Inactive Alureon, tdss malware? Issues removing from computer

[darkx]

Originally I had an AV Gaurd scanner pop up so I just blew it off as a Netsky.G Worm or rogue anti virus. Well once I took care of that it was much worse, random ads started popping up, with the internet connected "voices" start talking about news and tv without IE even open, my Vipre antivirus stopped working (couldn't update definitions), advanced system care 4 from iobit had over 9thousand ad, porn, etc sites it wanted to protect with Passive Defense, Protected Mode on IE wont turn on, and the first day of this it screwed my malwarebytes. Sysclean didn't even take care of it. Now that I've finally been able to do some scans and follow the six step I'm hoping someone will be able to help me get rid of this. Wasn't sure if the first flash can I did today that caught viruses would make a difference, but its the first mbam scan posted.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7954

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

10/15/2011 1:28:11 PM
mbam-log-2011-10-15 (13-28-11).txt

Scan type: Flash scan
Objects scanned: 131804
Time elapsed: 1 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Users\Mark\AppData\Local\Apps\appsupdate\appsupdt32.dll (Trojan.SHarpro) -> Delete on reboot.
c:\Users\Mark\AppData\Local\Adobe\adobeupdate\adobeupdt32.dll (Trojan.SHarpro) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{01DB8D44-42B3-4F79-AFC4-1FB190CCC8E2} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01DB8D44-42B3-4F79-AFC4-1FB190CCC8E2} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01DB8D44-42B3-4F79-AFC4-1FB190CCC8E2} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01DB8D44-42B3-4F79-AFC4-1FB190CCC8E2} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\The Update (Trojan.SHarpro) -> Value: The Update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AppDataLow Update (Trojan.SHarpro) -> Value: AppDataLow Update -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Mark\AppData\Local\networksys32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\Users\Mark\local settings\application data\Apps\appsupdate\appsupdt32.dll (Trojan.SHarpro) -> Delete on reboot.
c:\Users\Mark\AppData\Local\Apps\appsupdate\appsupdt32.dll (Trojan.SHarpro) -> Delete on reboot.
c:\Users\Mark\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Mark\AppData\Roaming\Adobe\plugs\mmc20365010.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Mark\AppData\Roaming\Adobe\plugs\mmc236.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Mark\AppData\Roaming\Adobe\plugs\mmc79.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Mark\local settings\application data\Adobe\adobeupdate\adobeupdt32.dll (Trojan.SHarpro) -> Delete on reboot.
c:\Users\Mark\AppData\Local\Adobe\adobeupdate\adobeupdt32.dll (Trojan.SHarpro) -> Delete on reboot.
c:\Users\Mark\local settings\application data\networksys32.dll (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.


Restarted and:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7954

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

10/15/2011 1:31:13 PM
mbam-log-2011-10-15 (13-31-13).txt

Scan type: Quick scan
Objects scanned: 40264
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-15 16:53:40
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: f:\Temp\pxldypoc.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26dd0b28
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26dd0b28@2021a5f786ae 0x96 0x95 0xE4 0x2C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26dd0b28@001fe46d49d5 0x46 0x53 0x12 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26dd0b28@00249576113c 0xDB 0x28 0x86 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26dd0b28@0015d3828585 0x37 0x59 0x74 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26dd0b28@2021a5ceeec3 0x8A 0x4B 0x94 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26dd0b28@3816d12a9793 0x2B 0xA9 0x64 0xC1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0xF3 0xE0 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x35 0x48 0xB9 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x13 0xED 0xDE 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x87 0xEB 0xB8 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xEF 0x8B 0xF1 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDE 0xA7 0xC6 0xAC ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26dd0b28 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26dd0b28@2021a5f786ae 0x96 0x95 0xE4 0x2C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26dd0b28@001fe46d49d5 0x46 0x53 0x12 0x40 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26dd0b28@00249576113c 0xDB 0x28 0x86 0x30 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26dd0b28@0015d3828585 0x37 0x59 0x74 0x83 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26dd0b28@2021a5ceeec3 0x8A 0x4B 0x94 0x5D ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26dd0b28@3816d12a9793 0x2B 0xA9 0x64 0xC1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0xF3 0xE0 0x60 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x35 0x48 0xB9 0x16 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x13 0xED 0xDE 0x34 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x87 0xEB 0xB8 0xF2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xEF 0x8B 0xF1 0x24 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDE 0xA7 0xC6 0xAC ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Disabled (Startup Manager)@igndlm.exe C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB14408$\1307381887 0 bytes
File C:\Windows\$NtUninstallKB14408$\3632275255 0 bytes

