21 -------- d-----w- C:\Windows\System32\wbem\ru-RU
2012-02-07 21:31:21 -------- d-----w- C:\Windows\System32\ru
2012-02-07 21:31:12 -------- d-----w- C:\Windows\ru-RU
2012-02-07 21:27:59 5120 ----a-w- C:\Windows\System32\drivers\ru-RU\fltmgr.sys.mui
2012-02-07 21:26:36 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2012-02-07 21:26:36 -------- d-----w- C:\Windows\SysWow64\he
2012-02-07 21:26:36 -------- d-----w- C:\Windows\SysWow64\drivers\he-IL
2012-02-07 21:26:35 -------- d-----w- C:\Windows\SysWow64\wbem\he-IL
2012-02-07 21:26:27 -------- d-----w- C:\Windows\System32\he
2012-02-07 21:26:27 -------- d-----w- C:\Windows\System32\drivers\UMDF\he-IL
2012-02-07 21:26:26 -------- d-----w- C:\Windows\System32\drivers\he-IL
2012-02-07 21:26:22 -------- d-----w- C:\Windows\System32\wbem\he-IL
2012-02-07 21:26:11 -------- d-----w- C:\Windows\he-IL
2012-02-07 21:23:10 24576 ----a-w- C:\Windows\System32\drivers\he-IL\usbport.sys.mui
2012-02-07 21:23:08 5632 ----a-w- C:\Windows\System32\drivers\he-IL\rdvgkmd.sys.mui
2012-02-07 21:23:08 2560 ----a-w- C:\Windows\System32\drivers\he-IL\rdpwd.sys.mui
2012-02-07 21:23:07 7168 ----a-w- C:\Windows\System32\drivers\he-IL\tunnel.sys.mui
2012-02-07 21:23:07 4096 ----a-w- C:\Windows\System32\drivers\he-IL\tsusbhub.sys.mui
2012-02-07 21:23:07 3072 ----a-w- C:\Windows\System32\drivers\he-IL\tsusbflt.sys.mui
2012-02-07 21:23:05 9728 ----a-w- C:\Windows\System32\drivers\he-IL\battc.sys.mui
2012-02-07 20:22:25 -------- d-----w- C:\Windows\Panther
2012-02-07 20:22:12 -------- d-sh--w- C:\Boot
2012-02-07 18:55:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-07 18:31:15 -------- d-----w- C:\Users\s1m0n\AppData\Roaming\Malwarebytes
2012-02-07 18:31:04 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-07 17:39:33 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF30BF7C-EF1C-4F57-B5A3-F603B9830E62}\gapaengine.dll
2012-02-07 17:39:29 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EA897F2D-9C74-4AFC-94FD-E206EF6CAE12}\mpengine.dll
2012-02-07 17:38:19 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-02-07 17:38:16 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-02-07 17:38:10 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-02-07 17:37:08 -------- d-----w- C:\Windows\System32\SPReview
2012-02-07 17:36:54 -------- d-----w- C:\Windows\System32\EventProviders
2012-02-07 17:33:59 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2012-02-07 13:16:55 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-02-07 13:12:07 -------- d-----w- C:\Users\s1m0n\AppData\Local\AIM
2012-02-07 13:10:34 -------- d-----w- C:\Windows\pss
2012-02-07 13:07:50 -------- d-----w- C:\Users\s1m0n\AppData\Local\{335CCFA5-AE7D-4BB8-B4C6-99E2C71FCA45}
2012-02-07 13:07:40 -------- d-----w- C:\Users\s1m0n\AppData\Local\{01CE22F7-C3CE-41BD-B87F-E7D52F0188C0}
2012-02-07 13:07:28 -------- d-----w- C:\Users\s1m0n\Tracing
2012-02-07 13:04:54 -------- d-----w- C:\Windows\PCHEALTH
2012-02-07 13:03:34 -------- d-----w- C:\Users\s1m0n\AppData\Local\Windows Live
2012-02-07 13:03:32 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-02-07 11:29:57 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-02-07 11:29:56 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-07 11:29:56 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-07 11:29:56 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-07 11:29:56 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 11:26:58 -------- d-----w- C:\Users\s1m0n\AppData\Local\ATI
2012-02-07 11:25:33 0 ----a-w- C:\Windows\ativpsrm.bin
2012-02-07 11:16:36 -------- d-----w- C:\Program Files (x86)\Siber Systems
2012-02-07 11:15:28 -------- d-----w- C:\Users\s1m0n\AppData\Local\Logitech® Webcam Software
2012-02-07 11:12:10 53248 ----a-r- C:\Users\s1m0n\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-02-07 11:11:54 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2012-02-07 11:09:32 -------- d-----r- C:\Program Files (x86)\Skype
2012-02-07 11:06:26 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-02-07 11:06:24 -------- d-----w- C:\Program Files\ATI
2012-02-07 11:06:16 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CDD4194D-6E11-4B09-AACD-9975AA04B2ED}\mpengine.dll
2012-02-07 11:06:15 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-07 11:05:28 -------- d-----w- C:\Program Files\ATI Technologies
2012-02-07 11:04:55 -------- d-----w- C:\AMD
2012-02-07 10:51:56 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-02-07 10:51:56 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-02-07 10:51:40 3145216 ----a-w- C:\Windows\System32\win32k.sys
2012-02-07 10:46:14 -------- d-----w- C:\Users\s1m0n\AppData\Roaming\DisplayFusion
2012-02-07 10:46:11 -------- d-----w- C:\Program Files (x86)\DisplayFusion
2012-02-07 10:41:19 468480 ----a-w- C:\Windows\System32\deployJava1.dll
2012-02-07 10:41:12 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-07 10:38:43 -------- d-sh--w- C:\Windows\Installer
2012-02-07 10:38:13 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2012-02-07 18:07:16 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-02-07 18:07:16 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-12-06 03:45:40 10720256 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-12-06 03:18:38 25371136 ----a-w- C:\Windows\System32\atio6axx.dll
2011-12-06 03:17:50 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-12-06 03:17:36 778752 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-12-06 03:16:00 933888 ----a-w- C:\Windows\System32\aticfx64.dll
2011-12-06 03:12:52 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-12-06 03:12:36 494080 ----a-w- C:\Windows\System32\atieclxx.exe
2011-12-06 03:11:56 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-12-06 03:10:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-12-06 03:10:20 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-12-06 03:10:12 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-12-06 03:10:00 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-12-06 03:09:56 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-12-06 03:09:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-12-06 03:09:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-12-06 03:06:38 6159872 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-12-06 02:56:40 19125760 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-12-06 02:51:22 7520768 ----a-w- C:\Windows\System32\atidxx64.dll
2011-12-06 02:39:58 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-12-06 02:39:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-12-06 02:39:12 4072960 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-12-06 02:34:28 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-12-06 02:34:24 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-12-06 02:34:16 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-12-06 02:34:14 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-12-06 02:34:00 13738496 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-12-06 02:33:36 5919232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-12-06 02:29:30 11484672 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-12-06 02:28:50 4206592 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-12-06 02:24:02 7511040 ----a-w- C:\Windows\System32\atiumd64.dll
2011-12-06 02:18:46 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-12-06 02:13:02 509952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-12-06 02:12:52 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-12-06 02:12:38 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-12-06 02:12:34 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-12-06 02:12:34 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-12-06 02:12:30 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-12-06 02:12:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-12-06 02:12:14 327168 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-12-06 02:11:24 42496 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-12-06 02:11:16 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-12-06 02:11:10 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-12-06 02:11:02 29696 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-12-06 02:10:48 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-12-06 02:10:48 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-12-06 02:10:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 0:12:34.20 ===============

 

[s1m0n]

Malware Bytes:

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.07.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
s1m0n :: S1M0N-PC [administrator]

Protection: Enabled

2/8/2012 12:04:44 AM
mbam-log-2012-02-08 (00-04-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 178783
Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------

 

[s1m0n]

