TechSpot

Windows Vista Anti Virus 2012. Recovery process(All logs pasted)

By nirvanafr3ak
Jun 16, 2011
  1. Hi, I recently got infected by this rogue anti virus. I didn't have any protection software and I got infected while browsing a trusted site. (blizzard.com)

    In my case, the malware did not allow me to use the internet and blocked most programs. System restore was blocked and when I got trough the restore did not help. Furthermore, it blocked most programs from opening, whether in safe mode or not. I managed to active Super anti spyware and run the scan using run as administrator. It helped somewhat and it gave me access to the internet(google searches were being redirected still and .exe got "open with" prompt). I proceeded to download Malware bytes and Avira. After several scans I now have the situation more in control. The pop ups no longer appear and websites are not being redirected. However, the computer is running a little slower than normal and every once in a while Malware bytes blocks something and blocks many websites found trough Google. (yet if I try a bookmark of the same website it won't block it). Finally, while browsing I sometimes get tab opened with Anti Virus 2012 scan bar running.

    This obviously means that there are still left over files I need to get rid of. Here are all my logs according to the 7 step guide. Thank you very much.
     
  2. nirvanafr3ak

    nirvanafr3ak TS Rookie Topic Starter Posts: 23

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6869

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    6/16/2011 8:32:52 AM
    mbam-log-2011-06-16 (08-32-52).txt

    Scan type: Quick scan
    Objects scanned: 171943
    Time elapsed: 3 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 4
    Folders Infected: 1
    Files Infected: 8

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Ruben\AppData\Local\imy.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Ruben\AppData\Local\imy.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Ruben\AppData\Local\imy.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\Ruben\AppData\Local\imy.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

    Folders Infected:
    c:\programdata\macromedia\swfupdate (Trojan.Agent) -> Delete on reboot.

    Files Infected:
    c:\Users\Ruben\AppData\Local\Temp\23EE.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
    c:\Windows\Temp\gfxp\setup.exe (Rogue.SecurityShield) -> Quarantined and deleted successfully.
    c:\Windows\Temp\uabg\out5sd.exe (Adware.Agent) -> Quarantined and deleted successfully.
    c:\Windows\Temp\uabg\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\programdata\macromedia\swfupdate\Ui.dtd (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\programdata\macromedia\swfupdate\flagunit.dtd (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\programdata\macromedia\swfupdate\h64data.dtd (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\programdata\macromedia\swfupdate\localssettings.dtd (Trojan.Agent) -> Quarantined and deleted successfully.



    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-16 15:43:50
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6 ST3500630AS rev.3.AAK
    Running: ztcsxo41.exe; Driver: C:\Users\Ruben\AppData\Local\Temp\uxldqpob.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  3. nirvanafr3ak

    nirvanafr3ak TS Rookie Topic Starter Posts: 23

    .
    DDS (Ver_2011-06-12.02) - NTFSx86
    Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_20
    Run by Ruben at 15:47:36 on 2011-06-16
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3326.1860 [GMT -4:00]
    .
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\lxedcoms.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
    C:\Windows\system32\NLSSRV32.EXE
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\PnkBstrB.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k regsvc
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Razer\Lycosa\razerhid.exe
    C:\Program Files\Lexmark S600 Series\lxedmon.exe
    C:\Program Files\Lexmark S600 Series\ezprint.exe
    C:\Program Files\Razer\DeathAdder\razerhid.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Razer\DeathAdder\razertra.exe
    C:\Program Files\Razer\DeathAdder\razerofa.exe
    C:\Program Files\Razer\Lycosa\razertra.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.att.net
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
    uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi2.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
    mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi2.dll
    BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi2.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
    TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi2.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [Lycosa] "c:\program files\razer\lycosa\razerhid.exe"
    mRun: [lxedmon.exe] "c:\program files\lexmark s600 series\lxedmon.exe"
    mRun: [EzPrint] "c:\program files\lexmark s600 series\ezprint.exe"
    mRun: [<NO NAME>]
    mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
    mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 68.87.74.166 68.87.68.166
    TCP: Interfaces\{B7E800DF-589F-41A0-95DC-11271EBAACED} : DhcpNameServer = 68.87.74.166 68.87.68.166
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\ruben\appdata\roaming\mozilla\firefox\profiles\85ycv5pw.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://google.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\users\ruben\appdata\roaming\mozilla\firefox\profiles\85ycv5pw.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
    FF - plugin: c:\users\ruben\appdata\roaming\mozilla\firefox\profiles\85ycv5pw.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
    FF - plugin: c:\users\ruben\appdata\roaming\mozilla\firefox\profiles\85ycv5pw.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-16 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-16 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-16 61960]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-3-17 86280]
    R2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe -service --> c:\windows\system32\lxedcoms.exe -service [?]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-15 366640]
    R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-3-21 196928]
    R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
    R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-8-2 22784]
    R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-1-18 16128]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-15 22712]
    R3 vHidDev;Razer Gaming Device;c:\windows\system32\drivers\vHidDev.sys [2011-1-3 5760]
    S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [2010-6-1 240128]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-9 135664]
    S2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxedserv.exe [2010-11-22 193192]
    S3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2011-1-3 39936]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-9 135664]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-15 39984]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-11-3 81680]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 Firefox Service;Firefox Service;c:\users\ruben\appdata\roaming\mozilla\firefox\profiles\85ycv5pw.default\extensions\startup.service@mozilla.com\svc.exe [2011-3-23 83456]
    S4 OrbisClient.Services;LabSim Configuration and Security;c:\program files\testout\orbis\OrbisClient.Services.exe [2009-3-23 13824]
    .
    =============== Created Last 30 ================
    .
    2011-06-16 12:41:43 -------- d-----w- c:\users\ruben\appdata\roaming\Avira
    2011-06-16 12:39:52 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-06-16 12:39:52 -------- d-----w- c:\programdata\Avira
    2011-06-16 12:39:52 -------- d-----w- c:\program files\Avira
    2011-06-16 02:19:26 -------- d-----w- c:\users\ruben\appdata\roaming\Malwarebytes
    2011-06-16 02:18:38 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-16 02:18:38 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-16 02:18:35 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-16 02:18:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-16 01:40:13 305152 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-06-16 01:40:13 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-16 01:40:13 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-16 01:40:09 2041856 ----a-w- c:\windows\system32\win32k.sys
    2011-06-16 01:40:03 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-06-16 01:40:00 292864 ----a-w- c:\windows\system32\atmfd.dll
    2011-06-16 01:39:59 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-06-16 01:39:55 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-16 01:39:55 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-06-16 01:39:55 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-16 01:39:55 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-16 01:39:50 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2011-06-16 01:39:49 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-06-16 01:39:24 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-06-16 01:39:23 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-06-16 01:39:11 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-06-16 00:19:12 5890896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4345ef20-5502-416f-bcc8-b1b54d9aca41}\mpengine.dll
    2011-06-12 22:07:44 -------- d-----w- c:\programdata\mP28621EnNfJ28621
    2011-06-12 21:59:03 -------- d-----w- c:\programdata\Tarma Installer
    2011-06-12 21:57:15 -------- d-----w- c:\users\ruben\appdata\roaming\4B59BA72F51519CB4E2F220CE91F6F56
    2011-06-12 17:33:11 -------- d-----w- c:\users\ruben\appdata\roaming\GARMIN
    2011-06-12 17:33:04 -------- d-----w- c:\program files\Garmin GPS Plugin
    2011-06-11 17:02:15 -------- d-----w- c:\program files\iPod(5)
    2011-06-07 16:35:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2011-06-07 16:35:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2011-06-02 21:58:49 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
    2011-06-02 21:58:49 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
    2011-06-02 21:58:24 -------- d-----w- c:\program files\common files\Nitro PDF
    2011-06-02 21:58:21 -------- d-----w- c:\program files\Nitro PDF
    2011-06-02 21:56:37 -------- d-----w- c:\users\ruben\appdata\roaming\Downloaded Installations
    2011-06-02 21:53:25 116224 ----a-w- c:\windows\system32\pdfmonnt.dll
    2011-06-02 21:53:22 -------- d-----w- c:\windows\system32\psconv
    2011-06-02 21:53:22 -------- d-----w- c:\program files\psconvert
    2011-06-02 02:44:39 -------- d-----w- c:\program files\TuneUpMedia
    2011-06-02 02:18:52 -------- d-----w- c:\program files\iTunes
    2011-06-02 02:17:13 -------- d-----w- c:\program files\Bonjour
    2011-05-30 18:23:48 -------- d-----w- c:\program files\GamersFirst
    2011-05-24 22:52:36 -------- d-----w- C:\newFolder
    2011-05-24 22:34:39 -------- d-----w- C:\testFolder
    2011-05-24 21:02:53 -------- d-----w- c:\users\ruben\appdata\roaming\Thinstall
    2011-05-24 21:02:52 -------- d-----w- c:\users\ruben\appdata\local\Thinstall
    2011-05-21 19:10:31 -------- d-----w- c:\users\ruben\appdata\local\ElevatedDiagnostics
    2011-05-21 19:08:52 -------- d-----w- c:\program files\Microsoft ATS
    2011-05-21 01:32:54 -------- d-sh--w- c:\programdata\DSS
    2011-05-21 01:15:21 -------- d-----w- c:\users\ruben\appdata\roaming\Lionhead Studios
    2011-05-19 03:25:53 -------- d-----w- c:\program files\Zuxxez
    .
    ==================== Find3M ====================
    .
    2011-06-16 00:32:32 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-06-16 00:32:32 138056 ----a-w- c:\users\ruben\appdata\roaming\PnkBstrK.sys
    2011-06-16 00:32:13 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-06-16 00:31:59 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2011-06-16 00:31:53 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
    2011-05-30 21:56:27 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-05-21 01:26:34 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-05-16 17:51:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-04-08 11:28:58 41872 ----a-w- c:\windows\system32\xfcodec.dll
    2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-03-21 15:17:56 68928 ----a-w- c:\windows\system32\NLSSRV32.EXE
    .
    ============= FINISH: 15:48:22.53 ===============
     