---- EOF - GMER 1.0.15 ----


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_20
Run by Mark at 17:10:12 on 2011-10-15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1484 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\system32\lxdpcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Lexmark Z2300 Series\lxdpMsdMon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\Windows\REGEDIT.EXE
C:\Windows\REGEDIT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - MSN Toolbar BHO
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe" -autorun
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRun: [WindowsTrayProfile] rundll32.exe "c:\programdata\WindowsTrayProfile.dll",DllRegisterServer
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10x_ActiveX.exe -update activex
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [lxdpmon.exe] "c:\program files\lexmark z2300 series\lxdpmon.exe"
mRun: [lxdpamon] "c:\program files\lexmark z2300 series\lxdpamon.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
uPolicies-explorer: DisableThumbnailsOnNetworkFolders = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoStrCmpLogical = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableStartupSound = 1 (0x1)
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{5D1C303C-8FFD-454E-A0F2-8C69B6786967} : DhcpNameServer = 67.14.214.5 67.14.214.9
TCP: Interfaces\{AEA707A9-CAA3-4D3F-AD6E-E11C8044C27A} : NameServer = 67.14.214.5,67.14.214.9
TCP: Interfaces\{BA605217-5848-4EA3-8D1D-92C75C299DA1} : DhcpNameServer = 67.14.214.5 67.14.214.9
TCP: Interfaces\{C91AF9B2-C392-4437-8829-54B3C897ABE8} : DhcpNameServer = 67.14.214.5 67.14.214.9
TCP: Interfaces\{CCCD8129-FC46-44AA-AD96-BCD9F26ECB6E} : DhcpNameServer = 67.14.214.5 67.14.214.9
TCP: Interfaces\{D2BC8AE5-6E4D-4758-8C27-F8A603A8C33D} : DhcpNameServer = 67.14.214.5 67.14.214.9
TCP: Interfaces\{DB943B22-1045-4C31-BB95-2EEB3528E00E} : DhcpNameServer = 67.14.214.5 67.14.214.9
TCP: Interfaces\{F6F7EA89-08F2-49A0-837D-F2E163D2F55E} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{FB918CEB-6012-430F-A293-72D37280105B} : DhcpNameServer = 67.14.214.5 67.14.214.9
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-4-23 25896]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-8-29 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-12-8 78936]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-10-12 328536]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-4-28 176128]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2008-1-20 21504]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-15 366152]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-8-29 74456]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-28 8396800]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-28 247296]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-15 22216]
R3 pxldypoc;pxldypoc;f:\temp\pxldypoc.sys [2011-10-15 100864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\drivers\MRVW24B.sys [2008-3-19 310016]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2011-5-3 348160]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 gameupdater;Game Updater; [x]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\googleupdate.exe /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
.
=============== File Associations ===============
.
.txt=GetDiz.TextFile
.
=============== Created Last 30 ================
.
2011-10-15 18:25:26 -------- d-----w- c:\users\mark\appdata\roaming\Malwarebytes
2011-10-15 18:25:18 -------- d-----w- c:\programdata\Malwarebytes
2011-10-15 18:25:13 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-15 18:25:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-15 17:46:49 -------- d-----w- c:\users\mark\appdata\local\{F97BD6E5-174B-4BED-BAFD-A906A5ABAABD}
2011-10-15 16:38:06 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{39eb116c-22a0-4c9b-9a83-8840ac494f42}\mpengine.dll
2011-10-14 21:40:51 -------- d-----w- c:\users\mark\appdata\roaming\Sunbelt
2011-10-13 17:06:02 -------- d-----w- C:\TEMP
2011-10-13 02:58:25 -------- d-----w- C:\edd269d7d5d6738fe07e5365cd98
2011-10-13 01:47:17 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-10-13 01:47:17 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-10-12 21:10:47 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 21:10:47 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 21:10:47 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-12 21:10:47 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 21:09:22 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 21:08:43 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 21:08:43 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 21:08:43 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 21:08:43 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 15:47:43 88 ----a-w- c:\users\mark\appdata\roaming\netstat.bat
2011-10-12 15:16:29 -------- d-----w- c:\windows\pss
2011-10-06 15:40:28 -------- d-----w- c:\users\mark\sysclean
2011-10-04 00:36:16 81920 ----a-w- c:\programdata\WindowsTrayProfile.dll
2011-10-03 14:32:37 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-03 14:32:36 758784 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-09-28 12:18:07 -------- d-----w- c:\users\mark\appdata\roaming\Lexmark Productivity Studio
2011-09-27 17:09:42 147968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdpdrpp.dll
2011-09-27 16:43:24 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2011-09-27 16:21:44 -------- d-----w- c:\programdata\Ezprint
2011-09-27 16:21:22 -------- d-----w- c:\program files\Lexmark Toolbar
2011-09-27 16:19:41 -------- d-----w- C:\drivers
2011-09-25 19:41:13 -------- d-----w- C:\AeriaGames
2011-09-25 17:03:17 -------- d-----w- c:\program files\common files\Akamai
.
==================== Find3M ====================
.
2011-10-12 21:11:17 916480 ----a-w- c:\windows\system32\wininet.dll
2011-10-12 21:11:17 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-12 21:11:15 385024 ----a-w- c:\windows\system32\html.iec
2011-10-12 21:11:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-12 21:11:15 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-12 21:11:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-12 21:11:14 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-10-12 21:11:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-04 01:11:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 17:30:42 42832 ----a-w- c:\windows\system32\sbbd.exe
2011-08-29 22:36:34 74456 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-08-29 22:36:34 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-29 03:22:06 8396800 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-29 02:44:08 18388480 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-29 02:41:00 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-29 02:40:46 726528 ----a-w- c:\windows\system32\aticfx32.dll
2011-07-29 02:36:28 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-29 02:35:54 401408 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-29 02:35:26 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-29 02:34:12 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-07-29 02:33:56 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-29 02:33:44 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-29 02:33:36 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-29 02:33:28 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-29 02:30:28 4198912 ----a-w- c:\windows\system32\atidxx32.dll
2011-07-29 02:11:44 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-07-29 02:11:16 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-29 02:11:04 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-29 02:09:12 4256768 ----a-w- c:\windows\system32\atiumdag.dll
2011-07-29 02:07:26 8247296 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-29 02:04:00 4056064 ----a-w- c:\windows\system32\atiumdva.dll
2011-07-29 02:01:50 52736 ----a-w- c:\windows\system32\coinst.dll
2011-07-29 01:54:44 266240 ----a-w- c:\windows\system32\SETDB59.tmp
2011-07-29 01:54:44 266240 ----a-w- c:\windows\system32\SETA520.tmp
2011-07-29 01:54:44 266240 ----a-w- c:\windows\system32\SET277A.tmp
2011-07-29 01:54:44 266240 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-29 01:54:32 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-29 01:54:20 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-07-29 01:53:48 247296 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-29 01:53:16 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-07-29 01:53:02 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-07-29 01:52:40 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-07-29 01:52:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-29 01:51:06 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-29 01:51:06 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-22 20:51:50 94208 ----a-w- c:\windows\system32\dpl100.dll
.
============= FINISH: 17:16:06.62 ===============

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[darkx]

TDSSKiller wont run, I turned on Task Manager to see what it does and as soon as I give it permission to run the program it is no longer listed as an ongoing process. Tried in both safemode and regular windows.

 

[Broni]

I forgot to mention....I still need Attach.txt part of DDS, so please post that.

Then....

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[darkx]

Zipped Attach file

 

[Broni]

No, I need a straight text to be PASTED into your reply.

 

[darkx]

Sorry, instructions on the attach file said to zip and attach the file =). Well, I'm pretty sure combofix removed something but my firewall is still blocking outgoing connections, and protected mode on IE still wont turn on. My firewall is now blocking the google redirect sites, but the links are still sending me to different urls.