DDS Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2/7/2012 12:43:55 PM
System Uptime: 2/8/2012 12:03:24 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6TD DELUXE
Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz | LGA1366 | 3068/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 98 GiB total, 55.003 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 600.016 GiB free.
E: is FIXED (NTFS) - 1863 GiB total, 732.904 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 397.098 GiB free.
G: is FIXED (NTFS) - 0 GiB total, 0.068 GiB free.
H: is FIXED (NTFS) - 834 GiB total, 282.262 GiB free.
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_00000000&REV_04\4&37C265C7&0&0008
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_00000000&REV_04\4&37C265C7&0&0008
Service:
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: USB EMP Audio Device
Device ID: USB\VID_EB1A&PID_2861&MI_01\6&27BFB38&0&0001
Manufacturer: eMPIA Technology - Audio
Name: USB EMP Audio Device
PNP Device ID: USB\VID_EB1A&PID_2861&MI_01\6&27BFB38&0&0001
Service: emAudio
.
==== System Restore Points ===================
.
RP190: 7/31/2011 7:00:33 PM - Windows Backup
RP191: 8/4/2011 3:00:10 AM - Windows Update
RP192: 8/5/2011 3:40:45 PM - CheckIfInstallerIsBusy
RP193: 8/5/2011 3:41:37 PM - Windows Live Essentials
RP194: 8/5/2011 3:42:27 PM - Installed DirectX
RP195: 8/5/2011 3:42:42 PM - Installed DirectX
RP196: 8/5/2011 3:43:13 PM - WLSetup
RP197: 8/7/2011 3:08:04 AM - Windows Update
RP198: 8/7/2011 7:00:53 PM - Windows Backup
RP10: 2/7/2012 7:37:01 PM - Windows 7 Service Pack 1
RP11: 2/7/2012 7:39:04 PM - Windows Update
RP12: 2/7/2012 11:04:34 PM - Windows Update
RP13: 2/7/2012 11:11:46 PM - Windows Update
RP14: 2/7/2012 11:15:11 PM - Windows Update
RP15: 2/7/2012 11:21:31 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11.5
CameraHelperMsi
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
DisplayFusion 3.4.1
erLT
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Java(TM) 6 Update 21
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 10.0 (x86 en-US)
MSVCRT
RoboForm 7-7-0 (All Users)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.8
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
2/8/2012 12:03:59 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
2/7/2012 8:53:18 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: TrojanOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.119.1479.0, AS: 1.119.1479.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.8001.0, NIS: 2.0.7707.0
2/7/2012 8:23:42 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: TrojanOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: s1m0n-PC\s1m0n Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.119.1479.0, AS: 1.119.1479.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.8001.0, NIS: 2.0.7707.0
2/7/2012 8:23:02 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
2/7/2012 8:20:51 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952 Name: TrojanOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: s1m0n-PC\s1m0n Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

GMER log is missing so please provide that.

Then.....

Please download and run ListParts by Farbar (for 32-bit system)

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.
Post it in your next reply.

 

[s1m0n]

ListParts by Farbar
Ran by s1m0n on 08-02-2012 at 08:04:26
Windows 7 (X64)
Running From: C:\Users\s1m0n\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 12279.12 MB
Available physical RAM: 10705.1 MB
Total Pagefile: 24556.43 MB
Available Pagefile: 22671.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:97.56 GB) (Free:53.68 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive d: (Content) (Fixed) (Total:1863.01 GB) (Free:600.02 GB) NTFS
4 Drive e: (GRADUS) (Fixed) (Total:1863.01 GB) (Free:732.9 GB) NTFS
5 Drive f: () (Fixed) (Total:465.75 GB) (Free:397.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
7 Drive h: (Downloads) (Fixed) (Total:833.76 GB) (Free:282.26 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 1863 GB 0 B
Disk 2 Online 465 GB 9 MB
Disk 3 Online 1863 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 97 GB 101 MB
Partition 2 Primary 100 MB 97 GB
Partition 3 Primary 833 GB 97 GB
Partition 4 Primary 1744 KB 931 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 97 GB Healthy System (partition with boot components)

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 G System Rese NTFS Partition 100 MB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 H Downloads NTFS Partition 833 GB Healthy

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D Content NTFS Partition 1863 GB Healthy

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F NTFS Partition 465 GB Healthy

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 E GRADUS NTFS Partition 1863 GB Healthy



****** End Of Log ******



I Run GMER but it produces no log and does nothing after it runs....

 

[Broni]

You have TDL rootkit there.

WARNING!
Proceed with extreme caution!
Deleting wrong partition will result with your computer being unusable.
If you have any doubts, ask.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download GETxPUD.exe to the desktop of your clean computer

• Double click on GETxPUD.exe
• A new folder will appear on the desktop.
• Open the GETxPUD folder and click on the get&burn.bat
• The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
• Insert blank CD into your CD drive.
• Click on Start and follow the prompts to burn the image to a CD.
• Boot bad computer from the CD
• Press Tool at the top
• Choose Open Terminal
• Type parted /dev/sda set 1 boot on
• Press Enter
• Type parted /dev/sda rm 4
• Press Enter
• Remove xPUD CD, reboot, run aswMBR and post the log

 

[s1m0n]

I Burned it on CLEAN pc, loaded BAD pc from it, it asked me to select lang, i choose english... and then i got here:

http://i.imgur.com/9SM5o.jpg

there is some error or something? or this IS the terminal i should write in?

 

[Broni]

We'll try different way....

Download Download gparted-live-0.11.0-7.iso (119.8 MB

Burn it to a CD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
Boot off of the newly created Gparted CD.

You should be here:

Press Enter.

By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER:

Choose your language and press ENTER. English is default [33]:

Once again, at this prompt, press ENTER:

You will now be taken to the main GUI screen below:

According to your logs, the partition that you want to delete is the small partition of 1744 KB.
Click on it to highlight it.
Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:

Now you should be here:

Is "boot" next to your OS drive?

If "boot" is NOT next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags.

In the menu that pops up, place a checkmark in boot like the picture below:

Now double-click the

button.

You should receive a small pop up like this:

Choose reboot and then press OK.

 

[s1m0n]

I did it all and it`s the first time i actually loaded my pc and DIDNT have this virus pop on me, i scanned the system and its seems i`m virus free finally!

Thank you so so much!!!!!!!!!

 

[Broni]

Very good but we're absolutely not done

Post new aswMBR log and....

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[s1m0n]

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 64
-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

 

[Broni]

Post new aswMBR log

...

 

[s1m0n]

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-08 20:43:26
-----------------------------
20:43:26.585 OS Version: Windows x64 6.1.7601 Service Pack 1
20:43:26.585 Number of processors: 8 586 0x1A05
20:43:26.586 ComputerName: S1M0N-PC UserName: s1m0n
20:43:27.262 Initialize success
20:45:02.249 AVAST engine defs: 12020800
20:45:06.624 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:45:06.627 Disk 0 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953869MB BusType: 3
20:45:06.630 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
20:45:06.632 Disk 1 Vendor: WDC_WD20EARS-00J2GB0 80.00A80 Size: 1907729MB BusType: 3
20:45:06.636 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-3
20:45:06.639 Disk 2 Vendor: Hitachi_HDP725050GLA360 GM4OA52A Size: 476940MB BusType: 3
20:45:06.643 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T0L0-4
20:45:06.647 Disk 3 Vendor: WDC_WD20EARS-00J2GB0 80.00A80 Size: 1907729MB BusType: 3
20:45:06.660 Disk 0 MBR read successfully
20:45:06.664 Disk 0 MBR scan
20:45:06.729 Disk 0 Windows 7 default MBR code
20:45:06.741 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99900 MB offset 206848
20:45:06.774 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100 MB offset 204802048
20:45:06.803 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 853767 MB offset 205006848
20:45:06.824 Service scanning
20:45:07.537 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:45:07.586 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
20:45:08.121 Modules scanning
20:45:08.127 Disk 0 trace - called modules:
20:45:08.136 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800aa942c0]<<sprm.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:45:08.142 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800aed7790]
20:45:08.148 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa800ac08e40]
20:45:08.154 5 ACPI.sys[fffff88000f007a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800ac0d060]
20:45:08.160 \Driver\atapi[0xfffffa800abe82c0] -> IRP_MJ_CREATE -> 0xfffffa800aa942c0
20:45:08.842 AVAST engine scan C:\Windows
20:45:10.734 AVAST engine scan C:\Windows\system32
20:47:31.461 AVAST engine scan C:\Windows\system32\drivers
20:47:42.537 AVAST engine scan C:\Users\s1m0n
20:52:08.774 AVAST engine scan C:\ProgramData
20:52:24.159 Scan finished successfully
20:52:34.841 Disk 0 MBR has been saved successfully to "C:\Users\s1m0n\Desktop\MBR.dat"
20:52:34.882 The log file has been saved successfully to "C:\Users\s1m0n\Desktop\aswMBR.txt"

 

[Broni]

Good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[s1m0n]