  4. nirvanafr3ak

    nirvanafr3ak TS Rookie Topic Starter Posts: 23

    DDS (Ver_2011-06-12.02)
    .
    Microsoft® Windows Vista™ Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/1/2010 7:12:56 PM
    System Uptime: 6/16/2011 3:29:03 PM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5K-E
    Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz | LGA775 | 2997/333mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 71.025 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Description: Standard PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&23F9C1E3&0
    Manufacturer: (Standard keyboards)
    Name: Standard PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0
    Service: i8042prt
    .
    Class GUID:
    Description: SM Bus Controller
    Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_82771043&REV_02\3&11583659&0&FB
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_82771043&REV_02\3&11583659&0&FB
    Service:
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.5
    APB Reloaded
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Autoadmin
    Avira AntiVir Personal - Free Antivirus
    Bandisoft MPEG-1 Decoder
    Battle vs. Chess
    Battlefield Heroes
    Battlefield Heroes (PTE)
    Battlefield Play4Free
    BattleForge™
    BFH Ness Manager
    Bloodline Champions Beta
    Bonjour
    Champions Online
    Comcast Desktop Software (v1.2.0.9)
    Conduit Engine
    Conquer Online 2.0
    Dead Rising 2
    Desktop Doctor
    Dragon Age II
    Fable III
    Free PS Convert driver 8.15
    Game Booster
    Garena
    GIF Viewer 3.2
    Google Earth
    Google Update Helper
    Grand Theft Auto Vice City - Temptresses Screen Saver
    Guardians of Graxia and Map Pack version 1.5
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    iArtwork
    Internet Download Manager
    Java Auto Updater
    Java(TM) 6 Update 20
    K-Lite Codec Pack 6.0.4 (Basic)
    LabSim
    Left 4 Dead 2 Standalone Patch™
    Lexmark S600 Series
    Magic ISO Maker v5.5 (build 0281)
    Magic The Gathering - Battlegrounds
    Magic The Gathering - Duels of the Planeswalkers
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 3.1
    Monopoly by Parker Brothers
    MotioninJoy ds3 driver version 0.6.0001
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MyScribe
    Nitro PDF Professional
    NVIDIA 3D Vision Driver 260.99
    NVIDIA Control Panel 260.99
    NVIDIA Graphics Driver 260.99
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    NVIDIA Stereoscopic 3D Driver
    PunkBuster Services
    PVSonyDll
    QuickTime
    Razer DeathAdder(TM) Mouse
    Razer Lycosa
    REACTOR
    Realtek High Definition Audio Driver
    Red Dead Redemption Screen Saver
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Sid Meier's Civilization V
    StarCraft II
    StarCraft II Beta
    Steam
    SUPERAntiSpyware Professional
    TeamSpeak 3 Client
    The Sims Medieval
    The Sims™ 3
    The Sims™ 3 Ambitions
    The Sims™ 3 High-End Loft Stuff
    The Sims™ 3 World Adventures
    The Witcher 2
    Unlocker 1.9.0
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    Vector Magic
    Vindictus
    VLC media player 1.1.4
    VobSub v2.23 (Remove Only)
    Vuze
    Vuze Remote Toolbar
    Windows Live ID Sign-in Assistant
    WinRAR 4.00 (32-bit)
    Xfire (remove only)
    XfireXO Toolbar
    Xvid 1.2.2 final uninstall
    YouTube MP3 Downloader 2.1
     
  5. nirvanafr3ak

    nirvanafr3ak TS Rookie Topic Starter Posts: 23

    I am having trouble pasting the rest of attach.txt. I keep getting errors whenever I try to post saying "connection was reset". I tried several different amounts of text but I can only do about a paragraph or so.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. nirvanafr3ak

    nirvanafr3ak TS Rookie Topic Starter Posts: 23

    Thank you. Here it is.

    2011/06/16 23:12:56.0349 5456 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
    2011/06/16 23:12:56.0732 5456 ================================================================================
    2011/06/16 23:12:56.0733 5456 SystemInfo:
    2011/06/16 23:12:56.0733 5456
    2011/06/16 23:12:56.0733 5456 OS Version: 6.0.6002 ServicePack: 2.0
    2011/06/16 23:12:56.0733 5456 Product type: Workstation
    2011/06/16 23:12:56.0733 5456 ComputerName: NIRVANA
    2011/06/16 23:12:56.0733 5456 UserName: Ruben
    2011/06/16 23:12:56.0733 5456 Windows directory: C:\Windows
    2011/06/16 23:12:56.0733 5456 System windows directory: C:\Windows
    2011/06/16 23:12:56.0733 5456 Processor architecture: Intel x86
    2011/06/16 23:12:56.0733 5456 Number of processors: 2
    2011/06/16 23:12:56.0733 5456 Page size: 0x1000
    2011/06/16 23:12:56.0733 5456 Boot type: Normal boot
    2011/06/16 23:12:56.0733 5456 ================================================================================
    2011/06/16 23:12:57.0650 5456 Initialize success
    2011/06/16 23:13:09.0035 3624 ================================================================================
    2011/06/16 23:13:09.0035 3624 Scan started
    2011/06/16 23:13:09.0035 3624 Mode: Manual;
    2011/06/16 23:13:09.0035 3624 ================================================================================
    2011/06/16 23:13:09.0902 3624 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/06/16 23:13:09.0944 3624 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2011/06/16 23:13:09.0979 3624 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2011/06/16 23:13:10.0039 3624 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2011/06/16 23:13:10.0100 3624 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2011/06/16 23:13:10.0161 3624 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2011/06/16 23:13:10.0229 3624 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2011/06/16 23:13:10.0255 3624 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/06/16 23:13:10.0276 3624 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    2011/06/16 23:13:10.0299 3624 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2011/06/16 23:13:10.0339 3624 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    2011/06/16 23:13:10.0361 3624 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2011/06/16 23:13:10.0382 3624 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2011/06/16 23:13:10.0435 3624 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2011/06/16 23:13:10.0467 3624 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2011/06/16 23:13:10.0537 3624 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/06/16 23:13:10.0598 3624 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/06/16 23:13:10.0647 3624 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
    2011/06/16 23:13:10.0699 3624 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
    2011/06/16 23:13:10.0771 3624 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/06/16 23:13:10.0800 3624 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2011/06/16 23:13:10.0890 3624 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    2011/06/16 23:13:10.0920 3624 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/06/16 23:13:10.0974 3624 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/06/16 23:13:10.0998 3624 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/06/16 23:13:11.0020 3624 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/06/16 23:13:11.0063 3624 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/06/16 23:13:11.0078 3624 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/06/16 23:13:11.0164 3624 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/06/16 23:13:11.0228 3624 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/06/16 23:13:11.0283 3624 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/06/16 23:13:11.0348 3624 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
    2011/06/16 23:13:11.0391 3624 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/06/16 23:13:11.0472 3624 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/06/16 23:13:11.0521 3624 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/06/16 23:13:11.0545 3624 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    2011/06/16 23:13:11.0586 3624 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/06/16 23:13:11.0620 3624 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    2011/06/16 23:13:11.0668 3624 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
    2011/06/16 23:13:11.0696 3624 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2011/06/16 23:13:11.0761 3624 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2011/06/16 23:13:11.0866 3624 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
    2011/06/16 23:13:11.0957 3624 CYUSB (ec0cc1aa9abfe9a32daa66832cb06271) C:\Windows\system32\Drivers\CYUSB.sys
    2011/06/16 23:13:12.0000 3624 DAdderFltr (cb90f77e21109ccfd114a17bd87a42a7) C:\Windows\system32\drivers\dadder.sys
    2011/06/16 23:13:12.0073 3624 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2011/06/16 23:13:12.0172 3624 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/06/16 23:13:12.0218 3624 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/06/16 23:13:12.0273 3624 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/06/16 23:13:12.0313 3624 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/06/16 23:13:12.0437 3624 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/06/16 23:13:12.0479 3624 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2011/06/16 23:13:12.0585 3624 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    2011/06/16 23:13:12.0639 3624 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/06/16 23:13:12.0711 3624 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/06/16 23:13:12.0733 3624 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/06/16 23:13:12.0774 3624 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/06/16 23:13:12.0831 3624 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/06/16 23:13:12.0871 3624 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/06/16 23:13:12.0930 3624 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/06/16 23:13:12.0972 3624 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/06/16 23:13:12.0986 3624 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/06/16 23:13:13.0017 3624 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/06/16 23:13:13.0093 3624 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
    2011/06/16 23:13:13.0174 3624 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/06/16 23:13:13.0215 3624 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/06/16 23:13:13.0236 3624 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/06/16 23:13:13.0259 3624 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/06/16 23:13:13.0281 3624 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    2011/06/16 23:13:13.0333 3624 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/06/16 23:13:13.0451 3624 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2011/06/16 23:13:13.0525 3624 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/06/16 23:13:13.0595 3624 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2011/06/16 23:13:13.0701 3624 IDMWFP (49062ec28e2c619c266dcce67a2ea1b1) C:\Windows\system32\DRIVERS\idmwfp.sys
    2011/06/16 23:13:13.0725 3624 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/06/16 23:13:13.0765 3624 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/06/16 23:13:13.0831 3624 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/06/16 23:13:13.0852 3624 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/06/16 23:13:13.0894 3624 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    2011/06/16 23:13:13.0957 3624 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/06/16 23:13:13.0980 3624 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/06/16 23:13:14.0028 3624 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2011/06/16 23:13:14.0076 3624 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/06/16 23:13:14.0095 3624 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/06/16 23:13:14.0122 3624 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/06/16 23:13:14.0145 3624 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/06/16 23:13:14.0183 3624 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/06/16 23:13:14.0236 3624 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/06/16 23:13:14.0269 3624 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/06/16 23:13:14.0297 3624 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    2011/06/16 23:13:14.0356 3624 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    2011/06/16 23:13:14.0393 3624 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/06/16 23:13:14.0418 3624 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/06/16 23:13:14.0508 3624 LycoFltr (f90bde6e9c7b6015edf1dc99a97b00c9) C:\Windows\system32\Drivers\Lycosa.sys
    2011/06/16 23:13:14.0571 3624 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
    2011/06/16 23:13:14.0639 3624 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
    2011/06/16 23:13:14.0743 3624 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
    2011/06/16 23:13:14.0794 3624 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    2011/06/16 23:13:14.0861 3624 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    2011/06/16 23:13:14.0941 3624 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/06/16 23:13:14.0964 3624 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/06/16 23:13:15.0010 3624 MotioninJoyXFilter (d1a65145cda845048da97dd244a38d1d) C:\Windows\system32\DRIVERS\MijXfilt.sys
    2011/06/16 23:13:15.0038 3624 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/06/16 23:13:15.0060 3624 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/06/16 23:13:15.0110 3624 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/06/16 23:13:15.0132 3624 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    2011/06/16 23:13:15.0152 3624 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/06/16 23:13:15.0258 3624 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/06/16 23:13:15.0376 3624 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    2011/06/16 23:13:15.0441 3624 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    2011/06/16 23:13:15.0503 3624 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/06/16 23:13:15.0555 3624 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/06/16 23:13:15.0586 3624 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/06/16 23:13:15.0609 3624 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/06/16 23:13:15.0639 3624 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    2011/06/16 23:13:15.0661 3624 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    2011/06/16 23:13:15.0689 3624 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/06/16 23:13:15.0716 3624 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/06/16 23:13:15.0788 3624 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/06/16 23:13:15.0810 3624 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/06/16 23:13:15.0827 3624 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/06/16 23:13:15.0862 3624 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/06/16 23:13:15.0887 3624 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/06/16 23:13:15.0914 3624 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/06/16 23:13:15.0993 3624 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
    2011/06/16 23:13:16.0056 3624 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/06/16 23:13:16.0129 3624 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/06/16 23:13:16.0196 3624 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/06/16 23:13:16.0223 3624 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/06/16 23:13:16.0242 3624 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/06/16 23:13:16.0326 3624 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/06/16 23:13:16.0379 3624 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/06/16 23:13:16.0399 3624 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/06/16 23:13:16.0452 3624 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/06/16 23:13:16.0504 3624 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/06/16 23:13:16.0581 3624 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/06/16 23:13:16.0633 3624 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/06/16 23:13:16.0701 3624 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/06/16 23:13:16.0726 3624 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/06/16 23:13:16.0743 3624 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/06/16 23:13:17.0030 3624 nvlddmkm (6ef47521dce982602a25afb41dd13d4f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/06/16 23:13:17.0093 3624 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    2011/06/16 23:13:17.0112 3624 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    2011/06/16 23:13:17.0136 3624 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    2011/06/16 23:13:17.0215 3624 OemBiosDevice (cd85dd531c2fc085108aebc047072476) C:\Windows\system32\drivers\royal.sys
    2011/06/16 23:13:17.0300 3624 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/06/16 23:13:17.0365 3624 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/06/16 23:13:17.0430 3624 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/06/16 23:13:17.0448 3624 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/06/16 23:13:17.0508 3624 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/06/16 23:13:17.0535 3624 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    2011/06/16 23:13:17.0607 3624 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/06/16 23:13:17.0646 3624 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/06/16 23:13:17.0739 3624 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/06/16 23:13:17.0797 3624 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    2011/06/16 23:13:17.0870 3624 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/06/16 23:13:17.0930 3624 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    2011/06/16 23:13:17.0961 3624 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/06/16 23:13:17.0983 3624 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/06/16 23:13:17.0998 3624 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/06/16 23:13:18.0055 3624 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/06/16 23:13:18.0121 3624 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/06/16 23:13:18.0172 3624 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/06/16 23:13:18.0231 3624 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/06/16 23:13:18.0310 3624 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/06/16 23:13:18.0342 3624 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
    2011/06/16 23:13:18.0355 3624 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/06/16 23:13:18.0409 3624 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/06/16 23:13:18.0472 3624 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/06/16 23:13:18.0534 3624 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/06/16 23:13:18.0597 3624 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2011/06/16 23:13:18.0667 3624 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    2011/06/16 23:13:18.0697 3624 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    2011/06/16 23:13:18.0722 3624 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/06/16 23:13:18.0799 3624 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/06/16 23:13:18.0862 3624 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
    2011/06/16 23:13:18.0921 3624 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
    2011/06/16 23:13:18.0973 3624 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/06/16 23:13:19.0037 3624 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    2011/06/16 23:13:19.0091 3624 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/06/16 23:13:19.0104 3624 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    2011/06/16 23:13:19.0130 3624 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/06/16 23:13:19.0196 3624 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    2011/06/16 23:13:19.0217 3624 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    2011/06/16 23:13:19.0246 3624 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    2011/06/16 23:13:19.0311 3624 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/06/16 23:13:19.0371 3624 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/06/16 23:13:19.0455 3624 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    2011/06/16 23:13:19.0496 3624 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
    2011/06/16 23:13:19.0543 3624 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/06/16 23:13:19.0610 3624 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    2011/06/16 23:13:19.0691 3624 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/06/16 23:13:19.0751 3624 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/06/16 23:13:19.0804 3624 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/06/16 23:13:19.0854 3624 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/06/16 23:13:19.0958 3624 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2011/06/16 23:13:20.0024 3624 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/06/16 23:13:20.0073 3624 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/06/16 23:13:20.0096 3624 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/06/16 23:13:20.0119 3624 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/06/16 23:13:20.0160 3624 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/06/16 23:13:20.0200 3624 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/06/16 23:13:20.0239 3624 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/06/16 23:13:20.0258 3624 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/06/16 23:13:20.0311 3624 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/06/16 23:13:20.0362 3624 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    2011/06/16 23:13:20.0432 3624 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/06/16 23:13:20.0459 3624 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    2011/06/16 23:13:20.0487 3624 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    2011/06/16 23:13:20.0513 3624 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/06/16 23:13:20.0569 3624 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/06/16 23:13:20.0594 3624 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/06/16 23:13:20.0689 3624 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
    2011/06/16 23:13:20.0734 3624 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
    2011/06/16 23:13:20.0781 3624 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    2011/06/16 23:13:20.0814 3624 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/06/16 23:13:20.0874 3624 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/06/16 23:13:20.0908 3624 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/06/16 23:13:20.0979 3624 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/06/16 23:13:21.0035 3624 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/06/16 23:13:21.0087 3624 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    2011/06/16 23:13:21.0131 3624 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/06/16 23:13:21.0193 3624 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/06/16 23:13:21.0217 3624 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/06/16 23:13:21.0256 3624 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/06/16 23:13:21.0292 3624 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/06/16 23:13:21.0358 3624 vHidDev (949aa00a83b0c4d7a3010035d8af93d9) C:\Windows\system32\DRIVERS\vHidDev.sys
    2011/06/16 23:13:21.0414 3624 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    2011/06/16 23:13:21.0528 3624 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    2011/06/16 23:13:21.0579 3624 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2011/06/16 23:13:21.0598 3624 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/06/16 23:13:21.0658 3624 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/06/16 23:13:21.0700 3624 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/06/16 23:13:21.0724 3624 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    2011/06/16 23:13:21.0787 3624 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/06/16 23:13:21.0841 3624 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/16 23:13:21.0858 3624 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/16 23:13:21.0900 3624 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2011/06/16 23:13:21.0983 3624 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/06/16 23:13:22.0063 3624 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
    2011/06/16 23:13:22.0138 3624 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/06/16 23:13:22.0163 3624 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/06/16 23:13:22.0198 3624 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/06/16 23:13:22.0273 3624 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
    2011/06/16 23:13:22.0351 3624 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
    2011/06/16 23:13:22.0401 3624 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
    2011/06/16 23:13:22.0404 3624 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/06/16 23:13:22.0407 3624 ================================================================================
    2011/06/16 23:13:22.0407 3624 Scan finished
    2011/06/16 23:13:22.0407 3624 ================================================================================
    2011/06/16 23:13:22.0413 1468 Detected object count: 1
    2011/06/16 23:13:22.0413 1468 Actual detected object count: 1
    2011/06/16 23:13:31.0931 1468 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/06/16 23:13:31.0931 1468 \Device\Harddisk0\DR0 - ok
    2011/06/16 23:13:31.0932 1468 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
    2011/06/16 23:13:40.0771 4208 Deinitialize success
     