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 5/29/2008 8:47:49 AM
System Uptime: 10/15/2011 6:19:06 PM (17 hours ago)
.
Motherboard: Dell Inc. | | 0TP406
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU | 2394/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 105.867 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 10.513 GiB free.
E: is CDROM (UDF)
F: is FIXED (NTFS) - 466 GiB total, 177.714 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
Description: XPS MiniView
Device ID: USB\VID_BEEF&PID_0006\AAAAAAAAAAAAAAAAAAAA
Manufacturer: Microsoft Co
Name: XPS MiniView
PNP Device ID: USB\VID_BEEF&PID_0006\AAAAAAAAAAAAAAAAAAAA
Service: WUDFRd
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001204-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&AECAFE3&0&2021A5F786AE_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001204-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&AECAFE3&0&2021A5F786AE_C00000000
Service:
.
==== System Restore Points ===================
.
RP1520: 10/14/2011 7:36:10 PM - Windows Defender Checkpoint
RP1521: 10/15/2011 11:06:56 AM - Restore Operation
RP1523: 10/15/2011 1:39:20 PM - IObit Uninstaller restore point
RP1524: 10/15/2011 1:40:11 PM - Removed VIPRE Antivirus.
RP1526: 10/15/2011 1:42:28 PM - IObit Uninstaller restore point
RP1527: 10/16/2011 2:04:47 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
.
µTorrent
3dsmax ancillary install
7-Zip 4.57
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.3.1
Advanced SystemCare 3
Advanced SystemCare 4
Akamai NetSession Interface
ASIO4ALL
ATI Catalyst Install Manager
AVS Image Converter 1.3.3.146
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Calix iMS
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Conexant D850 PCI V.92 Modem
Convert Image To PDF
Curse Client
D3DX10
Data Lifeguard Tools
Dell Getting Started Guide
Dell Support Center
Delta Force Land Warrior
Deus Ex
DEVIL MAY CRY 4
Diablo II
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DOSShell 1.7
Dungeon Siege Legends of Aranna
EA Download Manager
Fallout 3
Far Cry 2
ffdshow
Game Booster 3
GetDiz
Google Update Helper
Half-Life
Half-Life 2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections 12.1.12.4
J2SE Runtime Environment 5.0 Update 21
J2SE Runtime Environment 5.0 Update 22
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 4
Junk Mail filter update
Lexmark Z2300 Series
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Microsoft XNA Framework Redistributable 1.0 Refresh
Modem Diagnostic Tool
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WG111v3 wireless USB 2.0 adapter
NetWaiting
NVIDIA PhysX
PC Matic 1.1.0.33
PhotoPad Image Editor
Product Documentation Launcher
Quake 4(TM)
QuickSFV
rayman2
Recuva
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB2251487)
Segoe UI
Shaiya(US)
Sierra On-Line Games (Remove only)
SigmaTel Audio
Skype™ 4.1
SpaceForce - Rogue Universe
SpellForce 2 Patch
Spelling Dictionaries Support For Adobe Reader 8
Steam(TM)
TeamSpeak 3 Client
The Clockwork Man 2 The Hidden World Ultimate Edition 1.00
The Sims™ 3
Tomb Raider: Legend 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Web Sudoku Deluxe 1.2.2
WebEx Support Manager for Internet Explorer
WIDCOMM Bluetooth Software 6.0.1.4300
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinISO 5.3
WinRAR archiver
World of Warcraft
XPS MiniView Gadget
Xvid 1.1.3 final uninstall
Yahoo! Messenger
Yahoo! Software Update
Zuma's Revenge - Adventure
.
==== Event Viewer Messages From Past Week ========
.
10/16/2011 10:10:09 AM, Error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
10/15/2011 6:21:36 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/15/2011 6:19:48 PM, Error: Service Control Manager [7023] - The Diagnostic Policy Service service terminated with the following error: Access is denied.
10/15/2011 6:19:30 PM, Error: Microsoft-Windows-TaskScheduler [701] - Task Scheduler service failed to start Task Compatibility module. Tasks may not be able to register on previous Window versions. Additional Data: Error Value: 2147942405.
10/15/2011 6:19:23 PM, Error: volmgr [46] - Crash dump initialization failed!
10/15/2011 6:16:31 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/15/2011 6:16:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss RtlProt SbTis Smb spldr tdx Wanarpv6
10/15/2011 6:16:29 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/15/2011 6:16:29 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2011 6:16:29 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2011 6:16:29 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/15/2011 6:16:29 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/15/2011 6:16:29 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2011 6:16:29 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/15/2011 6:16:29 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/15/2011 6:16:29 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2011 6:16:29 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2011 6:16:29 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/15/2011 6:16:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/15/2011 6:16:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/15/2011 6:15:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/15/2011 6:15:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/15/2011 6:15:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/15/2011 6:15:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/15/2011 11:33:19 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
10/15/2011 1:46:08 PM, Error: Service Control Manager [7000] - The VIPRE Antivirus service failed to start due to the following error: The system cannot find the path specified.
10/14/2011 3:17:16 PM, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.DX&threatid=153303 Scan ID: {7E124DC1-B6B7-4F9B-A9FA-3DD7A8C44A8D} Scan Type: AntiMalware User: Mark-PC\Mark Name: Trojan:Win32/Alureon.DX ID: 153303 Severity ID: 5 Category ID: 8 Path: Action: Remove Error Code: 0x80508025 Error description: To see how to finish removing spyware and other potentially unwanted software, see this support article on the Microsoft Security website.
10/14/2011 3:13:25 PM, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.DX&threatid=153303 Scan ID: {5D0A6D92-36B0-4363-9901-19FAA4C7E93A} Scan Type: AntiMalware User: Mark-PC\Mark Name: Trojan:Win32/Alureon.DX ID: 153303 Severity ID: 5 Category ID: 8 Path: Action: Remove Error Code: 0x80508025 Error description: To see how to finish removing spyware and other potentially unwanted software, see this support article on the Microsoft Security website.
10/14/2011 2:00:24 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.5 for the Network Card with network address E091F59C5F7D has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
10/14/2011 12:53:54 PM, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/14/2011 12:53:54 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/14/2011 12:53:54 PM, Error: Service Control Manager [7031] - The KtmRm for Distributed Transaction Coordinator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
10/14/2011 12:53:54 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/14/2011 12:53:54 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/14/2011 12:53:51 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/14/2011 12:53:51 PM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/14/2011 12:53:51 PM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/14/2011 12:53:51 PM, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/14/2011 12:53:46 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/14/2011 12:53:46 PM, Error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/14/2011 12:53:46 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/14/2011 12:53:46 PM, Error: Service Control Manager [7031] - The Secure Socket Tunneling Protocol Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/14/2011 12:53:46 PM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/14/2011 12:53:46 PM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/14/2011 12:53:46 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/14/2011 12:53:46 PM, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
10/14/2011 12:53:39 PM, Error: Service Control Manager [7034] - The VIPRE Antivirus service terminated unexpectedly. It has done this 1 time(s).
10/14/2011 12:53:25 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/14/2011 12:52:58 PM, Error: Service Control Manager [7034] - The SB Recovery Service service terminated unexpectedly. It has done this 1 time(s).
10/14/2011 12:52:41 PM, Error: Service Control Manager [7031] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/13/2011 1:50:00 PM, Error: EventLog [6008] - The previous system shutdown at 1:47:59 PM on 10/13/2011 was unexpected.
10/12/2011 9:47:54 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.95.1304.0 Loading engine version: 1.1.6402.0
10/12/2011 8:41:09 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.3 for the Network Card with network address E091F59C5F7D has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
10/12/2011 8:37:53 PM, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.DX&threatid=153303 Scan ID: {B33DDD85-7FD6-47A8-AD0F-900256F420DB} Scan Type: AntiMalware User: Mark-PC\Mark Name: Trojan:Win32/Alureon.DX ID: 153303 Severity ID: 5 Category ID: 8 Path: Action: Remove Error Code: 0x80508025 Error description: To see how to finish removing spyware and other potentially unwanted software, see this support article on the Microsoft Security website.
10/12/2011 3:55:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdp_device service to connect.
10/12/2011 3:55:02 PM, Error: Service Control Manager [7000] - The lxdp_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2011 3:53:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr
10/12/2011 3:53:50 PM, Error: Service Control Manager [7023] -
10/12/2011 3:53:50 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
10/12/2011 3:53:50 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
10/12/2011 3:50:22 PM, Error: Service Control Manager [7000] - The tmcomm service failed to start due to the following error: A device attached to the system is not functioning.
10/12/2011 3:01:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/12/2011 3:01:50 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2011 3:01:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/12/2011 2:55:50 PM, Error: Service Control Manager [7030] - The Advanced SystemCare Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/12/2011 10:19:40 AM, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.DX&threatid=153303 Scan ID: {C0099BB6-A784-4F10-AF1E-7FBA19721EF7} Scan Type: AntiMalware User: Mark-PC\Mark Name: Trojan:Win32/Alureon.DX ID: 153303 Severity ID: 5 Category ID: 8 Path: Action: Remove Error Code: 0x80508025 Error description: To see how to finish removing spyware and other potentially unwanted software, see this support article on the Microsoft Security website.
10/11/2011 11:21:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
.
==== End Of File ===========================