ComboFix 12-02-08.02 - s1m0n 02/08/2012 21:04:37.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.10116 [GMT 2:00]
Running from: c:\users\s1m0n\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))
.
.
2012-02-08 19:07 . 2012-02-08 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-08 18:36 . 2012-02-08 18:36 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-02-08 18:35 . 2012-02-08 18:35 -------- d-----w- C:\ATI
2012-02-08 18:34 . 2012-02-08 18:34 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-02-08 18:33 . 2012-02-08 18:33 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2012-02-08 18:25 . 2012-02-08 18:25 -------- d-----w- c:\program files (x86)\Renesas Electronics
2012-02-08 18:24 . 2012-02-08 18:24 -------- d-----w- c:\programdata\Downloaded Installations
2012-02-08 18:21 . 2012-02-08 18:21 -------- d-----w- c:\program files (x86)\Driver-Soft
2012-02-08 18:08 . 2012-02-08 18:13 -------- d-----w- c:\programdata\DriverGenius
2012-02-08 18:07 . 2012-02-08 18:09 -------- d-----w- c:\program files (x86)\Driver Genius
2012-02-08 18:04 . 2012-02-08 18:04 -------- d-----w- c:\program files\Frameworkx
2012-02-08 17:59 . 2012-02-08 17:59 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-02-08 17:49 . 2012-02-08 17:49 -------- d-----w- c:\programdata\SonicFocus
2012-02-08 17:49 . 2012-02-08 17:49 -------- d-----w- c:\program files (x86)\Analog Devices
2012-02-08 15:16 . 2012-02-08 15:16 -------- d-----w- c:\program files (x86)\Express Gate
2012-02-08 15:16 . 2012-02-08 15:16 -------- d-----w- C:\ASUS.SYS
2012-02-08 15:16 . 2012-02-08 15:26 -------- d-----w- C:\temp
2012-02-08 15:16 . 2012-02-08 15:26 -------- d-----w- C:\dvmexp
2012-02-08 15:12 . 2012-02-08 17:35 -------- d-----w- c:\program files\ASUS
2012-02-08 15:06 . 2012-02-08 15:06 -------- d-----w- c:\windows\AsusInstAll
2012-02-08 14:59 . 2012-02-08 15:00 -------- d-----w- c:\program files (x86)\Your Uninstaller! 7
2012-02-08 14:58 . 2012-02-08 14:58 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-08 14:58 . 2012-02-08 14:58 -------- d-----w- c:\program files (x86)\Creative
2012-02-08 14:58 . 2012-02-08 14:58 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-08 14:58 . 2008-09-17 13:07 1503232 ------w- c:\windows\SysWow64\adi_oal.dll
2012-02-08 14:58 . 2008-09-17 13:11 1828352 ------w- c:\windows\system32\adi_oal.dll
2012-02-08 14:56 . 2012-02-08 15:05 -------- d-----w- c:\programdata\Norton
2012-02-08 14:43 . 2012-02-08 14:43 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-02-08 14:34 . 2012-01-05 19:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A289343F-84CA-49E9-A8EE-A70F70BBFCBC}\mpengine.dll
2012-02-08 14:25 . 2012-02-08 14:25 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-02-08 14:25 . 2012-02-08 14:44 -------- d-----w- c:\programdata\Microsoft Help
2012-02-08 14:25 . 2012-02-08 14:25 -------- d-----r- C:\MSOCache
2012-02-08 14:16 . 2012-02-08 14:16 -------- d-----w- c:\program files (x86)\Passware
2012-02-08 14:16 . 2012-02-08 14:16 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-02-08 14:16 . 2012-02-08 14:16 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-02-08 14:15 . 2012-02-08 14:15 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-02-08 14:01 . 2009-07-16 09:38 15416 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2012-02-08 13:27 . 2009-09-30 03:33 24576 ----a-r- c:\windows\SysWow64\AsIO.dll
2012-02-08 13:27 . 2009-08-04 02:28 13440 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys
2012-02-08 13:27 . 2009-07-06 08:48 13368 ----a-w- c:\windows\SysWow64\drivers\AsUpIO.sys
2012-02-08 13:10 . 2012-02-08 13:10 -------- d-----w- c:\program files (x86)\Intel
2012-02-08 13:10 . 2009-06-16 10:05 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-02-08 13:08 . 2012-02-08 13:08 -------- d-----w- C:\Intel
2012-02-08 13:00 . 2012-02-08 18:25 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-02-08 13:00 . 2012-02-08 15:12 -------- d-----w- c:\program files (x86)\ASUS
2012-02-08 13:00 . 2010-05-05 14:38 14592 ----a-w- c:\windows\system32\drivers\AiCharger.sys
2012-02-08 13:00 . 2012-02-08 14:58 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-02-08 12:59 . 2012-02-08 18:27 -------- d-----w- c:\program files (x86)\Marvell
2012-02-07 22:28 . 2012-01-05 19:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-07 21:49 . 2012-02-07 21:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-07 21:49 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-07 21:31 . 2012-02-07 21:31 -------- d-----w- c:\windows\SysWow64\ru
2012-02-07 21:31 . 2012-02-07 21:31 -------- d-----w- c:\windows\SysWow64\drivers\ru-RU
2012-02-07 21:31 . 2012-02-07 21:31 -------- d-----w- c:\windows\SysWow64\wbem\ru-RU
2012-02-07 21:31 . 2012-02-07 21:31 -------- d-----w- c:\windows\system32\drivers\UMDF\ru-RU
2012-02-07 21:31 . 2012-02-07 21:31 -------- d-----w- c:\windows\system32\drivers\ru-RU
2012-02-07 21:31 . 2012-02-07 21:31 -------- d-----w- c:\windows\system32\wbem\ru-RU
2012-02-07 21:31 . 2012-02-07 21:31 -------- d-----w- c:\windows\system32\ru
2012-02-07 21:31 . 2012-02-07 21:31 -------- d-----w- c:\windows\ru-RU
2012-02-07 21:28 . 2009-07-13 17:06 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\ru-RU\LXKPTPRC.DLL.mui
2012-02-07 21:26 . 2012-02-07 21:31 -------- d-----w- c:\windows\SysWow64\XPSViewer
2012-02-07 21:26 . 2012-02-07 21:26 -------- d-----w- c:\windows\SysWow64\he
2012-02-07 21:26 . 2012-02-07 21:26 -------- d-----w- c:\windows\SysWow64\drivers\he-IL
2012-02-07 21:26 . 2012-02-07 21:26 -------- d-----w- c:\windows\SysWow64\wbem\he-IL
2012-02-07 21:26 . 2012-02-07 21:26 -------- d-----w- c:\windows\system32\he
2012-02-07 21:26 . 2012-02-07 21:26 -------- d-----w- c:\windows\system32\drivers\UMDF\he-IL
2012-02-07 21:26 . 2012-02-07 21:26 -------- d-----w- c:\windows\system32\drivers\he-IL
2012-02-07 21:26 . 2012-02-07 21:26 -------- d-----w- c:\windows\system32\wbem\he-IL
2012-02-07 21:26 . 2012-02-07 21:26 -------- d-----w- c:\windows\he-IL
2012-02-07 21:22 . 2009-07-13 16:53 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\he-IL\LXKPTPRC.DLL.mui
2012-02-07 20:22 . 2012-02-07 10:43 -------- d-----w- c:\windows\Panther
2012-02-07 20:22 . 2012-02-07 18:16 -------- d-----w- C:\Boot
2012-02-07 18:55 . 2012-02-07 21:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-07 18:31 . 2012-02-07 18:31 -------- d-----w- c:\programdata\Malwarebytes
2012-02-07 17:39 . 2012-02-07 17:39 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF30BF7C-EF1C-4F57-B5A3-F603B9830E62}\gapaengine.dll
2012-02-07 17:38 . 2012-02-07 17:38 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-02-07 17:38 . 2012-02-07 17:38 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-07 17:38 . 2012-02-07 17:38 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-02-07 17:37 . 2012-02-07 17:37 -------- d-----w- c:\windows\system32\SPReview
2012-02-07 17:36 . 2012-02-07 17:36 -------- d-----w- c:\windows\system32\EventProviders
2012-02-07 17:33 . 2010-11-20 13:34 363392 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2012-02-07 13:16 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-02-07 13:05 . 2012-02-07 13:05 -------- d-----w- c:\program files (x86)\Windows Live
2012-02-07 13:04 . 2012-02-07 13:04 -------- d-----w- c:\windows\PCHEALTH
2012-02-07 13:03 . 2012-02-07 13:03 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-02-07 12:01 . 2012-02-07 12:01 -------- d-----w- c:\programdata\RoboForm
2012-02-07 11:41 . 2012-02-07 11:41 -------- d-----w- c:\program files\Google
2012-02-07 11:41 . 2012-02-07 11:41 -------- d-----w- c:\program files (x86)\Google