  8. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Very good :)

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. nirvanafr3ak

    nirvanafr3ak TS Rookie Topic Starter Posts: 23

    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows Vista
    Version 6.0.6002 (Service Pack 2)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0x8F000000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10465280 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 267.24 )
    0x8203F000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
    0x8203F000 PnpManager 3907584 bytes
    0x8203F000 RAW 3907584 bytes
    0x8203F000 WMIxWDM 3907584 bytes
    0x98AA0000 Win32k 2113536 bytes
    0x98AA0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0x82A07000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
    0x82678000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
    0x82807000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
    0x804D0000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
    0x9F89A000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0x9E801000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
    0x82953000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0x8FC0F000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0x8FE80000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0x82607000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0x8060E000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
    0x80406000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
    0x9E8D4000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x90473000 C:\Windows\system32\drivers\csc.sys 372736 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
    0x9F833000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
    0x8FCB4000 C:\Windows\system32\DRIVERS\yk60x86.sys 311296 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
    0x8076A000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x90170000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x8068D000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x8048F000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
    0x8FD9C000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
    0x9000A000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
    0x8070B000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0x9042D000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0x827AE000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
    0x905B1000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x82B17000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x8FFAA000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0x8200C000 ACPI_HAL 208896 bytes
    0x8200C000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x805B0000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x901B8000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x8FD6D000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
    0x90049000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x82783000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0x8FF69000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
    0x9F9A8000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
    0x9F80B000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x82B67000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
    0x806E4000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0x904E5000 C:\Windows\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
    0x8FF41000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
    0x90076000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0x82B8E000 C:\Windows\System32\DRIVERS\fvevol.sys 147456 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
    0x8FE0C000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0x90405000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
    0x82BC3000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x9E98C000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0x900F3000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0x9E9AD000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0x807E1000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
    0x8FF24000 C:\Windows\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
    0x9E941000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
    0x828F1000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0x90581000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0x8FD2B000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
    0x9E95E000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0x8FC9C000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0x9F882000 C:\Windows\system32\DRIVERS\idmwfp.sys 98304 bytes (Tonec Inc., Internet Download Manager WFP Driver)
    0x9E9CC000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0x904CE000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
    0x8FDE8000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0x9053C000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0x9F98E000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0x901EA000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0x90146000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
    0x9059C000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
    0x9E977000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x8FE52000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
    0x8FE3E000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0x9015C000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
    0x900D4000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
    0x9E8C1000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0x8FD4F000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x82BB2000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x9052B000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
    0x9009B000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
    0x80476000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x805E2000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x8FE69000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
    0x9E8B1000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
    0x807C9000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
    0x8FD00000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0x8FF09000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
    0x82944000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
    0x90572000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
    0x82B58000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0x8074C000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
    0x8FE2F000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x8FC00000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0x8075B000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
    0x8FD10000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0x98CE0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
    0x8FFE9000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x9012F000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x807BB000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0x8067F000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
    0x9050B000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x8FF9D000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0x9F982000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0x900E7000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0x829F3000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
    0x90518000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
    0x8FD1E000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
    0x8FD62000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x8FF19000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
    0x90124000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x827F4000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x8FDDD000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
    0x82930000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x827E9000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0x90568000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x8FFDF000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
    0x8FF93000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x90469000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0x9F978000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0x8FD45000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
    0x9F9D0000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0x82BE4000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
    0x900BD000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0x90559000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0x900B4000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
    0x9013D000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0x98CC0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x8293B000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x806D3000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0x807D9000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
    0x80487000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0x90523000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
    0x900AC000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0x806DC000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x90114000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x9011C000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x82B50000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
    0x900CD000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0x8FE79000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0x900C6000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
    0x807B4000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0x90562000 C:\Windows\system32\drivers\dadder.sys 24576 bytes (Razer (Asia-Pacific) Pte Ltd, Razer Habu USB Optical Mouse Driver)
    0x90427000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
    0x90000000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
    0x90555000 C:\Windows\System32\Drivers\Lycosa.sys 16384 bytes (Razer USA Ltd., Razer Tarantula Keyboard Driver)
    0x9F9A4000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
    0x80403000 00000025 12288 bytes
    0x80403000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0x8FD29000 C:\Windows\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
    0x8F9FB000 C:\Windows\System32\Drivers\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 267.24 )
    0x8FF67000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x90553000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0x8FE67000 C:\Windows\system32\DRIVERS\vHidDev.sys 8192 bytes (Windows (R) Win 7 DDK provider, Virtual Hid Device)
    ==============================================
    >Stealth
    ==============================================
     