ComboFix 11-10-15.04 - Mark 10/16/2011 20:00:58.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2347 [GMT -5:00]
Running from: c:\users\Mark\Desktop\yourname.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\WindowsTrayProfile.dll
c:\users\Mark\AppData\Local\.#
c:\users\Mark\AppData\Local\._Revolution_
c:\users\Mark\AppData\Roaming\Adobe\plugs
c:\users\Mark\AppData\Roaming\Adobe\shed
c:\users\Mark\Play .lnk
c:\windows\$NtUninstallKB14408$
c:\windows\$NtUninstallKB14408$\1307381887
.
.
((((((((((((((((((((((((( Files Created from 2011-09-17 to 2011-10-17 )))))))))))))))))))))))))))))))
.
.
2011-10-17 01:34 . 2011-10-17 01:34 -------- d-----w- c:\users\Mark\AppData\Local\temp
2011-10-17 01:34 . 2011-10-17 01:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-17 00:56 . 2011-10-17 00:56 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39EB116C-22A0-4C9B-9A83-8840AC494F42}\offreg.dll
2011-10-15 18:25 . 2011-10-15 18:25 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
2011-10-15 18:25 . 2011-10-15 18:25 -------- d-----w- c:\programdata\Malwarebytes
2011-10-15 18:25 . 2011-10-15 18:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-15 18:25 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-15 16:38 . 2011-09-21 14:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39EB116C-22A0-4C9B-9A83-8840AC494F42}\mpengine.dll
2011-10-14 21:40 . 2011-10-14 21:40 -------- d-----w- c:\users\Mark\AppData\Roaming\Sunbelt
2011-10-13 17:06 . 2011-10-15 18:37 -------- d-----w- C:\TEMP
2011-10-13 02:58 . 2011-10-15 16:23 -------- d-----w- C:\edd269d7d5d6738fe07e5365cd98
2011-10-13 01:47 . 2011-10-13 01:47 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-10-13 01:47 . 2011-10-13 01:47 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-10-12 21:10 . 2011-10-12 21:10 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 21:10 . 2011-10-12 21:10 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 21:10 . 2011-10-12 21:10 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-12 21:10 . 2011-10-12 21:10 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 21:09 . 2011-10-12 21:09 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 21:08 . 2011-10-12 21:08 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 21:08 . 2011-10-12 21:08 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 21:08 . 2011-10-12 21:08 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 21:08 . 2011-10-12 21:08 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 15:47 . 2011-10-12 15:47 88 ----a-w- c:\users\Mark\AppData\Roaming\netstat.bat
2011-10-06 15:40 . 2011-10-15 16:24 -------- d-----w- c:\users\Mark\sysclean
2011-10-04 17:06 . 2011-10-04 17:06 -------- d-----w- c:\program files\QuickTime
2011-10-04 03:44 . 2011-10-04 03:44 -------- d-----w- c:\windows\Sun
2011-10-03 14:32 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-03 14:32 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-09-28 12:18 . 2011-09-28 12:18 -------- d-----w- c:\users\Mark\AppData\Roaming\Lexmark Productivity Studio
2011-09-27 17:09 . 2009-08-13 12:02 147968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdpdrpp.dll
2011-09-27 16:53 . 2011-09-27 16:53 -------- d-----w- c:\users\Mark\AppData\Roaming\Yahoo!
2011-09-27 16:43 . 2011-09-27 16:43 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2011-09-27 16:21 . 2011-09-27 16:21 -------- d-----w- c:\programdata\Ezprint
2011-09-27 16:21 . 2011-09-27 16:21 -------- d-----w- c:\program files\Lexmark Toolbar
2011-09-27 16:19 . 2011-09-27 16:19 -------- d-----w- C:\drivers
2011-09-25 19:41 . 2011-09-25 19:41 -------- d-----w- C:\AeriaGames
2011-09-25 17:03 . 2011-10-17 00:56 -------- d-----w- c:\program files\Common Files\Akamai
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-04 01:11 . 2011-06-28 18:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 17:30 . 2011-09-06 17:30 42832 ----a-w- c:\windows\system32\sbbd.exe
2011-08-29 22:36 . 2011-08-29 22:36 74456 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-08-29 22:36 . 2011-08-29 22:36 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-29 03:22 . 2011-07-29 03:22 8396800 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-29 02:44 . 2011-07-29 02:44 18388480 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-29 02:41 . 2011-07-29 02:41 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-29 02:40 . 2011-07-08 08:29 726528 ----a-w- c:\windows\system32\aticfx32.dll
2011-07-29 02:36 . 2009-04-29 02:08 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-29 02:35 . 2009-04-29 02:08 401408 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-29 02:35 . 2009-04-29 02:07 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-29 02:34 . 2011-07-29 02:34 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-07-29 02:33 . 2011-07-29 02:33 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-29 02:33 . 2011-07-29 02:33 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-29 02:33 . 2011-07-29 02:33 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-29 02:33 . 2011-07-29 02:33 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-29 02:30 . 2011-07-08 08:19 4198912 ----a-w- c:\windows\system32\atidxx32.dll
2011-07-29 02:11 . 2011-07-29 02:11 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-07-29 02:11 . 2011-07-29 02:11 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-29 02:11 . 2011-07-29 02:11 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-29 02:09 . 2011-07-29 02:09 4256768 ----a-w- c:\windows\system32\atiumdag.dll
2011-07-29 02:07 . 2011-07-29 02:07 8247296 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-29 02:04 . 2011-07-29 02:04 4056064 ----a-w- c:\windows\system32\atiumdva.dll
2011-07-29 02:01 . 2010-08-04 06:23 52736 ----a-w- c:\windows\system32\coinst.dll
2011-07-29 01:54 . 2011-07-29 01:54 266240 ----a-w- c:\windows\system32\SETDB59.tmp
2011-07-29 01:54 . 2011-07-29 01:54 266240 ----a-w- c:\windows\system32\SETA520.tmp
2011-07-29 01:54 . 2011-07-29 01:54 266240 ----a-w- c:\windows\system32\SET277A.tmp
2011-07-29 01:54 . 2009-04-29 01:24 266240 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-29 01:54 . 2011-07-29 01:54 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-29 01:54 . 2011-07-29 01:54 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-07-29 01:53 . 2011-07-29 01:53 247296 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-29 01:53 . 2011-07-08 07:46 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-07-29 01:53 . 2010-08-04 06:14 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-07-29 01:52 . 2010-08-04 06:14 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-07-29 01:52 . 2011-07-29 01:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-29 01:51 . 2011-07-29 01:51 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-29 01:51 . 2011-07-29 01:51 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-07-02 198864]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-04-09 228808]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-29 61440]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe" [2010-02-04 672424]
"lxdpamon"="c:\program files\Lexmark Z2300 Series\lxdpamon.exe" [2010-02-04 16040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2469888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"DisableThumbnailsOnNetworkFolders"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2174720606-4190547358-4225541194-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\DRIVERS\MRVW24B.sys [2008-03-19 310016]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-10-14 348160]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gameupdater;Game Updater; [x]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-12 721904]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-08-29 101720]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-29 176128]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe [2007-11-19 589824]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-08-29 74456]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-29 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-29 247296]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
ipripsvc REG_MULTI_SZ iprip
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{AEA707A9-CAA3-4D3F-AD6E-E11C8044C27A}: NameServer = 67.14.214.5,67.14.214.9
.
.
------- File Associations -------
.
.txt=GetDiz.TextFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-WindowsTrayProfile - c:\programdata\WindowsTrayProfile.dll
SafeBoot-SBAMSvc
SafeBoot-SBPIMSvc
AddRemove-Convert Image To PDF_is1 - c:\program files\Softinterface
AddRemove-Delta Force Land Warrior - c:\users\public\games\Delta Force Land Warrior\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-16 20:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_b31de1e.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_b31de1e.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2174720606-4190547358-4225541194-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:4d,69,ae,11,ab,91,fc,20,53,f4,1e,88,69,1b,f6,5e,b3,a6,5c,98,0d,80,b4,
ba,b6,3b,65,f3,15,ef,68,55,27,79,29,13,31,ff,84,7c,7f,cf,3d,b4,02,e6,c9,11,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-2174720606-4190547358-4225541194-1000\Software\SecuROM\License information*]
"datasecu"=hex:8b,f8,9b,ac,63,ba,f3,7c,c3,5f,79,4f,79,76,e9,12,50,65,af,b3,95,
58,14,72,5a,8a,fa,dc,eb,cc,2c,2b,84,4e,dc,0d,0f,39,5a,66,69,44,5a,1f,c3,bf,\
"rkeysecu"=hex:65,50,10,ba,aa,05,a0,35,f5,28,66,98,f1,0b,7b,67
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-16 20:51:53
ComboFix-quarantined-files.txt 2011-10-17 01:51
.
Pre-Run: 111,170,625,536 bytes free
Post-Run: 110,932,799,488 bytes free
.
- - End Of File - - 4BB5EC01320B011CB40BD5CD3AB5C681