2012-02-07 11:29 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-02-07 11:29 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 11:29 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-07 11:29 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 11:29 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-07 11:26 . 2012-02-07 11:26 -------- d-----w- c:\programdata\ATI
2012-02-07 11:25 . 2012-02-07 11:25 0 ----a-w- c:\windows\ativpsrm.bin
2012-02-07 11:16 . 2012-02-07 11:16 -------- d-----w- c:\program files (x86)\Siber Systems
2012-02-07 11:11 . 2012-02-07 11:11 -------- d-----w- c:\programdata\Logitech
2012-02-07 11:11 . 2012-02-07 11:11 -------- d-----w- c:\program files (x86)\Common Files\LWS
2012-02-07 11:11 . 2012-02-07 11:12 -------- d-----w- c:\program files (x86)\Logitech
2012-02-07 11:11 . 2012-02-07 11:11 -------- d-----w- c:\programdata\LogiShrd
2012-02-07 11:09 . 2012-02-07 11:09 -------- d-----r- c:\program files (x86)\Skype
2012-02-07 11:09 . 2012-02-07 11:09 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-07 11:09 . 2012-02-07 11:09 -------- d-----w- c:\programdata\Skype
2012-02-07 11:08 . 2012-02-07 11:12 -------- d-----w- c:\program files (x86)\Common Files\logishrd
2012-02-07 11:08 . 2012-02-07 11:12 -------- d-----w- c:\program files\Common Files\logishrd
2012-02-07 11:06 . 2012-02-07 11:06 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-02-07 11:06 . 2012-02-07 11:06 -------- d-----w- c:\program files\ATI
2012-02-07 11:06 . 2012-01-17 02:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDD4194D-6E11-4B09-AACD-9975AA04B2ED}\mpengine.dll
2012-02-07 11:06 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-07 11:05 . 2012-02-07 11:07 -------- d-----w- c:\program files\ATI Technologies
2012-02-07 11:04 . 2012-02-07 11:04 -------- d-----w- C:\AMD
2012-02-07 10:51 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-07 10:51 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-02-07 10:51 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2012-02-07 10:46 . 2012-02-07 12:40 -------- d-----w- c:\program files (x86)\DisplayFusion
2012-02-07 10:44 . 2012-02-07 13:07 -------- d-----w- c:\users\s1m0n
2012-02-07 10:42 . 2012-02-08 14:26 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-02-07 10:41 . 2012-02-07 10:41 468480 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-07 10:41 . 2012-02-07 10:41 -------- d-----w- c:\program files\Java
2012-02-07 10:41 . 2012-02-07 10:41 423656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-07 10:38 . 2012-02-08 18:36 -------- d-sh--w- c:\windows\Installer
2012-02-07 10:38 . 2012-02-07 10:38 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-07 18:07 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-07 18:07 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-07 13:04 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-06 03:45 . 2011-12-06 03:45 10720256 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:18 . 2011-12-06 03:18 25371136 ----a-w- c:\windows\system32\atio6axx.dll
2011-12-06 03:17 . 2011-12-06 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-12-06 03:17 . 2011-12-06 03:17 778752 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-12-06 03:16 . 2011-12-06 03:16 933888 ----a-w- c:\windows\system32\aticfx64.dll
2011-12-06 03:12 . 2011-12-06 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12 . 2011-12-06 03:12 494080 ----a-w- c:\windows\system32\atieclxx.exe
2011-12-06 03:11 . 2011-12-06 03:11 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2011-12-06 03:10 . 2011-12-06 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-12-06 03:10 . 2011-12-06 03:10 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-12-06 03:10 . 2011-12-06 03:10 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-12-06 03:10 . 2011-12-06 03:10 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-12-06 03:09 . 2011-12-06 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-12-06 03:09 . 2011-12-06 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-12-06 03:09 . 2011-12-06 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-12-06 03:06 . 2011-12-06 03:06 6159872 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-12-06 02:56 . 2011-12-06 02:56 19125760 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-12-06 02:51 . 2011-12-06 02:51 7520768 ----a-w- c:\windows\system32\atidxx64.dll
2011-12-06 02:39 . 2011-12-06 02:39 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-12-06 02:39 . 2011-12-06 02:39 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-12-06 02:39 . 2011-12-06 02:39 4072960 ----a-w- c:\windows\system32\atiumd6a.dll
2011-12-06 02:34 . 2011-12-06 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-12-06 02:34 . 2011-12-06 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-12-06 02:34 . 2011-12-06 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-12-06 02:34 . 2011-12-06 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-12-06 02:34 . 2011-12-06 02:34 13738496 ----a-w- c:\windows\system32\aticaldd64.dll
2011-12-06 02:33 . 2011-12-06 02:33 5919232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-12-06 02:29 . 2011-12-06 02:29 11484672 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-12-06 02:28 . 2011-12-06 02:28 4206592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-12-06 02:24 . 2011-12-06 02:24 7511040 ----a-w- c:\windows\system32\atiumd64.dll
2011-12-06 02:18 . 2011-12-06 02:18 58880 ----a-w- c:\windows\system32\coinst.dll
2011-12-06 02:13 . 2011-12-06 02:13 509952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-12-06 02:12 . 2011-12-06 02:12 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-12-06 02:12 . 2011-12-06 02:12 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 327168 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11 . 2011-12-06 02:11 42496 ----a-w- c:\windows\system32\atiuxp64.dll
2011-12-06 02:11 . 2011-12-06 02:11 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-12-06 02:11 . 2011-12-06 02:11 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2011-12-06 02:11 . 2011-12-06 02:11 29696 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-07 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-01-31 17147528]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-02-07 107000]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2012-01-12 2789280]
"Aim"="e:\program files\AIM\aim.exe" [2011-05-03 4321112]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Infium"="e:\program files\QIP 2010\qip.exe" [2011-12-28 7318992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-04 465536]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MDES;DVM Meta Data Export Service;c:\asus.sys\CONFIG\DVMExportService.exe [2009-03-24 319488]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 11:41]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 11:41]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75002929-81291-3837428588-1001Core.job
- c:\users\s1m0n\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 11:18]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75002929-81291-3837428588-1001UA.job
- c:\users\s1m0n\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 11:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.14.1
FF - ProfilePath - c:\users\s1m0n\AppData\Roaming\Mozilla\Firefox\Profiles\7eye2j3i.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-TaskTray - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ASUS\Six Engine\SixEngine.exe
.
**************************************************************************
.
Completion time: 2012-02-08 21:12:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-08 19:12
.
Pre-Run: 51,153,313,792 bytes free
Post-Run: 51,551,051,776 bytes free
.
- - End Of File - - CA610A9206B99E6ED5C9ED5AA1AF7FF4