  10. nirvanafr3ak

    nirvanafr3ak TS Rookie Topic Starter Posts: 23

    ComboFix 11-06-16.01 - Ruben 06/17/2011 0:10.1.2 - x86
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3326.2515 [GMT -4:00]
    Running from: c:\users\Ruben\Documents\Downloads\Programs\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Tarma Installer
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
    c:\users\Ruben\AppData\Roaming\4B59BA72F51519CB4E2F220CE91F6F56
    c:\users\Ruben\AppData\Roaming\4B59BA72F51519CB4E2F220CE91F6F56\enemies-names.txt
    c:\users\Ruben\AppData\Roaming\Adobe\plugs
    c:\users\Ruben\AppData\Roaming\Adobe\shed
    c:\windows\system32\config\systemprofile\AppData\Local\Asus.xrm-ms
    c:\windows\system32\config\systemprofile\AppData\Local\bootinst.exe
    c:\windows\system32\config\systemprofile\AppData\Local\grldr
    .
    .
    \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-17 04:22 . 2011-06-17 04:23 -------- d-----w- c:\users\Ruben\AppData\Local\temp
    2011-06-17 04:22 . 2011-06-17 04:22 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-06-17 04:22 . 2011-06-17 04:22 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-06-16 12:41 . 2011-06-16 12:41 -------- d-----w- c:\users\Ruben\AppData\Roaming\Avira
    2011-06-16 12:39 . 2011-06-16 12:39 -------- d-----w- c:\programdata\Avira
    2011-06-16 12:39 . 2011-06-16 12:39 -------- d-----w- c:\program files\Avira
    2011-06-16 12:39 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-06-16 12:39 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-06-16 05:13 . 2011-06-16 05:13 -------- d-----w- c:\users\Guest\AppData\Roaming\SUPERAntiSpyware.com
    2011-06-16 05:12 . 2011-06-16 05:12 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes
    2011-06-16 02:19 . 2011-06-16 02:19 -------- d-----w- c:\users\Ruben\AppData\Roaming\Malwarebytes
    2011-06-16 02:18 . 2011-06-16 02:18 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-16 02:18 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-16 02:18 . 2011-06-16 02:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-16 02:18 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-16 01:40 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-06-16 01:40 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-16 01:40 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-16 01:40 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
    2011-06-16 01:40 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-06-16 01:40 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
    2011-06-16 01:39 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-06-16 01:39 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-16 01:39 . 2011-02-22 13:24 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-16 01:39 . 2011-02-22 13:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-16 01:39 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-06-16 01:39 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2011-06-16 01:39 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-06-16 01:39 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-06-16 01:39 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-06-16 01:39 . 2011-02-12 08:39 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-06-16 00:19 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4345EF20-5502-416F-BCC8-B1B54D9ACA41}\mpengine.dll
    2011-06-13 00:50 . 2011-06-13 00:50 -------- d-----w- c:\programdata\WindowsSearch
    2011-06-12 22:07 . 2011-06-12 22:07 -------- d-----w- c:\programdata\mP28621EnNfJ28621
    2011-06-12 17:33 . 2011-06-12 17:35 -------- d-----w- c:\users\Ruben\AppData\Roaming\GARMIN
    2011-06-12 17:33 . 2011-06-12 17:33 -------- d-----w- c:\program files\Garmin GPS Plugin
    2011-06-11 17:02 . 2011-06-12 22:24 -------- d-----w- c:\program files\iPod(5)
    2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
    2011-06-02 22:01 . 2011-06-02 22:31 -------- d-----w- c:\users\Ruben\AppData\Roaming\Nitro PDF
    2011-06-02 21:58 . 2011-03-21 15:15 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
    2011-06-02 21:58 . 2011-03-21 15:15 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
    2011-06-02 21:58 . 2011-06-02 21:58 -------- d-----w- c:\programdata\Nitro PDF
    2011-06-02 21:58 . 2011-06-02 21:58 -------- d-----w- c:\program files\Common Files\Nitro PDF
    2011-06-02 21:58 . 2011-06-02 21:58 -------- d-----w- c:\program files\Nitro PDF
    2011-06-02 21:56 . 2011-06-02 21:56 -------- d-----w- c:\users\Ruben\AppData\Roaming\Downloaded Installations
    2011-06-02 21:53 . 2001-10-29 05:42 116224 ----a-w- c:\windows\system32\pdfmonnt.dll
    2011-06-02 21:53 . 2011-06-02 21:53 -------- d-----w- c:\windows\system32\psconv
    2011-06-02 21:53 . 2011-06-02 21:53 -------- d-----w- c:\program files\psconvert
    2011-06-02 02:44 . 2011-06-02 02:47 -------- d-----w- c:\program files\TuneUpMedia
    2011-06-02 02:18 . 2011-06-16 00:32 -------- d-----w- c:\program files\iTunes
    2011-06-02 02:17 . 2011-06-02 02:17 -------- d-----w- c:\program files\Bonjour
    2011-05-30 18:23 . 2011-05-30 21:01 -------- d-----w- c:\program files\GamersFirst
    2011-05-24 22:52 . 2011-05-24 22:53 -------- d-----w- C:\newFolder
    2011-05-24 22:34 . 2011-05-24 22:53 -------- d-----w- C:\testFolder
    2011-05-24 21:02 . 2011-05-24 21:02 -------- d-----w- c:\users\Ruben\AppData\Roaming\Thinstall
    2011-05-24 21:02 . 2011-05-24 21:02 -------- d-----w- c:\users\Ruben\AppData\Local\Thinstall
    2011-05-21 19:10 . 2011-05-21 19:10 -------- d-----w- c:\users\Ruben\AppData\Local\ElevatedDiagnostics
    2011-05-21 19:08 . 2011-05-21 19:08 -------- d-----w- c:\program files\Microsoft ATS
    2011-05-21 01:32 . 2011-05-21 01:32 -------- d-sh--w- c:\programdata\DSS
    2011-05-21 01:15 . 2011-05-21 01:15 -------- d-----w- c:\users\Ruben\AppData\Roaming\Lionhead Studios
    2011-05-19 03:25 . 2011-05-19 03:25 -------- d-----w- c:\program files\Zuxxez
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-16 00:32 . 2010-06-15 01:51 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-06-16 00:32 . 2010-06-15 01:51 138056 ----a-w- c:\users\Ruben\AppData\Roaming\PnkBstrK.sys
    2011-06-16 00:32 . 2010-06-15 01:50 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-06-16 00:31 . 2010-06-15 01:50 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2011-06-16 00:31 . 2010-06-15 01:50 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
    2011-05-30 21:56 . 2010-06-15 03:13 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-05-21 01:26 . 2011-01-17 22:25 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-05-21 01:16 . 2009-08-18 15:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2011-05-21 01:16 . 2009-08-18 15:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-05-16 17:51 . 2011-05-16 17:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-04-25 03:31 . 2011-04-25 03:31 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-04-25 03:31 . 2011-04-25 03:31 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-04-25 03:30 . 2011-04-25 03:30 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
    2011-04-08 11:28 . 2011-04-08 11:28 41872 ----a-w- c:\windows\system32\xfcodec.dll
    2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-03-21 15:17 . 2011-03-21 15:17 68928 ----a-w- c:\windows\system32\NLSSRV32.EXE
    2011-05-01 16:27 . 2011-03-24 00:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-01-17 175912]
    "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\prxtbXfi2.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\XfireXO\prxtbXfi2.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuz2.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-01-17 175912]
    "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\prxtbXfi2.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-01-17 175912]
    "{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\prxtbXfi2.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-03-02 16:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-03-17 3278232]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
    "lxedmon.exe"="c:\program files\Lexmark S600 Series\lxedmon.exe" [2009-08-20 766632]
    "EzPrint"="c:\program files\Lexmark S600 Series\ezprint.exe" [2009-08-20 139944]
    "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2010-05-05 251392]
    "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKLM\~\startupfolder\C:^Users^Ruben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
    path=c:\users\Ruben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
    backup=c:\windows\pss\MagicDisc.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
    2011-03-17 13:31 3278232 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:21 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4131535426-1223570999-1301256555-1000]
    "EnableNotificationsRef"=dword:00000001
    .
    R0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [2010-06-01 240128]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 135664]
    R2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxedserv.exe [2010-04-15 193192]
    R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [2009-08-10 39936]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 135664]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2010-10-21 81680]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-08-29 3893752]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-10-14 12872]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 XDva365;XDva365;c:\windows\system32\XDva365.sys [x]
    R4 Firefox Service;Firefox Service;c:\users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\85ycv5pw.default\extensions\startup.service@mozilla.com\svc.exe [2011-03-10 83456]
    R4 OrbisClient.Services;LabSim Configuration and Security;c:\program files\TestOut\Orbis\OrbisClient.Services.exe [2009-03-23 13824]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-10-14 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-10-14 67656]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-03-17 86280]
    S2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe [2009-07-29 598696]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
    S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2011-03-21 196928]
    S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-03-21 68928]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
    S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]
    S3 LycoFltr;Lycosa Keyboard;c:\windows\system32\Drivers\Lycosa.sys [2008-01-18 16128]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
    S3 vHidDev;Razer Gaming Device;c:\windows\system32\DRIVERS\vHidDev.sys [2009-12-22 5760]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    bthsvcs REG_MULTI_SZ BthServ
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 05:13]
    .
    2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 05:13]
    .
    2011-06-16 c:\windows\Tasks\User_Feed_Synchronization-{AEA45842-1F86-4FBD-95A1-80B4C6E0C0B0}.job
    - c:\windows\system32\msfeedssync.exe [2011-02-10 04:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.att.net
    uInternet Settings,ProxyOverride = *.local
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 68.87.74.166 68.87.68.166
    FF - ProfilePath - c:\users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\85ycv5pw.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://google.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
    MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
    AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
    AddRemove-L4D2SP - c:\users\Ruben\Documents\Downloads\L4D2\Left_4_Dead_2\Left 4 Dead 2\Uninstall SP.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-17 00:23
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4131535426-1223570999-1301256555-1000_Classes\CLSID\{56d69246-f28c-48a9-a39a-c22bcec43c8a}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000118
    "Therad"=dword:00000022
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_USERS\S-1-5-21-4131535426-1223570999-1301256555-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):41,4b,41,28,08,ca,88,53,8c,06,80,fd,52,c3,7a,12,aa,08,ff,6e,b8,
    f1,03,04,60,a2,e6,73,72,92,89,e8,09,d4,c7,e1,8d,a5,90,dc,00,00,00,00,00,00,\
    .
    Completion time: 2011-06-17 00:26:36
    ComboFix-quarantined-files.txt 2011-06-17 04:26
    .
    Pre-Run: 75,883,782,144 bytes free
    Post-Run: 76,280,565,760 bytes free
    .
    - - End Of File - - C4ED39D47C0DC3274BEDA1230935CA42
     
  11. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Both logs look good now :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. nirvanafr3ak

    nirvanafr3ak TS Rookie Topic Starter Posts: 23

    Wow you work fast :). The computer is doing much better now. However, many of my drivers and startup programs did not start after combofix rebooted the computer. I think it might get fixed after another restart.

    I will paste the logs as soon as OTL is done.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Restart computer one more time.
     