 

[darkx]

And the tv/news/music is still starting up with the internet connected, browser open or not.

 

[Broni]

Uninstall Advanced System Care.
Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?

======================================================================

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box
• Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\SETDB59.tmp
c:\windows\system32\SETA520.tmp
c:\windows\system32\SET277A.tmp


Folder::

Driver::
gameupdater
gupdate
gupdatem


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[darkx]

Unistalled Advanced SystemCare. Usually I don't use it as a reg cleaner, more for some of the tools like gamebooster and the uninstaller which can be very useful.

Log

ComboFix 11-10-15.04 - Mark 10/16/2011 23:12:01.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1912 [GMT -5:00]
Running from: c:\users\Mark\Desktop\yourname.exe
Command switches used :: c:\users\Mark\Desktop\CFScript.txt
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
FILE ::
"c:\windows\system32\SET277A.tmp"
"c:\windows\system32\SETA520.tmp"
"c:\windows\system32\SETDB59.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET277A.tmp
c:\windows\system32\SETA520.tmp
c:\windows\system32\SETDB59.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GAMEUPDATER
-------\Legacy_GUPDATE
-------\Legacy_GUPDATEM
-------\Service_gameupdater
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2011-09-17 to 2011-10-17 )))))))))))))))))))))))))))))))
.
.
2011-10-17 04:49 . 2011-10-17 04:49 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39EB116C-22A0-4C9B-9A83-8840AC494F42}\offreg.dll
2011-10-17 04:46 . 2011-10-17 04:46 -------- d-----w- c:\users\Mark\AppData\Local\temp
2011-10-17 04:46 . 2011-10-17 04:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-17 03:15 . 2011-10-17 03:34 -------- d-----w- c:\programdata\Comodo
2011-10-17 03:15 . 2011-10-17 03:15 -------- d-----w- c:\program files\COMODO
2011-10-17 03:15 . 2011-10-17 03:15 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-10-17 03:15 . 2011-10-17 03:15 -------- d-----w- c:\programdata\Comodo Downloader
2011-10-16 17:43 . 2011-10-17 01:52 -------- d-----w- C:\yourname
2011-10-15 18:25 . 2011-10-15 18:25 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
2011-10-15 18:25 . 2011-10-15 18:25 -------- d-----w- c:\programdata\Malwarebytes
2011-10-15 18:25 . 2011-10-15 18:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-15 18:25 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-15 16:38 . 2011-09-21 14:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39EB116C-22A0-4C9B-9A83-8840AC494F42}\mpengine.dll
2011-10-14 21:40 . 2011-10-14 21:40 -------- d-----w- c:\users\Mark\AppData\Roaming\Sunbelt
2011-10-13 17:06 . 2011-10-15 18:37 -------- d-----w- C:\TEMP
2011-10-13 02:58 . 2011-10-15 16:23 -------- d-----w- C:\edd269d7d5d6738fe07e5365cd98
2011-10-13 01:47 . 2011-10-13 01:47 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-10-13 01:47 . 2011-10-13 01:47 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-10-12 21:10 . 2011-10-12 21:10 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 21:10 . 2011-10-12 21:10 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 21:10 . 2011-10-12 21:10 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-12 21:10 . 2011-10-12 21:10 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 21:09 . 2011-10-12 21:09 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 21:08 . 2011-10-12 21:08 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 21:08 . 2011-10-12 21:08 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 21:08 . 2011-10-12 21:08 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 21:08 . 2011-10-12 21:08 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 15:47 . 2011-10-12 15:47 88 ----a-w- c:\users\Mark\AppData\Roaming\netstat.bat
2011-10-07 23:47 . 2011-10-07 23:47 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 23:47 . 2011-10-07 23:47 488208 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 23:47 . 2011-10-07 23:47 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 23:47 . 2011-10-07 23:47 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 23:47 . 2011-10-07 23:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 23:47 . 2011-10-07 23:47 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-06 15:40 . 2011-10-15 16:24 -------- d-----w- c:\users\Mark\sysclean
2011-10-04 17:06 . 2011-10-04 17:06 -------- d-----w- c:\program files\QuickTime
2011-10-04 03:44 . 2011-10-04 03:44 -------- d-----w- c:\windows\Sun
2011-10-03 14:32 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-03 14:32 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-09-28 12:18 . 2011-09-28 12:18 -------- d-----w- c:\users\Mark\AppData\Roaming\Lexmark Productivity Studio
2011-09-27 17:09 . 2009-08-13 12:02 147968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdpdrpp.dll
2011-09-27 16:53 . 2011-09-27 16:53 -------- d-----w- c:\users\Mark\AppData\Roaming\Yahoo!
2011-09-27 16:43 . 2011-09-27 16:43 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2011-09-27 16:21 . 2011-09-27 16:21 -------- d-----w- c:\programdata\Ezprint
2011-09-27 16:21 . 2011-09-27 16:21 -------- d-----w- c:\program files\Lexmark Toolbar
2011-09-27 16:19 . 2011-09-27 16:19 -------- d-----w- C:\drivers
2011-09-25 19:41 . 2011-09-25 19:41 -------- d-----w- C:\AeriaGames
2011-09-25 17:03 . 2011-10-17 04:49 -------- d-----w- c:\program files\Common Files\Akamai
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-04 01:11 . 2011-06-28 18:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 17:30 . 2011-09-06 17:30 42832 ----a-w- c:\windows\system32\sbbd.exe
2011-08-29 22:36 . 2011-08-29 22:36 74456 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-08-29 22:36 . 2011-08-29 22:36 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-29 03:22 . 2011-07-29 03:22 8396800 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-29 02:44 . 2011-07-29 02:44 18388480 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-29 02:41 . 2011-07-29 02:41 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-29 02:40 . 2011-07-08 08:29 726528 ----a-w- c:\windows\system32\aticfx32.dll
2011-07-29 02:36 . 2009-04-29 02:08 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-29 02:35 . 2009-04-29 02:08 401408 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-29 02:35 . 2009-04-29 02:07 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-29 02:34 . 2011-07-29 02:34 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-07-29 02:33 . 2011-07-29 02:33 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-29 02:33 . 2011-07-29 02:33 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-29 02:33 . 2011-07-29 02:33 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-29 02:33 . 2011-07-29 02:33 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-29 02:30 . 2011-07-08 08:19 4198912 ----a-w- c:\windows\system32\atidxx32.dll
2011-07-29 02:11 . 2011-07-29 02:11 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-07-29 02:11 . 2011-07-29 02:11 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-29 02:11 . 2011-07-29 02:11 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-29 02:09 . 2011-07-29 02:09 4256768 ----a-w- c:\windows\system32\atiumdag.dll
2011-07-29 02:07 . 2011-07-29 02:07 8247296 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-29 02:04 . 2011-07-29 02:04 4056064 ----a-w- c:\windows\system32\atiumdva.dll
2011-07-29 02:01 . 2010-08-04 06:23 52736 ----a-w- c:\windows\system32\coinst.dll
2011-07-29 01:54 . 2009-04-29 01:24 266240 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-29 01:54 . 2011-07-29 01:54 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-29 01:54 . 2011-07-29 01:54 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-07-29 01:53 . 2011-07-29 01:53 247296 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-29 01:53 . 2011-07-08 07:46 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-07-29 01:53 . 2010-08-04 06:14 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-07-29 01:52 . 2010-08-04 06:14 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-07-29 01:52 . 2011-07-29 01:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-29 01:51 . 2011-07-29 01:51 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-29 01:51 . 2011-07-29 01:51 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-04-09 228808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-29 61440]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe" [2010-02-04 672424]
"lxdpamon"="c:\program files\Lexmark Z2300 Series\lxdpamon.exe" [2010-02-04 16040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-07 2497864]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2469888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"DisableThumbnailsOnNetworkFolders"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2174720606-4190547358-4225541194-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\DRIVERS\MRVW24B.sys [2008-03-19 310016]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-10-14 348160]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-12 721904]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 488208]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 38616]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-08-29 101720]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-29 176128]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 154424]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe [2007-11-19 589824]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-08-29 74456]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-29 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-29 247296]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
ipripsvc REG_MULTI_SZ iprip
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{AEA707A9-CAA3-4D3F-AD6E-E11C8044C27A}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{F6F7EA89-08F2-49A0-837D-F2E163D2F55E}: NameServer = 8.26.56.26,156.154.70.22
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-16 23:53
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_b31de1e.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_b31de1e.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2174720606-4190547358-4225541194-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:4d,69,ae,11,ab,91,fc,20,53,f4,1e,88,69,1b,f6,5e,b3,a6,5c,98,0d,80,b4,
ba,b6,3b,65,f3,15,ef,68,55,27,79,29,13,31,ff,84,7c,7f,cf,3d,b4,02,e6,c9,11,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-2174720606-4190547358-4225541194-1000\Software\SecuROM\License information*]
"datasecu"=hex:8b,f8,9b,ac,63,ba,f3,7c,c3,5f,79,4f,79,76,e9,12,50,65,af,b3,95,
58,14,72,5a,8a,fa,dc,eb,cc,2c,2b,84,4e,dc,0d,0f,39,5a,66,69,44,5a,1f,c3,bf,\
"rkeysecu"=hex:65,50,10,ba,aa,05,a0,35,f5,28,66,98,f1,0b,7b,67
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(724)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(3916)
c:\windows\system32\guard32.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-10-17 00:12:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-17 05:12
ComboFix2.txt 2011-10-17 01:52
.
Pre-Run: 109,487,202,304 bytes free
Post-Run: 111,421,333,504 bytes free
.
- - End Of File - - ACC9E9670F19F01DB87D81FE5DDCEAF4