 

[Broni]

Looks good

Any current issues?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[s1m0n]

OTL Part1

OTL logfile created on: 2/8/2012 9:46:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\s1m0n\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 9.69 Gb Available Physical Memory | 80.80% Memory free
23.98 Gb Paging File | 21.62 Gb Available in Paging File | 90.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.56 Gb Total Space | 48.43 Gb Free Space | 49.65% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 599.05 Gb Free Space | 32.15% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 735.21 Gb Free Space | 39.46% Space Free | Partition Type: NTFS
Drive F: | 465.75 Gb Total Space | 407.18 Gb Free Space | 87.42% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 69.51 Mb Free Space | 69.51% Space Free | Partition Type: NTFS
Drive H: | 833.76 Gb Total Space | 282.40 Gb Free Space | 33.87% Space Free | Partition Type: NTFS
Drive K: | 1863.01 Gb Total Space | 977.94 Gb Free Space | 52.49% Space Free | Partition Type: NTFS

Computer Name: S1M0N-PC | User Name: s1m0n | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/08 21:37:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\s1m0n\Desktop\OTL.exe
PRC - [2012/02/07 14:01:38 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/02/07 13:41:48 | 000,307,312 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/07 12:40:45 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/12 11:54:26 | 000,095,640 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\AppHookx86.exe
PRC - [2011/12/28 14:27:20 | 007,318,992 | ---- | M] (QIP) -- E:\Program Files\QIP 2010\qip.exe
PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/05/03 17:43:14 | 004,321,112 | ---- | M] (AOL Inc.) -- E:\Program Files\AIM\aim.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/05/04 19:50:58 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/02 19:42:22 | 006,154,240 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2009/08/19 13:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/03/24 12:36:36 | 000,319,488 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\CONFIG\DVMExportService.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/28 14:27:40 | 000,958,416 | ---- | M] () -- E:\Program Files\QIP 2010\Protos\Social\Social.dll
MOD - [2011/12/28 14:27:36 | 001,641,424 | ---- | M] () -- E:\Program Files\QIP 2010\Protos\MRA\mra.dll
MOD - [2011/12/28 14:27:36 | 000,049,104 | ---- | M] () -- E:\Program Files\QIP 2010\Protos\MRA\pics.dll
MOD - [2011/12/28 14:27:30 | 002,523,600 | ---- | M] () -- E:\Program Files\QIP 2010\Protos\InfICQ\inficq.dll
MOD - [2011/12/28 14:27:28 | 000,824,272 | ---- | M] () -- E:\Program Files\QIP 2010\Plugins\qipradio\qipradio.dll
MOD - [2011/12/28 14:27:28 | 000,175,056 | ---- | M] () -- E:\Program Files\QIP 2010\Plugins\ogorod\ogorod.dll
MOD - [2011/12/28 14:27:28 | 000,140,240 | ---- | M] () -- E:\Program Files\QIP 2010\Plugins\cards\cards.dll
MOD - [2011/12/28 14:27:28 | 000,058,832 | ---- | M] () -- E:\Program Files\QIP 2010\Plugins\Win7Helper\Win7Helper.dll
MOD - [2011/12/28 14:27:22 | 004,659,664 | ---- | M] () -- E:\Program Files\QIP 2010\Core\voip.dll
MOD - [2011/05/03 17:38:52 | 000,176,128 | ---- | M] () -- E:\Program Files\AIM\nssckbi.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/09/30 05:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009/08/27 19:41:46 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\pngio.dll
MOD - [2009/08/27 19:41:46 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\AsSpindownTimeout.dll
MOD - [2009/04/22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\AsusService.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/06 05:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/05 11:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012/01/31 15:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/19 13:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/24 12:36:36 | 000,319,488 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\CONFIG\DVMExportService.exe -- (MDES)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/08 16:16:34 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/12/06 05:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/12/06 04:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/17 19:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/08/19 09:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Pro Webcam C910(UVC)
DRV:64bit: - [2011/08/19 09:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/08/19 09:27:22 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/23 11:11:28 | 000,394,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/08/20 03:45:28 | 000,654,720 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2010/08/20 03:44:48 | 000,943,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/05/05 16:38:26 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2009/07/16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 11:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/05/12 00:49:10 | 000,178,728 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2008/04/03 09:02:16 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV - [2012/02/08 21:18:52 | 000,035,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57B901B1-74D8-4E6E-B772-A3DBC5E7D85E}\MpKsl72f25df7.sys -- (MpKsl72f25df7)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 4C 0F 58 8D E5 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\s1m0n\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\s1m0n\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/02/07 14:01:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/07 13:21:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/07 14:58:31 | 000,000,000 | ---D | M]

[2012/02/07 13:21:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\s1m0n\AppData\Roaming\Mozilla\Extensions
[2012/02/07 13:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/29 17:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/01/29 15:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 15:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\s1m0n\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\s1m0n\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\s1m0n\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\s1m0n\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\s1m0n\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\s1m0n\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/08 21:09:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [Aim] E:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [Infium] E:\Program Files\QIP 2010\qip.exe (QIP)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.14.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAD6EBC1-9E99-4501-86F3-557970E0CB69}: DhcpNameServer = 192.168.14.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/08 21:37:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\s1m0n\Desktop\OTL.exe
[2012/02/08 21:27:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/02/08 21:16:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/08 21:12:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/08 21:03:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/08 21:03:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/08 21:03:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/08 21:03:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/08 20:57:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/08 20:54:20 | 004,399,064 | R--- | C] (Swearware) -- C:\Users\s1m0n\Desktop\ComboFix.exe
[2012/02/08 20:42:14 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\s1m0n\Desktop\boot_cleaner.exe
[2012/02/08 20:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/02/08 20:35:14 | 000,000,000 | ---D | C] -- C:\ATI
[2012/02/08 20:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/02/08 20:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/02/08 20:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2012/02/08 20:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2012/02/08 20:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2012/02/08 20:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2012/02/08 20:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012/02/08 20:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
[2012/02/08 20:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2012/02/08 20:19:55 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\Documents\DriverGenius
[2012/02/08 20:11:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DriverGenius
[2012/02/08 20:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2012/02/08 20:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Genius
[2012/02/08 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Frameworkx.com
[2012/02/08 20:04:46 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Frameworkx
[2012/02/08 20:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\Frameworkx
[2012/02/08 19:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2012/02/08 19:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus
[2012/02/08 19:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Analog Devices
[2012/02/08 17:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Gate
[2012/02/08 17:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Express Gate
[2012/02/08 17:16:32 | 000,000,000 | ---D | C] -- C:\ASUS.SYS
[2012/02/08 17:16:29 | 000,000,000 | -H-D | C] -- C:\dvmexp
[2012/02/08 17:16:29 | 000,000,000 | ---D | C] -- C:\temp
[2012/02/08 17:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2012/02/08 17:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2012/02/08 17:10:14 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
[2012/02/08 17:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marvell
[2012/02/08 17:06:04 | 000,000,000 | ---D | C] -- C:\Windows\AsusInstAll
[2012/02/08 17:00:04 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\URSoft
[2012/02/08 17:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/02/08 16:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
[2012/02/08 16:59:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Your Uninstaller! 7
[2012/02/08 16:58:39 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/02/08 16:58:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2012/02/08 16:58:37 | 001,503,232 | ---- | C] (Creative) -- C:\Windows\SysWow64\adi_oal.dll
[2012/02/08 16:58:36 | 001,828,352 | ---- | C] (Creative) -- C:\Windows\SysNative\adi_oal.dll
[2012/02/08 16:57:47 | 000,174,592 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFProc64.dll
[2012/02/08 16:57:47 | 000,122,880 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFFXCPStr.dll
[2012/02/08 16:57:47 | 000,078,848 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFSAPO64.dll
[2012/02/08 16:57:46 | 000,163,840 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFCTPL64.dll
[2012/02/08 16:57:46 | 000,078,336 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFHAPO64.dll
[2012/02/08 16:57:46 | 000,069,120 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFComm64.dll
[2012/02/08 16:57:46 | 000,059,392 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFMAPO64.dll
[2012/02/08 16:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/02/08 16:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/02/08 16:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/02/08 16:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/02/08 16:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/02/08 16:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/02/08 16:25:23 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Microsoft Help
[2012/02/08 16:25:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/02/08 16:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/02/08 16:25:08 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/02/08 16:16:35 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Passware
[2012/02/08 16:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passware
[2012/02/08 16:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Passware
[2012/02/08 16:16:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/02/08 16:15:55 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\DAEMON Tools Lite
[2012/02/08 16:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012/02/08 15:10:25 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012/02/08 15:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/02/08 15:08:52 | 000,000,000 | ---D | C] -- C:\Intel
[2012/02/08 15:03:22 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\{3F9337FF-02B7-4CD0-B703-191E08E2B787}
[2012/02/08 15:03:12 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\{80A1A57C-2727-4C83-805D-6298DEE7AE12}
[2012/02/08 15:00:29 | 000,014,592 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysNative\drivers\AiCharger.sys
[2012/02/08 15:00:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/02/08 15:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012/02/08 15:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/02/08 14:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2012/02/08 14:24:18 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\ElevatedDiagnostics
[2012/02/07 23:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/07 23:49:18 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/07 23:49:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/07 23:31:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ru-RU
[2012/02/07 23:31:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ru
[2012/02/07 23:31:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2012/02/07 23:31:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ru
[2012/02/07 23:31:12 | 000,000,000 | ---D | C] -- C:\Windows\ru-RU
[2012/02/07 23:28:09 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\ru-RU\pscr.sys.mui
[2012/02/07 23:28:01 | 000,002,560 | ---- | C] (Корпорация Майкрософт) -- C:\Windows\SysNative\drivers\ru-RU\mountmgr.sys.mui
[2012/02/07 23:27:58 | 000,002,560 | ---- | C] (Корпорация Майкрософт) -- C:\Windows\SysNative\drivers\ru-RU\volmgrx.sys.mui
[2012/02/07 23:27:57 | 000,010,752 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ru-RU\BrSerId.sys.mui
[2012/02/07 23:27:57 | 000,010,752 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ru-RU\BrSerIb.sys.mui
[2012/02/07 23:27:57 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ru-RU\BrParwdm.sys.mui
[2012/02/07 23:26:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2012/02/07 23:26:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\he-IL
[2012/02/07 23:26:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\he
[2012/02/07 23:26:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\he
[2012/02/07 23:26:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2012/02/07 23:26:11 | 000,000,000 | ---D | C] -- C:\Windows\he-IL
[2012/02/07 23:22:41 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\he-IL\pscr.sys.mui
[2012/02/07 23:22:20 | 000,008,704 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\he-IL\BrSerId.sys.mui
[2012/02/07 23:22:20 | 000,008,704 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\he-IL\BrSerIb.sys.mui
[2012/02/07 23:22:20 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\he-IL\BrParwdm.sys.mui
[2012/02/07 22:28:12 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/02/07 22:23:54 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/02/07 22:23:41 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/02/07 22:22:25 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/02/07 22:22:12 | 000,000,000 | ---D | C] -- C:\Boot
[2012/02/07 20:55:24 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/07 20:31:15 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Malwarebytes
[2012/02/07 20:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/07 20:29:51 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\s1m0n\Desktop\TDSSKiller.exe
[2012/02/07 19:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/02/07 19:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/02/07 19:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2012/02/07 19:37:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/02/07 19:36:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/02/07 19:33:59 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012/02/07 19:33:54 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012/02/07 19:23:00 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\Documents\My Received Files
[2012/02/07 15:12:07 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\AIM
[2012/02/07 15:12:07 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\acccore
[2012/02/07 15:10:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/02/07 15:07:50 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\{335CCFA5-AE7D-4BB8-B4C6-99E2C71FCA45}
[2012/02/07 15:07:40 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\{01CE22F7-C3CE-41BD-B87F-E7D52F0188C0}
[2012/02/07 15:07:28 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\Tracing
[2012/02/07 15:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012/02/07 15:04:54 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/02/07 15:03:34 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Windows Live
[2012/02/07 15:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012/02/07 14:58:31 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2012/02/07 14:58:30 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Winamp
[2012/02/07 14:04:50 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\WinRAR
[2012/02/07 14:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2012/02/07 14:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2012/02/07 14:01:55 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\Documents\My RoboForm Data
[2012/02/07 13:42:20 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Google
[2012/02/07 13:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/02/07 13:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/02/07 13:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/02/07 13:26:58 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\ATI
[2012/02/07 13:26:58 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\ATI
[2012/02/07 13:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/02/07 13:21:30 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Mozilla
[2012/02/07 13:21:30 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Mozilla
[2012/02/07 13:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/02/07 13:18:55 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/07 13:18:32 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Google
[2012/02/07 13:18:25 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Deployment
[2012/02/07 13:18:25 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Apps
[2012/02/07 13:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
[2012/02/07 13:15:28 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Logitech® Webcam Software
[2012/02/07 13:12:10 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Leadertech
[2012/02/07 13:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012/02/07 13:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LWS
[2012/02/07 13:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/02/07 13:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2012/02/07 13:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012/02/07 13:09:37 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Skype
[2012/02/07 13:09:32 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/02/07 13:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/07 13:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/02/07 13:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/02/07 13:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2012/02/07 13:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2012/02/07 13:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/02/07 13:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/02/07 13:06:24 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/02/07 13:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/02/07 13:04:55 | 000,000,000 | ---D | C] -- C:\AMD
[2012/02/07 12:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/02/07 12:51:05 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Macromedia
[2012/02/07 12:50:10 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/02/07 12:46:58 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/02/07 12:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/02/07 12:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012/02/07 12:46:14 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\DisplayFusion
[2012/02/07 12:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
[2012/02/07 12:46:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DisplayFusion
[2012/02/07 12:46:02 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\Documents\DisplayFusion Backups
[2012/02/07 12:45:11 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Adobe
[2012/02/07 12:44:17 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/02/07 12:44:17 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Searches
[2012/02/07 12:44:17 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/02/07 12:44:17 | 000,000,000 | -H-D | C] -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/02/07 12:44:10 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Identities
[2012/02/07 12:44:09 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Contacts
[2012/02/07 12:44:06 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\VirtualStore
[2012/02/07 12:44:03 | 000,000,000 | --SD | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft
[2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Videos
[2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Saved Games
[2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Pictures
[2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Music
[2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Links
[2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Favorites
[2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Downloads
[2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Documents
[2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\Desktop