  14. nirvanafr3ak

    nirvanafr3ak TS Rookie Topic Starter Posts: 23

    OTL logfile created on: 6/17/2011 12:44:59 AM - Run 1
    OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Ruben\Documents\Downloads\Programs
    Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 62.51% Memory free
    6.73 Gb Paging File | 5.58 Gb Available in Paging File | 82.87% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465.75 Gb Total Space | 71.08 Gb Free Space | 15.26% Space Free | Partition Type: NTFS

    Computer Name: NIRVANA | User Name: Ruben | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/06/17 00:40:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ruben\Documents\Downloads\Programs\OTL.exe
    PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
    PRC - [2011/03/21 11:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
    PRC - [2011/03/17 09:31:44 | 003,278,232 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
    PRC - [2011/01/20 17:20:34 | 000,426,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe
    PRC - [2010/10/16 13:42:12 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    PRC - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2009/07/29 11:29:37 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxedcoms.exe
    PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/17 00:40:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ruben\Documents\Downloads\Programs\OTL.exe
    MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2011/03/21 11:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
    SRV - [2011/03/09 20:07:10 | 000,083,456 | ---- | M] () [Disabled | Stopped] -- C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\85ycv5pw.default\extensions\startup.service@mozilla.com\svc.exe -- (Firefox Service)
    SRV - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/08/29 18:29:58 | 003,893,752 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
    SRV - [2010/04/14 20:00:48 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxedserv.exe -- (lxedCATSCustConnectService)
    SRV - [2009/07/29 11:29:37 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxedcoms.exe -- (lxed_device)
    SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2009/03/23 10:31:04 | 000,013,824 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\TestOut\Orbis\OrbisClient.Services.exe -- (OrbisClient.Services)
    SRV - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2011/03/17 11:52:34 | 000,086,280 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
    DRV - [2011/02/23 08:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/10/21 15:11:02 | 000,081,680 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
    DRV - [2010/10/14 14:08:53 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2010/10/14 14:08:52 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/10/14 14:08:52 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/01 16:39:56 | 000,240,128 | ---- | M] (PARADOX) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\royal.sys -- (OemBiosDevice)
    DRV - [2010/05/04 11:51:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2010/05/04 11:50:54 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2009/12/21 22:50:16 | 000,005,760 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vHidDev.sys -- (vHidDev)
    DRV - [2009/08/10 16:25:36 | 000,039,936 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CYUSB.sys -- (CYUSB)
    DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/01/18 06:43:16 | 000,016,128 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lycosa.sys -- (LycoFltr)
    DRV - [2007/08/02 09:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dadder.sys -- (DAdderFltr)
    DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi2.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

    IE - HKU\S-1-5-21-4131535426-1223570999-1301256555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
    IE - HKU\S-1-5-21-4131535426-1223570999-1301256555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-4131535426-1223570999-1301256555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB 51 A8 43 F1 38 CB 01 [binary data]
    IE - HKU\S-1-5-21-4131535426-1223570999-1301256555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-4131535426-1223570999-1301256555-1000\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi2.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-4131535426-1223570999-1301256555-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-4131535426-1223570999-1301256555-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4131535426-1223570999-1301256555-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Bing"
    FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://google.com/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
    FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.126
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.2
    FF - prefs.js..extensions.enabledItems: {C8E400E3-44BC-4e78-8C17-8C48E74C67F4}:3.6
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q="
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 12:27:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 15:34:23 | 000,000,000 | ---D | M]

    [2010/12/24 19:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruben\AppData\Roaming\Mozilla\Extensions
    [2010/12/24 19:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruben\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2011/06/12 17:59:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\85ycv5pw.default\extensions
    [2010/09/18 22:01:59 | 000,000,000 | ---D | M] () -- C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\85ycv5pw.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
    [2011/03/11 00:50:09 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\85ycv5pw.default\extensions\battlefieldheroespatcher@ea.com
    [2011/04/04 21:45:19 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\85ycv5pw.default\extensions\battlefieldplay4free@ea.com
    [2011/06/12 17:59:04 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\85ycv5pw.default\extensions\plugin@yontoo.com
    [2011/03/23 21:31:13 | 000,000,000 | ---D | M] (startup.service) -- C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\85ycv5pw.default\extensions\startup.service@mozilla.com
    [2011/03/23 21:11:28 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\85ycv5pw.default\extensions\support@lastpass.com
    [2010/08/09 00:45:15 | 000,001,832 | ---- | M] () -- C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\85ycv5pw.default\searchplugins\bing.xml
    [2011/05/25 16:18:08 | 000,000,879 | ---- | M] () -- C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\85ycv5pw.default\searchplugins\conduit.xml
    [2011/03/23 20:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/17 20:32:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    File not found (No name found) --
    [2011/03/28 14:39:40 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\RUBEN\APPDATA\ROAMING\IDM\IDMMZCC3
    () (No name found) -- C:\USERS\RUBEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\85YCV5PW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2010/06/16 03:00:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/05/01 12:27:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2010/06/17 20:32:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    [2010/07/28 18:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
    [2011/06/13 17:23:46 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/06/17 00:22:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi2.dll (Conduit Ltd.)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-4131535426-1223570999-1301256555-1000\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\prxtbXfi2.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-4131535426-1223570999-1301256555-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
    O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S600 Series\ezprint.exe ()
    O4 - HKLM..\Run: [lxedmon.exe] C:\Program Files\Lexmark S600 Series\lxedmon.exe ()
    O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKU\S-1-5-21-4131535426-1223570999-1301256555-1000..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4131535426-1223570999-1301256555-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4131535426-1223570999-1301256555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-4131535426-1223570999-1301256555-1000..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-4131535426-1223570999-1301256555-1000\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.bdmpeg - C:\Windows\System32\bdmpega.acm ()
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.mpeg - C:\Windows\System32\bdmpegv.dll ()
    Drivers32: vidc.tscc - C:\Windows\System32\TSCCVID.DLL (TechSmith Corporation)
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/17 00:26:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/06/17 00:26:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/06/17 00:26:38 | 000,000,000 | ---D | C] -- C:\Users\Ruben\AppData\Local\temp
    [2011/06/16 23:59:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/06/16 23:59:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/06/16 23:59:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/06/16 23:59:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/06/16 23:59:45 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/06/16 23:06:52 | 000,000,000 | ---D | C] -- C:\Users\Ruben\Documents\Battlefield Heroes
    [2011/06/16 15:47:00 | 000,607,310 | R--- | C] (Swearware) -- C:\Users\Ruben\Desktop\dds.scr
    [2011/06/16 14:59:10 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/06/16 08:41:43 | 000,000,000 | ---D | C] -- C:\Users\Ruben\AppData\Roaming\Avira
    [2011/06/16 08:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2011/06/16 08:39:53 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2011/06/16 08:39:52 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2011/06/16 08:39:52 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2011/06/16 08:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2011/06/16 08:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/06/15 22:19:26 | 000,000,000 | ---D | C] -- C:\Users\Ruben\AppData\Roaming\Malwarebytes
    [2011/06/15 22:18:38 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/06/15 22:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/06/15 22:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/06/15 22:18:35 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/06/15 22:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/06/15 14:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
    [2011/06/12 20:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2011/06/12 18:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\mP28621EnNfJ28621
    [2011/06/12 13:33:11 | 000,000,000 | ---D | C] -- C:\Users\Ruben\AppData\Roaming\GARMIN
    [2011/06/12 13:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
    [2011/06/11 13:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(5)
    [2011/06/07 17:37:07 | 000,000,000 | ---D | C] -- C:\Users\Ruben\Desktop\files
    [2011/06/02 18:01:12 | 000,000,000 | ---D | C] -- C:\Users\Ruben\AppData\Roaming\Nitro PDF
    [2011/06/02 17:58:49 | 000,026,432 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon.dll
    [2011/06/02 17:58:49 | 000,017,728 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui.dll
    [2011/06/02 17:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
    [2011/06/02 17:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
    [2011/06/02 17:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
    [2011/06/02 17:56:37 | 000,000,000 | ---D | C] -- C:\Users\Ruben\AppData\Roaming\Downloaded Installations
    [2011/06/02 17:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\psconvert
    [2011/06/02 17:53:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\psconv
    [2011/06/01 22:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
    [2011/06/01 22:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/06/01 22:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/06/01 22:13:02 | 000,000,000 | ---D | C] -- C:\Users\Ruben\Desktop\redsn0w_win_0.9.6rc16
    [2011/05/30 14:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst
    [2011/05/30 14:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\GamersFirst
    [2011/05/24 18:52:36 | 000,000,000 | ---D | C] -- C:\newFolder
    [2011/05/24 18:34:39 | 000,000,000 | ---D | C] -- C:\testFolder
    [2011/05/24 17:02:53 | 000,000,000 | ---D | C] -- C:\Users\Ruben\AppData\Roaming\Thinstall
    [2011/05/24 17:02:52 | 000,000,000 | ---D | C] -- C:\Users\Ruben\AppData\Local\Thinstall
    [2011/05/21 15:10:31 | 000,000,000 | ---D | C] -- C:\Users\Ruben\AppData\Local\ElevatedDiagnostics
    [2011/05/21 15:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
    [2011/05/20 21:32:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
    [2011/05/20 21:15:21 | 000,000,000 | ---D | C] -- C:\Users\Ruben\AppData\Roaming\Lionhead Studios
    [2011/05/18 23:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zuxxez
    [2011/05/18 23:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\Zuxxez
    [2010/11/22 22:46:59 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxedpmui.dll
    [2010/11/22 22:46:58 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxedih.exe
    [2010/11/22 22:46:57 | 000,679,936 | ---- | C] ( ) -- C:\Windows\System32\lxedhbn3.dll
    [2010/11/22 22:46:56 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxedcoin.dll
    [2010/11/22 22:46:56 | 000,369,320 | ---- | C] ( ) -- C:\Windows\System32\lxedcfg.exe
    [2010/11/22 22:46:55 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxedhcp.dll
    [2010/11/22 22:45:40 | 001,044,480 | ---- | C] ( ) -- C:\Windows\System32\lxedserv.dll
    [2010/11/22 22:45:40 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxedusb1.dll
    [2010/11/22 22:45:40 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxedcoms.exe
    [2010/11/22 22:45:40 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxedlmpm.dll
    [2010/11/22 22:45:40 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxedcomm.dll
    [2010/11/22 22:45:40 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxedinpa.dll
    [2010/11/22 22:45:40 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxediesc.dll
    [2009/12/09 20:35:44 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxedcomc.dll
    [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/06/17 00:25:17 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/06/17 00:22:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/06/17 00:07:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/06/17 00:06:55 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/06/17 00:06:55 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/06/17 00:06:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/06/17 00:06:46 | 3488,735,232 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/17 00:05:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011/06/16 23:25:15 | 313,647,158 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/06/16 15:34:23 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/06/16 15:30:09 | 000,371,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/06/16 15:09:49 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AEA45842-1F86-4FBD-95A1-80B4C6E0C0B0}.job
    [2011/06/16 15:00:08 | 000,642,808 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/06/16 15:00:08 | 000,119,000 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/06/16 08:40:05 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/06/16 08:31:07 | 000,607,310 | R--- | M] (Swearware) -- C:\Users\Ruben\Desktop\dds.scr
    [2011/06/16 01:08:01 | 000,009,300 | -HS- | M] () -- C:\Users\Ruben\AppData\Local\gpcsj0vt0ce
    [2011/06/16 01:08:01 | 000,009,300 | -HS- | M] () -- C:\ProgramData\gpcsj0vt0ce
    [2011/06/15 22:18:38 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/06/15 20:32:32 | 000,138,056 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2011/06/15 20:32:32 | 000,138,056 | ---- | M] () -- C:\Users\Ruben\AppData\Roaming\PnkBstrK.sys
    [2011/06/15 20:31:59 | 000,189,248 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
    [2011/06/15 16:08:29 | 000,011,022 | -HS- | M] () -- C:\ProgramData\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s
    [2011/06/15 16:08:28 | 000,011,022 | -HS- | M] () -- C:\Users\Ruben\AppData\Local\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s
    [2011/06/14 13:28:39 | 000,010,442 | -HS- | M] () -- C:\ProgramData\2755211163
    [2011/06/02 18:31:30 | 000,563,443 | ---- | M] () -- C:\Users\Ruben\Documents\RubenResume.pdf
    [2011/06/02 17:58:45 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\Nitro PDF Professional.lnk
    [2011/06/02 17:53:23 | 000,000,164 | ---- | M] () -- C:\Windows\System32\psconv.ini
    [2011/06/01 22:44:18 | 000,190,464 | ---- | M] () -- C:\Users\Ruben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/01 22:43:53 | 000,001,633 | ---- | M] () -- C:\Users\Ruben\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2011/06/01 22:43:53 | 000,001,633 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
    [2011/06/01 22:28:26 | 637,183,974 | ---- | M] () -- C:\Users\Ruben\Desktop\iPad2,1_4.3.3_8J2_Restore.ipsw
    [2011/06/01 22:12:38 | 013,963,665 | ---- | M] () -- C:\Users\Ruben\Desktop\redsn0w_win_0.9.6rc16.zip
    [2011/05/31 19:23:06 | 000,000,894 | ---- | M] () -- C:\Users\Ruben\Desktop\WORD.lnk
    [2011/05/30 17:56:27 | 000,281,656 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
    [2011/05/29 21:27:06 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/05/21 15:10:51 | 000,001,706 | ---- | M] () -- C:\Users\Ruben\Desktop\Fix it - Microsoft ATS.lnk
    [2011/05/21 14:43:25 | 000,000,918 | ---- | M] () -- C:\Users\Ruben\Desktop\FableLauncher.exe - Shortcut.lnk
    [2011/05/20 13:57:46 | 000,001,940 | ---- | M] () -- C:\Users\Ruben\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
  15. nirvanafr3ak