 

[darkx]

Oh, while my father was visiting today he installed Comodo firewall. I hope that doesn't interfere with anything, I made sure it was disabled before scanning. Thing is a pain so far.

 

[Broni]

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[darkx]

So far, google redirect doesn't seem to be a problem and I haven't been hearing "voices" today while connected to the internet. Malwarebytes has been blocking potentally harmful outgoing internet connections off and on still, and after restarting the computer if I don't hit remember my answer on comodo I get a decent sized handful of iexplorer trying access different files, to change registry settings, etc notifications, without me using IE. svchost keeps causing notifications on comodo, saying I'm about to recieve a connection from another computer. My father who is an internet technition/customer service representative for a local internet provider also changed a couple of internet settings, that has returned my pop up blocker to normal but protected mode still isn't working.




OTL Extras logfile created on: 10/17/2011 6:28:32 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mark\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 57.86% Memory free
6.19 Gb Paging File | 5.00 Gb Available in Paging File | 80.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 103.76 Gb Free Space | 36.66% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.41 Gb Free Space | 69.40% Space Free | Partition Type: NTFS
Drive E: | 7.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 465.71 Gb Total Space | 177.87 Gb Free Space | 38.19% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\WinHlp32.exe (Microsoft Corporation)
.ini [@ = GetDiz.IniFile] -- C:\Program Files\GetDiz\GetDiz.exe (Outertech - http://outertech.com)