 

[s1m0n]

otl part2

[2012/02/07 12:44:03 | 000,000,000 | R--D | C] -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\AppData\Local\Temporary Internet Files
[2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\Templates
[2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\Start Menu
[2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\SendTo
[2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\Recent
[2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\PrintHood
[2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\NetHood
[2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\Documents\My Videos
[2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\Documents\My Pictures
[2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\Documents\My Music
[2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\My Documents
[2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\Local Settings
[2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\AppData\Local\History
[2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\Cookies
[2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\Application Data
[2012/02/07 12:44:03 | 000,000,000 | -HSD | C] -- C:\Users\s1m0n\AppData\Local\Application Data
[2012/02/07 12:44:03 | 000,000,000 | -H-D | C] -- C:\Users\s1m0n\AppData
[2012/02/07 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Temp
[2012/02/07 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Local\Microsoft
[2012/02/07 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\s1m0n\AppData\Roaming\Media Center Programs
[2012/02/07 12:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/02/07 12:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/02/07 12:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/02/07 12:40:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/02/07 12:40:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/02/07 12:40:40 | 002,129,408 | ---- | C] (Python Software Foundation) -- C:\Windows\SysWow64\python31.dll
[2012/02/07 12:40:40 | 001,017,344 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2012/02/07 12:40:40 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/02/07 12:40:40 | 000,312,848 | ---- | C] (AutoIt Team) -- C:\Windows\SysWow64\AutoItX3.dll
[2012/02/07 12:40:40 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2012/02/07 12:40:40 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libssl32.dll
[2012/02/07 12:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/07 12:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/02/07 12:38:43 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/02/07 12:38:13 | 000,000,000 | ---D | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2012/02/08 21:37:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\s1m0n\Desktop\OTL.exe
[2012/02/08 21:25:56 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012/02/08 21:23:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-75002929-81291-3837428588-1001UA.job
[2012/02/08 21:20:00 | 002,115,442 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/08 21:20:00 | 000,724,372 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2012/02/08 21:20:00 | 000,662,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/08 21:20:00 | 000,392,632 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2012/02/08 21:20:00 | 000,150,310 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2012/02/08 21:20:00 | 000,122,024 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/08 21:20:00 | 000,084,730 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2012/02/08 21:16:10 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/08 21:15:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/08 21:15:31 | 1066,754,046 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/08 21:14:09 | 000,010,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/08 21:14:09 | 000,010,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/08 21:14:09 | 000,000,038 | ---- | M] () -- C:\dvmaccounts.ini
[2012/02/08 21:09:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/08 21:09:33 | 000,281,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/08 20:54:23 | 004,399,064 | R--- | M] (Swearware) -- C:\Users\s1m0n\Desktop\ComboFix.exe
[2012/02/08 20:52:34 | 000,000,512 | ---- | M] () -- C:\Users\s1m0n\Desktop\MBR.dat
[2012/02/08 20:51:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/08 20:34:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/02/08 20:21:46 | 000,001,195 | ---- | M] () -- C:\Users\s1m0n\Desktop\Driver Genius Professional Edition.lnk
[2012/02/08 19:10:26 | 106,838,448 | ---- | M] () -- C:\Users\s1m0n\Desktop\tigol.mp3
[2012/02/08 17:16:55 | 000,035,982 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2012/02/08 17:12:37 | 000,000,670 | ---- | M] () -- C:\Windows\setup.iss
[2012/02/08 17:00:03 | 000,001,060 | ---- | M] () -- C:\Users\s1m0n\Desktop\Uninstaller!.lnk
[2012/02/08 16:58:39 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/02/08 16:54:48 | 000,025,261 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012/02/08 16:16:48 | 000,001,013 | ---- | M] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Asterisk Key.lnk
[2012/02/08 16:16:34 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2012/02/08 16:16:34 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/02/08 15:33:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/02/08 15:08:52 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012/02/08 13:23:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-75002929-81291-3837428588-1001Core.job
[2012/02/07 23:49:21 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\MBytes.lnk
[2012/02/07 23:39:11 | 000,000,512 | ---- | M] () -- C:\Users\s1m0n\Documents\MBR.dat
[2012/02/07 23:31:03 | 000,336,704 | ---- | M] () -- C:\Windows\SysNative\perfi019.dat
[2012/02/07 23:31:03 | 000,039,446 | ---- | M] () -- C:\Windows\SysNative\perfd019.dat
[2012/02/07 23:26:03 | 000,229,316 | ---- | M] () -- C:\Windows\SysNative\perfi00D.dat
[2012/02/07 23:26:03 | 000,032,166 | ---- | M] () -- C:\Windows\SysNative\perfd00D.dat
[2012/02/07 22:29:06 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/02/07 22:29:06 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/02/07 22:22:13 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/02/07 20:17:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/02/07 19:38:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/07 19:38:20 | 000,795,928 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/07 15:15:45 | 000,001,111 | ---- | M] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader - Shortcut.lnk
[2012/02/07 15:15:44 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\s1m0n\Desktop\TDSSKiller.exe
[2012/02/07 15:01:47 | 000,000,668 | ---- | M] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/02/07 14:53:13 | 000,001,118 | ---- | M] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/07 14:53:10 | 000,002,300 | ---- | M] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/07 13:26:41 | 000,001,425 | ---- | M] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/07 13:25:33 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/02/07 13:18:35 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/07 13:18:32 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/07 13:16:12 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/02/07 13:11:47 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2012/02/07 13:09:37 | 000,000,410 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/02/07 13:09:37 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD7820N.DAT
[2012/02/07 12:44:37 | 000,000,355 | ---- | M] () -- C:\Users\s1m0n\Desktop\Computer.lnk
[2012/02/05 06:15:43 | 000,001,387 | ---- | M] () -- C:\Users\s1m0n\Desktop\LockIt!.lnk