    nirvanafr3ak TS Rookie Topic Starter Posts: 23

    ========== Files Created - No Company Name ==========

    [2011/06/16 23:59:53 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/06/16 23:59:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/06/16 23:59:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/06/16 23:59:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/06/16 23:59:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/06/16 08:40:05 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/06/15 22:18:38 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/06/15 20:30:11 | 000,009,300 | -HS- | C] () -- C:\Users\Ruben\AppData\Local\gpcsj0vt0ce
    [2011/06/15 20:30:11 | 000,009,300 | -HS- | C] () -- C:\ProgramData\gpcsj0vt0ce
    [2011/06/15 16:59:10 | 3488,735,232 | -HS- | C] () -- C:\hiberfil.sys
    [2011/06/14 13:26:28 | 000,011,022 | -HS- | C] () -- C:\Users\Ruben\AppData\Local\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s
    [2011/06/14 13:26:28 | 000,010,442 | -HS- | C] () -- C:\ProgramData\2755211163
    [2011/06/14 13:26:23 | 000,011,022 | -HS- | C] () -- C:\ProgramData\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s
    [2011/06/02 18:02:46 | 000,563,443 | ---- | C] () -- C:\Users\Ruben\Documents\RubenResume.pdf
    [2011/06/02 17:58:45 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\Nitro PDF Professional.lnk
    [2011/06/02 17:58:44 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Professional.lnk
    [2011/06/02 17:53:25 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfmonnt.dll
    [2011/06/02 17:53:23 | 000,000,164 | ---- | C] () -- C:\Windows\System32\psconv.ini
    [2011/06/01 22:14:55 | 637,183,974 | ---- | C] () -- C:\Users\Ruben\Desktop\iPad2,1_4.3.3_8J2_Restore.ipsw
    [2011/06/01 22:12:19 | 013,963,665 | ---- | C] () -- C:\Users\Ruben\Desktop\redsn0w_win_0.9.6rc16.zip
    [2011/05/31 19:23:06 | 000,000,894 | ---- | C] () -- C:\Users\Ruben\Desktop\WORD.lnk
    [2011/05/21 15:10:51 | 000,001,706 | ---- | C] () -- C:\Users\Ruben\Desktop\Fix it - Microsoft ATS.lnk
    [2011/05/21 14:43:25 | 000,000,918 | ---- | C] () -- C:\Users\Ruben\Desktop\FableLauncher.exe - Shortcut.lnk
    [2011/05/18 20:27:22 | 000,001,940 | ---- | C] () -- C:\Users\Ruben\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/04/08 07:28:58 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
    [2011/02/08 19:38:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/12/14 22:41:28 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
    [2010/12/14 22:41:28 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
    [2010/11/22 22:46:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxedvs.dll
    [2010/11/22 22:46:57 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxedgrd.dll
    [2010/11/22 22:46:55 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxedins.dll
    [2010/11/22 22:46:55 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxedcui.dll
    [2010/11/22 22:46:55 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxedinsb.dll
    [2010/11/22 22:46:55 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxedcu.dll
    [2010/11/22 22:46:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxedcuir.dll
    [2010/11/22 22:46:55 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxedinsr.dll
    [2010/11/22 22:46:55 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxedcub.dll
    [2010/11/22 22:46:55 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxedgcfg.dll
    [2010/11/22 22:46:55 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxedjswr.dll
    [2010/11/22 22:46:55 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxedcur.dll
    [2010/11/22 22:45:40 | 000,327,680 | ---- | C] () -- C:\Windows\System32\LXEDinst.dll
    [2010/11/03 17:21:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2010/08/29 03:16:24 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/08/29 03:16:24 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010/08/26 22:34:13 | 000,000,228 | ---- | C] () -- C:\Windows\RAC_HEROES.ini
    [2010/06/29 13:37:20 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2010/06/15 23:54:47 | 000,000,707 | ---- | C] () -- C:\Users\Ruben\AppData\Roaming\myMPQ.ini
    [2010/06/15 15:29:36 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEDsm.dll
    [2010/06/15 15:29:36 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LXEDsmr.dll
    [2010/06/14 21:51:08 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2010/06/14 21:51:07 | 000,138,056 | ---- | C] () -- C:\Users\Ruben\AppData\Roaming\PnkBstrK.sys
    [2010/06/14 21:50:39 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
    [2010/06/14 21:50:38 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
    [2010/06/14 21:50:38 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
    [2010/06/14 18:12:22 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2010/06/02 15:44:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2010/06/02 15:44:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/06/02 15:44:18 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2010/06/01 16:32:21 | 000,000,552 | ---- | C] () -- C:\Users\Ruben\AppData\Local\d3d8caps.dat
    [2010/06/01 16:19:03 | 000,190,464 | ---- | C] () -- C:\Users\Ruben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/06/01 16:17:55 | 000,000,680 | ---- | C] () -- C:\Users\Ruben\AppData\Local\d3d9caps.dat
    [2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
    [2009/07/08 21:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
    [2008/08/13 09:19:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/01/20 22:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
    [2006/11/02 08:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 08:46:27 | 000,371,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 08:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 06:33:01 | 000,642,808 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 06:33:01 | 000,119,000 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
    [2002/10/15 18:54:04 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

    ========== LOP Check ==========

    [2011/06/16 08:00:58 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\DMCache
    [2011/01/21 18:23:39 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\IDM
    [2011/01/21 18:20:56 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Razer
    [2011/06/15 20:25:53 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\Azureus
    [2010/12/16 16:46:22 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\BugTrap Console Test108
    [2011/06/17 00:44:05 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\DMCache
    [2011/06/02 17:56:37 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\Downloaded Installations
    [2011/03/07 15:44:34 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\fizzy
    [2011/06/12 13:35:36 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\GARMIN
    [2010/09/11 22:08:05 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\gtk-2.0
    [2010/11/01 16:25:40 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\Hothead Games
    [2011/03/28 14:39:40 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\IDM
    [2010/10/13 03:03:08 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\ijjigame
    [2011/05/20 21:15:21 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\Lionhead Studios
    [2010/11/03 17:07:29 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\MotioninJoy
    [2010/11/12 17:28:18 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\MyScribe
    [2010/11/23 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\NeopleLauncherDFO
    [2011/06/02 18:31:20 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\Nitro PDF
    [2011/06/15 20:05:34 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\Notepad++
    [2011/01/03 09:24:07 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\Razer
    [2011/01/25 15:15:04 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\RenPy
    [2011/05/25 15:25:26 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\RIFT
    [2011/05/24 17:02:53 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\Thinstall
    [2010/12/24 19:27:53 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\TomTom
    [2010/10/15 02:27:33 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\TS3Client
    [2010/10/09 21:15:20 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\W
    [2010/10/09 21:13:53 | 000,000,000 | ---D | M] -- C:\Users\Ruben\AppData\Roaming\wargaming.net
    [2011/06/17 00:05:55 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/06/16 15:09:49 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AEA45842-1F86-4FBD-95A1-80B4C6E0C0B0}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2010/08/27 02:07:26 | 000,001,621 | ---- | M] () -- C:\BFHeroes.log
    [2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2010/06/01 19:45:40 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/06/17 00:26:37 | 000,021,578 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/06/01 16:17:05 | 000,171,136 | RHS- | M] () -- C:\grldr
    [2011/06/17 00:06:46 | 3488,735,232 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/17 00:06:45 | 3802,329,088 | -HS- | M] () -- C:\pagefile.sys
    [2011/06/16 23:13:40 | 000,063,724 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_16.06.2011_23.12.56_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 08:35:26 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 08:35:26 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 08:35:26 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/06/12 00:50:45 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/06/19 05:58:00 | 000,157,696 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\lxeddrpp.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 22:41:56 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 23:16:46 | 017,956,864 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 23:16:31 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 23:16:46 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/06/12 00:42:52 | 000,000,286 | -HS- | M] () -- C:\Users\Ruben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/08/29 17:53:22 | 001,881,600 | ---- | M] () -- C:\Users\Ruben\Desktop\Dragon.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2006/11/02 08:33:56 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/06/01 16:18:08 | 000,000,402 | -HS- | M] () -- C:\Users\Ruben\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/06/14 13:28:39 | 000,010,442 | -HS- | M] () -- C:\ProgramData\2755211163
    [2011/06/15 16:08:29 | 000,011,022 | -HS- | M] () -- C:\ProgramData\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s
    [2010/07/24 14:25:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\cmn_upld.log
    [2010/11/22 22:51:18 | 000,000,504 | ---- | M] () -- C:\ProgramData\FastPics.log
    [2011/06/16 01:08:01 | 000,009,300 | -HS- | M] () -- C:\ProgramData\gpcsj0vt0ce
    [2011/02/08 19:37:18 | 000,000,340 | ---- | M] () -- C:\ProgramData\lxed.log
    [2011/02/08 20:13:15 | 000,000,248 | ---- | M] () -- C:\ProgramData\lxedDiagnostics.log
    [2011/06/07 21:40:09 | 000,044,620 | ---- | M] () -- C:\ProgramData\lxedJSW.log
    [2011/06/16 23:27:40 | 000,054,133 | ---- | M] () -- C:\ProgramData\lxedscan.log
    [2010/07/24 14:25:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\LxWbGwLog.log
    [2010/06/15 15:29:36 | 000,000,000 | ---- | M] () -- C:\ProgramData\UpdaterLog.txt
    [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==========
    [2010/10/13 22:18:52 | 000,000,000 | ---D | M](C:\Users\Ruben\Documents\?? ???) -- C:\Users\Ruben\Documents\넥슨 플러그
    [2010/10/13 22:18:52 | 000,000,000 | ---D | C](C:\Users\Ruben\Documents\?? ???) -- C:\Users\Ruben\Documents\넥슨 플러그

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:EA029835

    < End of report >
     
  16. nirvanafr3ak

    nirvanafr3ak TS Rookie Topic Starter Posts: 23

    OTL Extras logfile created on: 6/17/2011 12:44:59 AM - Run 1
    OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Ruben\Documents\Downloads\Programs
    Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 62.51% Memory free
    6.73 Gb Paging File | 5.58 Gb Available in Paging File | 82.87% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465.75 Gb Total Space | 71.08 Gb Free Space | 15.26% Space Free | Partition Type: NTFS