[HKEY_USERS\S-1-5-21-2174720606-4190547358-4225541194-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.txt [@ = GetDiz.TextFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\WinHlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Menu_CMD] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2174720606-4190547358-4225541194-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FD8D91-1B55-4971-AD08-873920BB7409}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{02F3BE8E-633D-4D70-A153-5E6F71D049B1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{04562ED1-EB4A-49EE-9676-F7C85887B4A3}" = lport=1120 | protocol=17 | dir=in | name=wow |
"{07B9EF22-569D-4A53-8889-EB438BEA6376}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{09D593DC-3AC1-4C65-8AEC-E952C1EB3008}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1147048C-9250-4FC2-B678-A5057E00885A}" = lport=80 | protocol=6 | dir=in | name=wow |
"{1A34C872-45D8-433A-BAEB-C140216AAA35}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1FE15B13-284F-410C-9278-FB175AFE389D}" = lport=139 | protocol=6 | dir=in | app=system |
"{20DFB2B6-3BC4-465B-B2BD-A78DA865AF5B}" = lport=1119 | protocol=17 | dir=in | name=wow |
"{2494538A-FD59-469F-B1E7-F94A59A40A6D}" = lport=1119 | protocol=6 | dir=in | name=wow |
"{275C918E-EA78-486B-829E-819068D9BBD0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{27DFE159-8A56-44E6-9FEF-B8EA0FFABDBB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2BCB4496-3D92-46E2-BBDC-125699D50443}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{34D9C645-BE9E-47DF-8FBE-7F646255D830}" = lport=3724 | protocol=17 | dir=in | name=wow |
"{3567E94A-8C1D-400A-B427-CBDC588A4B8D}" = rport=139 | protocol=6 | dir=out | app=system |
"{3A6B7246-F510-4274-BC65-63B67C030CC5}" = lport=445 | protocol=6 | dir=in | app=system |
"{3D49DF4F-323D-4F99-96EF-EFA1B772F890}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E1DBE7B-B5D5-4888-8DD3-3C45AE158BCC}" = rport=445 | protocol=6 | dir=out | app=system |
"{48076CCA-C40B-473E-9D27-987FDC3EE2DB}" = lport=6112 | protocol=17 | dir=in | name=wow |
"{55657127-0567-449F-945D-E1D7AFEF1980}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{607F974D-769F-466B-8492-7E690CADE396}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6291D9BB-9ECE-41CA-891C-787BD125BA2D}" = lport=4000 | protocol=6 | dir=in | name=wow |
"{6AE3EF3B-28D0-489B-A243-4832C265D48B}" = lport=137 | protocol=17 | dir=in | app=system |
"{715729E5-C12F-4241-824F-7F1D7E7AF684}" = lport=6881 | protocol=6 | dir=in | name=wow |
"{7C2F3F9A-B9D2-4C8B-A0D7-806D1CCC3C1F}" = lport=6112 | protocol=6 | dir=in | name=wow |
"{94DD09EA-6DDE-4B32-8813-8C34D4DD33FE}" = lport=6113 | protocol=6 | dir=in | name=wow |
"{9E2DD748-B82E-4C2B-9A6E-99E6B3CAB090}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A172FBF8-24CE-4D7A-ADFE-A6AFBA1D573D}" = lport=4000 | protocol=17 | dir=in | name=wow |
"{A17F8ED7-1D1D-4090-8B0E-CFB059846898}" = lport=1120 | protocol=6 | dir=in | name=wow |
"{A328FE56-EC19-4D09-9CF3-A9E244D09DE4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A494C812-C974-4C94-9099-79F76019F965}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AE76D703-3315-4F4F-AFD7-D5116E11341B}" = lport=6999 | protocol=6 | dir=in | name=wow |
"{AFC63162-CC7A-4E3A-9B32-B6FCD55D4538}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B4E4ED7F-A5F2-4BCA-A41E-429ED16D15E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B5317F77-43E1-4F06-8C55-262420FA98B7}" = lport=6114 | protocol=6 | dir=in | name=wow |
"{B93EB122-3C59-4D15-8F56-F3071AA36662}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CAD489E4-F72D-4212-8888-195340795585}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CBB8C264-4FD5-4179-9386-73806B3CF9F7}" = rport=138 | protocol=17 | dir=out | app=system |
"{CC90BBF4-C819-49A5-A035-7DB445C4376B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{D6AC77B0-7ABD-459F-B63A-E8CF930CA5E1}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{DA07CDC8-1F3C-4461-AEB4-1D3BB6337A30}" = lport=138 | protocol=17 | dir=in | app=system |
"{DBE12C3B-8546-4090-8F1C-E3F15B58901E}" = rport=137 | protocol=17 | dir=out | app=system |
"{DC825E5D-B6E9-408D-BF12-9337E58E87A2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DDA7D4FF-FE52-4A01-AB52-48941289F026}" = lport=80 | protocol=17 | dir=in | name=wow |
"{E229EF4E-BBA5-486B-A5AC-0624016598A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7717C68-2B64-47D3-9C0A-3EF685D506EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F721957F-19F6-428F-8DD9-236EE9566388}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F88348A7-302B-42D6-9985-27829EDFA799}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FD0840CC-351B-4C1F-8CBA-105985A98B1B}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{FE0C325C-960C-490E-B893-E5875D6A6BA4}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F044FE-0182-4BCB-BCDF-82E19CE298FB}" = protocol=6 | dir=in | app=c:\users\public\games\left4dead\left4dead.exe |
"{09435DCA-06C3-4728-84C8-310FA676D0B9}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{0B99F974-2043-4CAA-A726-2A5A7F7EDD0C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{0DEB7720-9FD2-4E76-BF3B-C3483C81D3DB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{11B0A40D-A8E9-4A00-86DF-8965DD29A67B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{150C4545-F1BF-4133-8E5E-6C3BE349AC80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{189988D9-23AC-439F-90B1-C0DF67BFFF15}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{19DFF887-8B87-44FA-B407-4DE3DF0A0E79}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1B8AFF57-FB40-4BBB-B2E8-42D6173F419D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-enus-downloader.exe |
"{1C45C9B0-A8C0-4489-AD89-F8D6710CB44B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\thisstinks\sin episodes emergence\sinepisodes.exe |
"{1D6ABF51-DE42-46ED-B933-F40864C46992}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28FF1D07-8DF8-4009-8D47-312BBDBFFD77}" = protocol=6 | dir=in | app=c:\program files\lexmark z2300 series\lxdpamon.exe |
"{3CDB9AD6-4407-4DE9-8D79-0C9C6A7FD071}" = protocol=17 | dir=in | app=c:\program files\lexmark z2300 series\frun.exe |
"{3E76D85A-D3F6-41F5-93CA-6F654A5FF8A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40EBC331-D251-47BE-AEC3-8EBF2B17C81C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\thisstinks\sin episodes emergence\sinepisodes.exe |
"{4E741A42-7D16-4DD5-A51E-5D7DA7C8E606}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{50107887-F507-44C6-9D4C-F0A2E910E33C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe |
"{52AD1F85-7DDC-4B9C-A041-8C3EE2E06783}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5C23EB60-724F-4A9B-83A5-D9E847343F93}" = protocol=17 | dir=in | app=c:\users\public\games\left4dead\left4dead.exe |
"{61C9D47C-6DB1-47B3-9452-F2E0DF7AEC90}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{68DE585F-2F73-4DB9-9DC9-AD59B96EA903}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6A998096-66C4-4D62-B82D-FCD2D296759E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6EF91F86-A5AF-4B03-AE55-B339A0987BC4}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{728D7DB9-2C86-429A-9986-7E2FEA8FA5CA}" = protocol=6 | dir=in | app=c:\program files\lexmark z2300 series\lxdpmon.exe |
"{757562AB-3463-4B77-8CBA-1E51F4E89F56}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{77B35A53-76B0-458A-A0FF-B5FBFEA4695C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{7B80B979-A516-4142-B6E5-1AA772A15334}" = protocol=17 | dir=in | app=c:\program files\lexmark z2300 series\lxdpmon.exe |
"{7FCB2063-A89D-4A0A-83DC-87FFEA9CC036}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{82A68D6D-B00D-4259-B53F-40FE8335F286}" = protocol=6 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