========== Files Created - No Company Name ==========

[2012/02/08 21:03:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/08 21:03:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/08 21:03:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/08 21:03:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/08 21:03:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/08 20:34:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/02/08 20:21:46 | 000,001,195 | ---- | C] () -- C:\Users\s1m0n\Desktop\Driver Genius Professional Edition.lnk
[2012/02/08 19:42:15 | 000,000,038 | ---- | C] () -- C:\dvmaccounts.ini
[2012/02/08 19:09:48 | 106,838,448 | ---- | C] () -- C:\Users\s1m0n\Desktop\tigol.mp3
[2012/02/08 17:26:41 | 000,000,177 | -H-- | C] () -- C:\dvmexp.idx
[2012/02/08 17:12:00 | 000,000,670 | ---- | C] () -- C:\Windows\setup.iss
[2012/02/08 17:00:03 | 000,001,060 | ---- | C] () -- C:\Users\s1m0n\Desktop\Uninstaller!.lnk
[2012/02/08 16:54:59 | 000,035,982 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/02/08 16:54:39 | 000,025,261 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/02/08 16:16:48 | 000,001,013 | ---- | C] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Asterisk Key.lnk
[2012/02/08 16:16:34 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2012/02/08 16:16:34 | 000,001,938 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/02/08 16:01:43 | 000,015,416 | ---- | C] () -- C:\Windows\SysNative\drivers\ASACPI.sys
[2012/02/08 15:33:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/02/08 15:27:53 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/02/08 15:27:53 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/02/08 15:27:53 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2012/02/08 15:08:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/02/07 23:49:21 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\MBytes.lnk
[2012/02/07 23:39:21 | 000,000,512 | ---- | C] () -- C:\Users\s1m0n\Desktop\MBR.dat
[2012/02/07 23:39:11 | 000,000,512 | ---- | C] () -- C:\Users\s1m0n\Documents\MBR.dat
[2012/02/07 23:32:21 | 000,724,372 | ---- | C] () -- C:\Windows\SysNative\perfh019.dat
[2012/02/07 23:32:21 | 000,336,704 | ---- | C] () -- C:\Windows\SysNative\perfi019.dat
[2012/02/07 23:32:21 | 000,150,310 | ---- | C] () -- C:\Windows\SysNative\perfc019.dat
[2012/02/07 23:32:21 | 000,039,446 | ---- | C] () -- C:\Windows\SysNative\perfd019.dat
[2012/02/07 23:27:22 | 000,392,632 | ---- | C] () -- C:\Windows\SysNative\perfh00D.dat
[2012/02/07 23:27:22 | 000,229,316 | ---- | C] () -- C:\Windows\SysNative\perfi00D.dat
[2012/02/07 23:27:22 | 000,084,730 | ---- | C] () -- C:\Windows\SysNative\perfc00D.dat
[2012/02/07 23:27:22 | 000,032,166 | ---- | C] () -- C:\Windows\SysNative\perfd00D.dat
[2012/02/07 22:28:50 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/02/07 22:28:45 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/02/07 22:23:41 | 1066,754,046 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/07 22:22:13 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012/02/07 22:22:12 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012/02/07 20:17:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/02/07 19:38:23 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/02/07 19:38:17 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/07 19:34:30 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2012/02/07 19:34:22 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012/02/07 19:33:51 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012/02/07 19:33:49 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012/02/07 19:33:49 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012/02/07 19:33:45 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2012/02/07 19:33:45 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012/02/07 18:34:18 | 000,001,387 | ---- | C] () -- C:\Users\s1m0n\Desktop\LockIt!.lnk
[2012/02/07 15:15:45 | 000,001,111 | ---- | C] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader - Shortcut.lnk
[2012/02/07 15:05:57 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/02/07 14:58:31 | 000,000,668 | ---- | C] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/02/07 14:53:13 | 000,001,118 | ---- | C] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/07 14:53:10 | 000,002,300 | ---- | C] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/07 13:41:52 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/07 13:41:51 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/07 13:25:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/07 13:21:27 | 000,001,130 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/07 13:18:35 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/07 13:18:33 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-75002929-81291-3837428588-1001UA.job
[2012/02/07 13:18:32 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/07 13:18:32 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-75002929-81291-3837428588-1001Core.job
[2012/02/07 13:16:12 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/02/07 13:11:47 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2012/02/07 13:09:37 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/02/07 13:09:37 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7820N.DAT
[2012/02/07 12:45:06 | 000,001,425 | ---- | C] () -- C:\Users\s1m0n\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/07 12:44:37 | 000,000,355 | ---- | C] () -- C:\Users\s1m0n\Desktop\Computer.lnk
[2012/02/07 12:44:20 | 000,001,397 | ---- | C] () -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/02/07 12:44:19 | 000,001,431 | ---- | C] () -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/02/07 12:42:59 | 000,795,928 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/07 12:40:40 | 000,921,665 | ---- | C] () -- C:\Windows\SysWow64\msvcrt-ruby18.dll
[2012/02/07 12:40:40 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\vbrun100.dll
[2012/02/07 12:40:40 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
[2012/02/07 12:40:40 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\pythonw.exe
[2012/02/07 12:40:40 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\python.exe
[2012/02/07 12:40:40 | 000,020,537 | ---- | C] () -- C:\Windows\SysWow64\rubyw.exe
[2012/02/07 12:40:40 | 000,020,536 | ---- | C] () -- C:\Windows\SysWow64\ruby.exe
[2011/12/06 04:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/12/06 04:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/12/01 18:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2007/12/28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2012/02/07 15:12:17 | 000,000,000 | ---D | M] -- C:\Users\s1m0n\AppData\Roaming\acccore
[2012/02/08 16:22:11 | 000,000,000 | ---D | M] -- C:\Users\s1m0n\AppData\Roaming\DAEMON Tools Lite
[2012/02/07 20:28:08 | 000,000,000 | ---D | M] -- C:\Users\s1m0n\AppData\Roaming\DisplayFusion
[2012/02/07 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\s1m0n\AppData\Roaming\Leadertech
[2012/02/08 17:00:04 | 000,000,000 | ---D | M] -- C:\Users\s1m0n\AppData\Roaming\URSoft
[2009/07/14 07:08:49 | 000,008,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/11/20 14:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2012/02/07 22:22:13 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/02/08 21:12:50 | 000,027,768 | ---- | M] () -- C:\ComboFix.txt
[2012/02/08 21:14:09 | 000,000,038 | ---- | M] () -- C:\dvmaccounts.ini
[2012/02/08 21:25:56 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012/02/08 21:15:31 | 1066,754,046 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/08 21:15:37 | 4285,652,990 | -HS- | M] () -- C:\pagefile.sys
[2012/02/07 20:30:34 | 000,081,980 | ---- | M] () -- C:\TDSSKiller.2.7.10.0_07.02.2012_20.29.56_log.txt
[2012/02/07 20:55:33 | 000,083,302 | ---- | M] () -- C:\TDSSKiller.2.7.10.0_07.02.2012_20.54.16_log.txt
[2012/02/07 23:03:03 | 000,086,444 | ---- | M] () -- C:\TDSSKiller.2.7.10.0_07.02.2012_22.59.25_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/02/07 13:26:41 | 000,000,221 | -HS- | M] () -- C:\Users\s1m0n\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\s1m0n\Desktop\boot_cleaner.exe
[2012/02/08 20:54:23 | 004,399,064 | R--- | M] (Swearware) -- C:\Users\s1m0n\Desktop\ComboFix.exe
[2012/02/08 21:37:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\s1m0n\Desktop\OTL.exe
[2012/02/07 15:15:44 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\s1m0n\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 23:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/07 20:17:11 | 000,000,402 | -HS- | M] () -- C:\Users\s1m0n\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:1CE11B51