    Computer Name: NIRVANA | User Name: Ruben | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-4131535426-1223570999-1301256555-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "UpdatesDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4131535426-1223570999-1301256555-1000]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0F7A8BA0-FB43-4177-86C0-21955FA70275}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{15C16E3A-BF99-41D1-942A-4BED9DE9B434}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{1C3B81CE-6B32-4269-9BF2-C125C830C8F2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{20A6C96D-8079-4B84-BCBE-2FFFD17AECA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{2EA69B78-40C1-48BD-9FF5-119057168D04}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{3FB6B31C-B7F8-4006-BFDC-8BB121C67D72}" = rport=445 | protocol=6 | dir=out | app=system |
    "{509C773A-4C76-487D-9A79-BD794F29E313}" = lport=139 | protocol=6 | dir=in | app=system |
    "{688E1701-A4EE-45D5-8C75-F3A8B386E646}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{71ECB27B-9B1C-4090-802A-90BA2C19AC9D}" = rport=138 | protocol=17 | dir=out | app=system |
    "{7AD4336E-79FF-47F8-9495-EBF3188152B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{8DDB173F-E293-4300-A94C-0E4013DF09F5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{8E4D92FF-2AEC-4C34-A226-AE1511FFD85F}" = lport=138 | protocol=17 | dir=in | app=system |
    "{94DD0900-61F7-4FD5-91BE-F3DA77689CBD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9B94E9B7-E17E-4366-AFCA-09DA67B86E75}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9DA0BAB3-B767-4F5E-8CCF-42C426601060}" = rport=139 | protocol=6 | dir=out | app=system |
    "{A4C04DF4-C986-404B-B455-33547A4BD4AA}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{AFE8AC79-2407-4160-9F77-1388FBF1C208}" = lport=445 | protocol=6 | dir=in | app=system |
    "{B150A8D5-5D46-4777-9943-8C8E439F3BF8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{B5BF1EA4-3726-4EDB-AF23-15851FF3827D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
    "{BA92AEAB-AE3E-4829-8C10-1B46B7C289F1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C47ADB16-9552-4A58-B3A2-1D9336B84F5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{C76C4700-21B4-41ED-9DDE-4EB8D2802845}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CDA131CD-5A2A-430C-A03F-EFE948BAF881}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CE8893A1-0616-497C-853C-AF54806704BE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D9FA1D60-FFAF-4CA0-AEA8-6A3C5FE7EA7B}" = lport=137 | protocol=17 | dir=in | app=system |
    "{DA02DBDD-9645-4514-8BAB-BE78165C1AB2}" = rport=137 | protocol=17 | dir=out | app=system |
    "{E0485738-DF24-46FF-B6A1-2E4585DD19C9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{EB3759E9-F6E8-499F-B8FA-BC2E1011BEAC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FC47C3AF-DA0F-4AC1-A854-9AFFF5763BA1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{026C87BB-22BF-4447-8683-DEEBC70FA6F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{03F8225B-FCFB-4E8F-BDA5-83D07810B102}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{076D97AE-4F73-4437-B087-1A253B7B7C4C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battleforge\bootstrapper.exe |
    "{0F52ED68-C6E8-467F-8B43-472934E5F9E9}" = protocol=6 | dir=out | app=system |
    "{12048FF9-B318-4C96-9799-825045963387}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{13002B0E-02A0-4204-8294-5562D364BD7B}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{137B0865-1424-4E72-9CCD-6F620D694082}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{1ACED8B4-B434-42BE-B67A-387EEE1864A4}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{1B3BDB81-A531-47E6-B538-98D5A43FFA56}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{1F5F45F8-7578-45BF-83FE-9992705370DF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{1FA9247D-7ED7-4D82-982F-640961AC993E}" = protocol=17 | dir=in | app=c:\program files\electronic arts\dragon age 2\dragonage2launcher.exe |
    "{234BC472-4C03-4457-83D2-2E9FD8AA7EA2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{27356C86-C651-4D21-BBAC-989D44D0816D}" = dir=in | app=c:\windows\system32\lxedcoms.exe |
    "{277C7639-FB35-497C-B83A-A7EEEEE0C503}" = dir=in | app=conquer_v5378_p2p_20110326.exe |
    "{2C90E3DE-5ECF-472B-833B-5BC2C22ADD37}" = protocol=17 | dir=in | app=c:\program files\electronic arts\dragon age 2\bin_ship\dragonage2.exe |
    "{2FF22C1A-4A4D-4FAC-A312-FFF998504979}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{329CF500-A04E-4FDE-BE57-C7B61593B39A}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
    "{38AB475A-866D-4FBF-B153-1DEFAD25710D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{39939DC0-C1A2-4D36-9055-C2F6F7FEB87B}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
    "{3A50A376-194D-4D48-AB77-8ADE9F5845A0}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{3B4FF0C5-64CF-401D-B15E-3F86A269C1BE}" = dir=in | app=c:\windows\system32\lxedcoms.exe |
    "{3BA1ED03-21F8-4FE2-894E-E40544DDE300}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{3BB4D8C6-E402-4046-A5DD-F8BF5274BFC0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{3E91E17D-9CA4-4BF3-B3C4-ECA928B35C70}" = protocol=6 | dir=in | app=c:\program files\capcom\dead rising 2\deadrising2.exe |
    "{469A2A8A-68B0-42E8-A709-B677B60D82EA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
    "{4779C2F8-5261-4D98-AAB1-B3CEAF45188A}" = protocol=6 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
    "{493D3747-76FB-47F4-9999-BBC57463A938}" = protocol=6 | dir=in | app=c:\program files\electronic arts\dragon age 2\dragonage2launcher.exe |
    "{497CA975-3920-4FD9-AE31-40E2346E8896}" = protocol=17 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
    "{4CE84D32-9184-4BAB-963D-89CECC55EBA7}" = dir=in | app=c:\windows\system32\lxedcoms.exe |
    "{51766928-3EBC-4F9E-8C65-EA7737ED8699}" = protocol=17 | dir=in | app=c:\sc2\starcraft ii beta\starcraft ii.exe |
    "{55A42ACA-57C2-4183-A649-C58602781F5C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{5B72A7C4-CFB4-4A9D-91A4-289A302631A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5CFED000-4BEE-4868-A8A9-28F83F0F4D30}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{626419FE-BBE3-43BB-8093-C40D15AE2FAB}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
    "{6A7DA0BE-D7DF-4DAC-8B5C-532BAD273592}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battleforge\battleforge.exe |
    "{6AE2519A-B136-42AB-B656-32688094BBF4}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
    "{6E25E5B4-40A9-4569-8D8A-BF47DEA0C088}" = protocol=17 | dir=in | app=c:\program files\microsoft games\fable iii\fable3.exe |
    "{6E52B135-25D2-43A8-991F-43E84BFCEB01}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{75D82AB4-2EA3-4D71-829C-32C5F7AE348D}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
    "{7F809010-3A41-40EC-BCEC-3C1A38338243}" = protocol=17 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\apb.exe |
    "{82917981-4FD8-4603-9CD2-B2C59A459790}" = protocol=17 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
    "{87146083-9AB8-48A4-8957-1D9CF120EA81}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
    "{898BE9C3-AAF7-4995-864A-A2D533E20130}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{8A5CE1FA-171D-454F-90C1-55D5153FD7EB}" = dir=in | app=c:\windows\system32\lxedcoms.exe |
    "{91DB6405-7A9F-4F74-899C-62E30604FE03}" = protocol=6 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
    "{92AB192E-BDA8-4B9A-8CA1-314A744C4B3F}" = protocol=17 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
    "{9535EB17-842C-43F3-A1AF-CFD88030FF24}" = protocol=17 | dir=in | app=c:\program files\capcom\dead rising 2\deadrising2.exe |
    "{954A4C03-0206-471F-9AD5-344EB40F853F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{95A0F1D0-320F-4C32-B76F-D1AFBF5D8E96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9880F40F-D343-422D-A7BC-9F434EF4715D}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battleforge\bootstrapper.exe |
    "{9988CA10-F210-4363-ABEB-E1117F1667E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{9DF842F2-B8DE-4948-B5C5-608AF52D7661}" = protocol=17 | dir=in | app=c:\users\ruben\documents\downloads\programs\conquer_v5378_p2p_20110326.exe |
    "{A5A37B98-7D4E-46B3-A3C9-AB55A42898FD}" = dir=in | app=c:\windows\system32\lxedcoms.exe |
    "{AA663D03-29AD-460F-AB65-D6E0669A829F}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
    "{AB3DFE35-3794-4B6C-88B9-F0E619101038}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{AE402C29-75D7-48AB-AF4A-3DDF1597CB44}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{AF527310-ADB5-4C93-A032-7988C4FD5CC1}" = protocol=6 | dir=in | app=c:\program files\electronic arts\dragon age 2\bin_ship\dragonage2.exe |
    "{AF6E79CF-6FFD-4E03-8B4E-31C08CD7232F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{B3BC657F-48A1-4A1E-9122-C2640FAEF308}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B44173D3-B795-4EF3-8D9D-120B5B2FF8FE}" = protocol=6 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
    "{B8D0F949-878E-4305-B716-55F0415509CF}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{B9E4A740-233A-4D41-8F7A-63C7044BDEFB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{BF41BF24-2894-4738-BB06-A57AD1693186}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C1CDAB5B-86C2-4711-9766-153FBBE5FA95}" = protocol=6 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\apb.exe |
    "{C21FBDCC-4778-4093-9B86-188FD58713AA}" = protocol=6 | dir=in | app=c:\sc2\starcraft ii beta\starcraft ii.exe |
    "{C8576B73-AB45-4F35-B50E-B59E4D0B445B}" = dir=in | app=c:\windows\system32\lxedcoms.exe |
    "{CB36A728-9917-45A4-9EBF-11B977D6BF36}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{CC58AA2B-2478-4BF6-AF9F-FE4AE6DCCCF5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{D3F9E6F1-C383-4C27-AACE-5B3F025D5E6A}" = protocol=6 | dir=in | app=c:\program files\microsoft games\fable iii\fable3.exe |
    "{D5C0D4E0-39E3-451A-B783-DCB6871015EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{D823E0F9-CC78-40B5-AB0F-FEF262F2419B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
    "{DC10262C-AD4D-4BA0-84E3-0E9FD232AD38}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{E0059A09-53D3-4923-B690-D6ED1A4B71AA}" = protocol=6 | dir=in | app=c:\users\ruben\documents\downloads\programs\conquer_v5378_p2p_20110326.exe |
    "{ED7E3A77-DA08-4FC1-809D-91383049A8F9}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battleforge\battleforge.exe |
    "{F1B09949-3F83-43EA-8C82-47CA79AF8783}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{F33B6BFA-3C12-4F0D-AE0C-19E8BBF15BF3}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
    "{F3FCC102-19D4-4C59-9E70-E25D665E26D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F910463A-62ED-46D0-8B60-3649FCC62D50}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
    "{FAEB2A9F-7CB8-4B3F-8036-72C952A1C778}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "TCP Query User{031EEBD5-D964-47BD-8320-1B5E952EB78D}C:\program files\wizards of the coast llc\magic the gathering - duels of the planeswalkers\dotp.exe" = protocol=6 | dir=in | app=c:\program files\wizards of the coast llc\magic the gathering - duels of the planeswalkers\dotp.exe |
    "TCP Query User{03C894EB-7F1C-4E6E-A3D4-59E4A9F2D93E}C:\sc2\starcraft ii beta\versions\base15655\sc2.exe" = protocol=6 | dir=in | app=c:\sc2\starcraft ii beta\versions\base15655\sc2.exe |
    "TCP Query User{0472C468-F056-42C5-8649-0C21CE36C74F}C:\program files\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=6 | dir=in | app=c:\program files\world_of_tanks_closed_beta\wotlauncher.exe |
    "TCP Query User{13FD467F-F74A-4BE3-A8C1-EDF3C74B936C}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "TCP Query User{3BB716E8-59BF-4BAE-9C9F-FCADEAA29466}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "TCP Query User{7DC57B32-FA41-4C5E-B6D0-E0818639D18C}C:\users\ruben\documents\downloads\programs\championsonlinef2p.exe" = protocol=6 | dir=in | app=c:\users\ruben\documents\downloads\programs\championsonlinef2p.exe |
    "TCP Query User{9A5E70F3-6437-46FD-A3F2-2C102C7F53E5}C:\program files\guardians of graxia\guardiansofgraxia.exe" = protocol=6 | dir=in | app=c:\program files\guardians of graxia\guardiansofgraxia.exe |
    "TCP Query User{9DB8F6DA-E1E4-4D8E-9687-1356075E2DAA}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
    "TCP Query User{9DF9A7D2-A7CC-4D00-A66F-E616B911B983}C:\program files\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe" = protocol=6 | dir=in | app=c:\program files\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe |
    "TCP Query User{AA2A2301-5FDA-42A6-BF99-3255E8BED8EA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "TCP Query User{B9600B3B-B228-460C-A1AA-5BC5506C2A8E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{BF6648CF-535B-47C8-AD1B-3DE6E5FFBA94}C:\users\ruben\appdata\locallow\sony online entertainment\installed games\clone wars\clonewars.exe" = protocol=6 | dir=in | app=c:\users\ruben\appdata\locallow\sony online entertainment\installed games\clone wars\clonewars.exe |
    "TCP Query User{CBC1AD47-F993-429F-BF6D-3355707A2930}C:\program files\internet download manager\idman.exe" = protocol=6 | dir=in | app=c:\program files\internet download manager\idman.exe |
    "TCP Query User{F19AA824-D5C7-44C0-8315-06D65109FAB2}C:\program files\outspark\divine souls\client.exe" = protocol=6 | dir=in | app=c:\program files\outspark\divine souls\client.exe |
    "UDP Query User{0520FDED-2175-4E3B-9C24-DCEB38D54412}C:\users\ruben\appdata\locallow\sony online entertainment\installed games\clone wars\clonewars.exe" = protocol=17 | dir=in | app=c:\users\ruben\appdata\locallow\sony online entertainment\installed games\clone wars\clonewars.exe |
    "UDP Query User{1E95A249-57A3-487F-BB6F-904F2F0F629F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "UDP Query User{26F35732-112C-410A-BB71-D78D42B04220}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{2E255B29-F692-4714-A620-6FD930118A7D}C:\program files\outspark\divine souls\client.exe" = protocol=17 | dir=in | app=c:\program files\outspark\divine souls\client.exe |
    "UDP Query User{411EAC74-E176-4666-B9E5-4941F1C31574}C:\program files\wizards of the coast llc\magic the gathering - duels of the planeswalkers\dotp.exe" = protocol=17 | dir=in | app=c:\program files\wizards of the coast llc\magic the gathering - duels of the planeswalkers\dotp.exe |
    "UDP Query User{578A9A9F-ACB0-4C73-BD0E-C70BA964FEE9}C:\program files\guardians of graxia\guardiansofgraxia.exe" = protocol=17 | dir=in | app=c:\program files\guardians of graxia\guardiansofgraxia.exe |
    "UDP Query User{6AFF0057-198D-44E7-9571-02FF4E730C6F}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "UDP Query User{7D26882C-EA4B-4549-A853-A10FCEA4A7CD}C:\program files\internet download manager\idman.exe" = protocol=17 | dir=in | app=c:\program files\internet download manager\idman.exe |
    "UDP Query User{812CF7CE-212E-4653-8E53-ADFC7235F5AD}C:\program files\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=17 | dir=in | app=c:\program files\world_of_tanks_closed_beta\wotlauncher.exe |
    "UDP Query User{8F06E41B-65F7-4025-92AA-E625DBB7CBBD}C:\users\ruben\documents\downloads\programs\championsonlinef2p.exe" = protocol=17 | dir=in | app=c:\users\ruben\documents\downloads\programs\championsonlinef2p.exe |
    "UDP Query User{98904550-805D-4075-A0AE-3BF2E3B429D4}C:\program files\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe" = protocol=17 | dir=in | app=c:\program files\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe |
    "UDP Query User{A5893218-30BD-47CB-BBBE-8FC6BE58CC3A}C:\sc2\starcraft ii beta\versions\base15655\sc2.exe" = protocol=17 | dir=in | app=c:\sc2\starcraft ii beta\versions\base15655\sc2.exe |
    "UDP Query User{E9F38613-DC3D-48AA-969D-65F3F6362089}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "UDP Query User{F77C35BF-FBCC-44C7-8522-D7C4E75BC98E}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0C88C4A1-A9D7-4C28-8F06-4C2048765193}" = Magic The Gathering - Battlegrounds
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0001
    "{3A67CB4F-1626-49D5-848B-5B9BE7B2C069}" = iArtwork
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
    "{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
    "{4D565319-8B91-41CB-961C-0DDC86101AC5}" = Dragon Age II
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5CDF6674-78CA-4B1F-A3CA-BA7EAC6E4E0B}" = Nitro PDF Professional
    "{6B34251B-AB68-4b47-AA5E-09B50EFE41A0}" = Battlefield Heroes (PTE)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
    "{78B51FD5-DA3F-4B48-8F3F-4E4068F25D89}_is1" = Conquer Online 2.0
    "{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
    "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
    "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
    "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
    "{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
    "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
    "{BC90276B-BE38-451C-8E4D-FF28FF08ABF6}" = Bloodline Champions Beta
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
    "{D68D11A5-5295-4830-886A-A5CAF13E5A08}_is1" = Guardians of Graxia and Map Pack version 1.5
    "{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
    "{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
    "{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F76F7814-E628-4C7C-930A-7C6E673BED08}" = LabSim
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "APB Reloaded" = APB Reloaded
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "Battle vs. Chess_is1" = Battle vs. Chess
    "BFH Ness Manager" = BFH Ness Manager
    "Champions Online" = Champions Online
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Free PS Convert driver_is1" = Free PS Convert driver 8.15
    "Game Booster_is1" = Game Booster
    "GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
    "GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
    "GIF Viewer" = GIF Viewer 3.2
    "Grand Theft Auto Vice City - Temptresses" = Grand Theft Auto Vice City - Temptresses Screen Saver
    "Internet Download Manager" = Internet Download Manager
    "KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
    "L4D2SPUC" = Left 4 Dead 2 Standalone Patch™
    "Lexmark S600 Series" = Lexmark S600 Series
    "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
    "Magic The Gathering - Duels of the Planeswalkers_is1" = Magic The Gathering - Duels of the Planeswalkers
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Monopoly by Parker Brothers" = Monopoly by Parker Brothers
    "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
    "MyScribe" = MyScribe
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "PunkBusterSvc" = PunkBuster Services
    "Red Dead Redemption" = Red Dead Redemption Screen Saver
    "StarCraft II" = StarCraft II
    "StarCraft II Beta" = StarCraft II Beta
    "Steam App 8930" = Sid Meier's Civilization V
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "Unlocker" = Unlocker 1.9.0
    "Vector Magic" = Vector Magic
    "Vindictus" = Vindictus
    "VLC media player" = VLC media player 1.1.4
    "VobSub" = VobSub v2.23 (Remove Only)
    "Vuze_Remote Toolbar" = Vuze Remote Toolbar
    "WinRAR archiver" = WinRAR 4.00 (32-bit)
    "Xfire" = Xfire (remove only)
    "XfireXO Toolbar" = XfireXO Toolbar
    "Xvid_is1" = Xvid 1.2.2 final uninstall
    "YouTube MP3 Downloader_is1" = YouTube MP3 Downloader 2.1