< End of report >

 

[s1m0n]

Extras1

OTL Extras logfile created on: 2/8/2012 9:46:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\s1m0n\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 9.69 Gb Available Physical Memory | 80.80% Memory free
23.98 Gb Paging File | 21.62 Gb Available in Paging File | 90.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.56 Gb Total Space | 48.43 Gb Free Space | 49.65% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 599.05 Gb Free Space | 32.15% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 735.21 Gb Free Space | 39.46% Space Free | Partition Type: NTFS
Drive F: | 465.75 Gb Total Space | 407.18 Gb Free Space | 87.42% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 69.51 Mb Free Space | 69.51% Space Free | Partition Type: NTFS
Drive H: | 833.76 Gb Total Space | 282.40 Gb Free Space | 33.87% Space Free | Partition Type: NTFS
Drive K: | 1863.01 Gb Total Space | 977.94 Gb Free Space | 52.49% Space Free | Partition Type: NTFS

Computer Name: S1M0N-PC | User Name: s1m0n | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{9E3B2120-0BD8-9865-0387-E9BAC2A53AD3}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BE882A12-5A45-3DFF-9FD0-306DE65EB8A5}" = AMD Catalyst Install Manager
"{C7311329-C491-427B-8880-133E84869B3A}" = Vista Shortcut Manager x64
"{C9378F0F-B547-5506-165D-98F235F11514}" = ATI AVIVO64 Codecs
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers

 

[s1m0n]

extras2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
"{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
"{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{32394A59-A39C-4C90-A9A5-F16B0C7442E1}" = Express Gate Tools
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
"{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
"{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7FB64E72-9B0E-4460-A821-040C341E414A}" = ASUS Ai Charger
"{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy
"{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
"{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
"{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
"{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = Catalyst Control Center
"{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
"{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"AI RoboForm" = RoboForm 7-7-0 (All Users)
"asterisk key" = Asterisk Key 10.0
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.1
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"mv61xxDriver" = marvell 61xx
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"YU2010_is1" = Your Uninstaller! 7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2012 7:27:14 AM | Computer Name = s1m0n-PC | Source = SkypeUpdate | ID = 201
Description = File C:\Windows\TEMP\SKY115E.tmp has invalid version.

Error - 2/8/2012 10:16:23 AM | Computer Name = s1m0n-PC | Source = VSS | ID = 8194
Description =

Error - 2/8/2012 10:23:42 AM | Computer Name = s1m0n-PC | Source = MsiInstaller | ID = 11713
Description =

Error - 2/8/2012 10:51:14 AM | Computer Name = s1m0n-PC | Source = Application Error | ID = 1000
Description = Faulting application name: cc.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting
module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319 Exception
code: 0x0eedfade Fault offset: 0x0000b9bc Faulting process id: 0x208 Faulting application
start time: 0x01cce6711a501016 Faulting application path: C:\Users\s1m0n\AppData\Local\Temp\is-MUI4D.tmp\cc.exe
Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 58727899-5264-11e1-b62a-e0cb4e98f790

Error - 2/8/2012 11:38:21 AM | Computer Name = s1m0n-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

[ System Events ]
Error - 2/8/2012 10:28:50 AM | Computer Name = s1m0n-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
xhttp://go.microsoft.com/fwlink/?linkid=37020&name=TrojanOS/Alureon.E&threatid=2147650952

Name:
TrojanOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3
(Type 17) Detection Origin: %%845 Detection Type: %%822 Detection Source: %%820 User:
NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: %%808 Action
Status: To finish removing malware and other potentially unwanted software, restart
the computer. To see how to finish removing malware and other potentially unwanted
software, see the support article on the Microsoft Security website. Error Code:
0x800704ec Error description: This program is blocked by group policy. For more
information, contact your system administrator. Signature Version: AV: 1.119.1486.0,
AS: 1.119.1486.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.8001.0, NIS: 2.0.7707.0

Error - 2/8/2012 10:49:53 AM | Computer Name = s1m0n-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
xhttp://go.microsoft.com/fwlink/?linkid=37020&name=TrojanOS/Alureon.E&threatid=2147650952

Name:
TrojanOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: System Action: %%808 Action Status: To finish removing malware and other potentially
unwanted software, restart the computer. To see how to finish removing malware
and other potentially unwanted software, see the support article on the Microsoft
Security website. Error Code: 0x800704ec Error description: This program is blocked
by group policy. For more information, contact your system administrator. Signature
Version: AV: 1.119.1558.0, AS: 1.119.1558.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.8001.0,

 

[s1m0n]

extras3

NIS: 2.0.7707.0

Error - 2/8/2012 10:54:04 AM | Computer Name = s1m0n-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 2/8/2012 11:04:02 AM | Computer Name = s1m0n-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
xhttp://go.microsoft.com/fwlink/?linkid=37020&name=TrojanOS/Alureon.E&threatid=2147650952

Name:
TrojanOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3
(Type 17) Detection Origin: %%845 Detection Type: %%822 Detection Source: %%820 User:
NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: %%808 Action
Status: To finish removing malware and other potentially unwanted software, restart
the computer. To see how to finish removing malware and other potentially unwanted
software, see the support article on the Microsoft Security website. Error Code:
0x800704ec Error description: This program is blocked by group policy. For more
information, contact your system administrator. Signature Version: AV: 1.119.1558.0,
AS: 1.119.1558.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.8001.0, NIS: 2.0.7707.0

Error - 2/8/2012 11:15:33 AM | Computer Name = s1m0n-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 2/8/2012 11:25:29 AM | Computer Name = s1m0n-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
xhttp://go.microsoft.com/fwlink/?linkid=37020&name=TrojanOS/Alureon.E&threatid=2147650952

Name:
TrojanOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3
(Type 17) Detection Origin: %%845 Detection Type: %%822 Detection Source: %%820 User:
NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: %%808 Action
Status: To finish removing malware and other potentially unwanted software, restart
the computer. To see how to finish removing malware and other potentially unwanted
software, see the support article on the Microsoft Security website. Error Code:
0x800704ec Error description: This program is blocked by group policy. For more
information, contact your system administrator. Signature Version: AV: 1.119.1558.0,
AS: 1.119.1558.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.8001.0, NIS: 2.0.7707.0

Error - 2/8/2012 11:45:47 AM | Computer Name = s1m0n-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
xhttp://go.microsoft.com/fwlink/?linkid=37020&name=TrojanOS/Alureon.E&threatid=2147650952

Name:
TrojanOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: System Action: %%808 Action Status: To finish removing malware and other potentially
unwanted software, restart the computer. To see how to finish removing malware
and other potentially unwanted software, see the support article on the Microsoft
Security website. Error Code: 0x800704ec Error description: This program is blocked
by group policy. For more information, contact your system administrator. Signature
Version: AV: 1.119.1558.0, AS: 1.119.1558.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.8001.0,
NIS: 2.0.7707.0

Error - 2/8/2012 12:23:50 PM | Computer Name = s1m0n-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume F: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 2/8/2012 3:06:05 PM | Computer Name = s1m0n-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/8/2012 3:07:50 PM | Computer Name = s1m0n-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

 

[Broni]

You didn't say:

Any current issues?

OTL log is perfectly clean.

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

=============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[s1m0n]

No i see no special issues, all is good and i`m happy:


Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 30
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

others are comming in few min.

 

[s1m0n]

Farbar Service Scanner Version: 08-02-2012
Ran by s1m0n (administrator) on 08-02-2012 at 23:10:01
Running from "C:\Users\s1m0n\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****