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4131535426-1223570999-1301256555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "026b8b564b6e8679" = Autoadmin

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  17. nirvanafr3ak

    nirvanafr3ak TS Rookie Topic Starter Posts: 23

    That did the trick :)
     
  18. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Cool :)

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      [2011/06/13 17:23:46 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      [2011/06/12 18:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\mP28621EnNfJ28621
      [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
      [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
      [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      [2011/06/16 01:08:01 | 000,009,300 | -HS- | M] () -- C:\Users\Ruben\AppData\Local\gpcsj0vt0ce
      [2011/06/16 01:08:01 | 000,009,300 | -HS- | M] () -- C:\ProgramData\gpcsj0vt0ce
      [2011/06/15 16:08:29 | 000,011,022 | -HS- | M] () -- C:\ProgramData\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s
      [2011/06/15 16:08:28 | 000,011,022 | -HS- | M] () -- C:\Users\Ruben\AppData\Local\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s
      [2011/06/14 13:28:39 | 000,010,442 | -HS- | M] () -- C:\ProgramData\2755211163
      @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:EA029835
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  19. nirvanafr3ak

    nirvanafr3ak TS Rookie Topic Starter Posts: 23

    ========== OTL ==========
    C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Folder C:\ProgramData\mP28621EnNfJ28621\ not found.
    C:\ProgramData\SPL2B92.tmp deleted successfully.
    C:\ProgramData\SPL6F75.tmp deleted successfully.
    C:\ProgramData\SPLDA7F.tmp deleted successfully.
    C:\ProgramData\SPLEC99.tmp deleted successfully.
    C:\Windows\System32\ConduitEngine.tmp deleted successfully.
    C:\Windows\msdownld.tmp folder deleted successfully.
    C:\Users\Ruben\AppData\Local\gpcsj0vt0ce moved successfully.
    C:\ProgramData\gpcsj0vt0ce moved successfully.
    C:\ProgramData\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s moved successfully.
    C:\Users\Ruben\AppData\Local\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s moved successfully.
    C:\ProgramData\2755211163 moved successfully.
    ADS C:\ProgramData\TEMP:EA029835 deleted successfully.

    OTL by OldTimer - Version 3.2.24.0 log created on 06182011_161905


    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 2 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Disabled!
    Avira AntiVir Personal - Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 26
    Out of date Java installed!
    Adobe Flash Player 10.3.181.14
    Adobe Reader 9.4.5
    Out of date Adobe Reader installed!
    Mozilla Firefox (x86 en-US..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamgui.exe
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````


    ===========ESET SCAN===============
    C:\Program Files\Microsoft Games\Fable III\paul.dll a variant of Win32/Packed.VMProtect.AAA trojan
    C:\Program Files\The Witcher 2\bin\paul.dll a variant of Win32/Packed.VMProtect.AAA trojan
    C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Win32/Olmarik.AJL trojan
    C:\Qoobox\Quarantine\C\Users\Ruben\AppData\Roaming\4B59BA72F51519CB4E2F220CE91F6F56\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application
    C:\Users\Ruben\Documents\Downloads\Programs\unlocker1.9.0.exe Win32/Adware.ADON application



    Seems like most of ESET's scan result are false warnings but you be the judge please.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    I agree.

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  21. nirvanafr3ak

    nirvanafr3ak TS Rookie Topic Starter Posts: 23

    The comp is running great. Thank you so much. You guys are great.

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Ruben
    ->Temp folder emptied: 1115895 bytes
    ->Temporary Internet Files folder emptied: 3543285 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 83847630 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 1815 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 860 bytes
    RecycleBin emptied: 14397 bytes

    Total Files Cleaned = 84.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Ruben
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.24.0 log created on 06182011_201300

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  22. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...