"{8343C272-7906-4242-92B7-845B8DB67122}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{87B7A781-8C99-4D82-AEC3-97E2EDAFD416}" = protocol=6 | dir=out | app=system |
"{8C7E83D8-4209-4EA1-B1B0-74401A82C066}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8DB2AE07-7A79-408B-8AA5-888D333F78F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{927A7312-CF6B-4402-948F-F6EFCD05029D}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{93EDABB2-FA8F-4270-A684-D1DF44B434DE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-enus-downloader.exe |
"{94EC5038-8F0F-4BF9-A111-9E85ED1B2502}" = protocol=17 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
"{95A37719-9969-4ABD-A06D-38D95073CA5B}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe |
"{9A38A20C-79C6-401E-8B1F-E5EC7DDCEAB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F0B54BC-5E37-4B76-9649-44AEFFC3747A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{A05F8348-968E-4341-B186-FE83A70C4318}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{A7F988C5-BE08-41A9-99D4-2C47A2F355C1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{AAD507D9-38A2-48FC-8592-FE5236191D5A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AD9EDAC1-17D4-4277-A6AF-A90325E7B588}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B30A2F6E-E11A-4219-ACCC-67AE550961CF}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B6F6AF39-188A-405E-9329-7DCB2EC54C87}" = protocol=17 | dir=in | app=c:\program files\lexmark z2300 series\lxdpamon.exe |
"{BF3EBFB9-D7AD-4091-966E-86D3CB755FE5}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C57605EB-89B9-45C5-825C-173F63A1032C}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{C726EDA8-5590-4EBF-A04E-05ABBA284B2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9ABA856-E1DD-47C4-ACF3-1993309B9FA9}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{CA880543-F112-40C4-8BB4-C23E7D003B59}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CABF43C5-0108-4DEB-81BC-ED408D7C6AB0}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D1D606E4-0BA1-4F29-9AAA-F30C3583F882}" = protocol=6 | dir=in | app=c:\program files\lexmark z2300 series\frun.exe |
"{D614C18F-F220-4A34-A03B-B80863C8927A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{D6557850-4136-4FAD-A710-FF442DA4F217}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E09C7B6A-0CA7-4B14-B20A-11CBDBF60D50}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{E5AA56C6-3EC0-40CB-86F2-B91CFF7FA050}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E8A454DA-2065-4CB5-BF96-4867078B4E1D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ECD7FA58-5C1C-4405-964E-950CECD10A9D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{ED5CC638-9D74-429C-BC85-EF17ACA7B2AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EDCB4B86-8E20-4F2E-9F2C-94E32AD01754}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{EFD27948-2099-4179-ABAE-55157F9032ED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{FB36CDEB-0A38-4C2A-98E8-25597BEEFC95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{04492BCD-5413-4ACB-8FCA-46F75A974006}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
"TCP Query User{106785FE-F02C-42BE-99CA-86FFD5886DAF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{18FAA7E0-EEF1-46BE-9EA9-AB5DBDFC15AF}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"TCP Query User{1A6E7B67-3EDF-40B1-8D3F-2F523E9F12A9}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{38546909-8894-433C-A9DE-80075D349375}C:\users\public\games\left4dead\hl2.exe" = protocol=6 | dir=in | app=c:\users\public\games\left4dead\hl2.exe |
"TCP Query User{3B74124D-64FB-46BD-8133-BB80F87DA435}C:\program files\steam\steamapps\thisstinks\sin episodes emergence\sinepisodes.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\thisstinks\sin episodes emergence\sinepisodes.exe |
"TCP Query User{44073D85-5197-4463-9B80-3B72EC7C52C6}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |
"TCP Query User{461C93F9-C19F-49A9-8804-4443133DE2F3}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |
"TCP Query User{46B6E1EB-8171-4915-B411-EF313D55E303}C:\users\public\games\freelancer\exe\freelancer.exe" = protocol=6 | dir=in | app=c:\users\public\games\freelancer\exe\freelancer.exe |
"TCP Query User{4A036FEE-74CF-477E-8490-2800066304C6}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
"TCP Query User{4BC200F1-ED07-4693-A903-D199815848D3}F:\program files\valve\half-life\hl.exe" = protocol=6 | dir=in | app=f:\program files\valve\half-life\hl.exe |
"TCP Query User{51EB1FA2-AB59-491C-B4DC-B2658F61804F}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{53CA18BE-37CA-4E82-B401-8274520997EA}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{5651BC31-042C-4FB7-9AAA-822E2D44ADA5}F:\program files\microsoft games\dungeon siege\dsloa.exe" = protocol=6 | dir=in | app=f:\program files\microsoft games\dungeon siege\dsloa.exe |
"TCP Query User{634AA742-8AA9-44C5-8CF4-4A6F175204B3}C:\net7\bin\net7proxy.exe" = protocol=6 | dir=in | app=c:\net7\bin\net7proxy.exe |
"TCP Query User{6885AA50-1123-4A04-943E-1581B608686A}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{7008C979-E4DC-4482-B999-47B3EB1BAE49}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{771AB25A-C3E8-4407-A4C8-2439C97D07F9}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{7FA19D99-63B6-453A-A7D2-100965230BF2}C:\program files\steam\steamapps\common\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"TCP Query User{83369F03-F8A3-41D0-9BFD-F0D4CC58DE25}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"TCP Query User{8C2859E2-8CD8-4938-BBDA-2AB9DA0FD995}C:\users\public\games\mtm2\game\midtown2.exe" = protocol=6 | dir=in | app=c:\users\public\games\mtm2\game\midtown2.exe |
"TCP Query User{9959DBA4-5F18-453E-9CF7-1F2C1304BFEB}F:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=f:\program files\electronic arts\dead space\dead space.exe |
"TCP Query User{9C97E9AA-A522-435F-B432-98761CBE78F7}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{AE7D2895-489E-480D-90FA-16BF7C7D61CB}C:\program files\lexmark z2300 series\lxdpmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark z2300 series\lxdpmon.exe |
"TCP Query User{CBCF625B-9270-4969-9F77-02BDF27338A1}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |
"TCP Query User{D8BEAA2A-4142-4D9D-8651-BC4BF7A3430B}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{DE43B638-E25D-40B2-A5CA-9F5DAB6E0EAF}C:\net7\bin\net7proxy.exe" = protocol=6 | dir=in | app=c:\net7\bin\net7proxy.exe |
"TCP Query User{E9715337-2742-43B3-8EA5-E34D72DCF702}F:\program files\valve\half-life\hl.exe" = protocol=6 | dir=in | app=f:\program files\valve\half-life\hl.exe |
"TCP Query User{F079592A-512D-4F23-A6D3-8893FA76CA11}F:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=f:\program files\electronic arts\dead space\dead space.exe |
"TCP Query User{FBC2D3F3-45BE-4058-8853-8442B24FF4AB}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{09C643A8-7EBA-4F68-8F80-7A5CB853ED57}C:\net7\bin\net7proxy.exe" = protocol=17 | dir=in | app=c:\net7\bin\net7proxy.exe |
"UDP Query User{0D73EFA6-0341-4309-AEB8-E545F04AF5EE}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
"UDP Query User{166E2742-DA4D-49C0-B509-6062908DA843}C:\users\public\games\mtm2\game\midtown2.exe" = protocol=17 | dir=in | app=c:\users\public\games\mtm2\game\midtown2.exe |
"UDP Query User{1C0F77CE-65EC-487F-850B-7D5DC3D47B2A}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{2360DFFD-A7AD-472F-BFE1-A645A984CF8F}C:\program files\lexmark z2300 series\lxdpmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark z2300 series\lxdpmon.exe |
"UDP Query User{257F0DAE-9843-4DB6-825E-DE5B4926AF74}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{28938EE6-6F4C-4CA4-84FA-FF12279537EE}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{2B54E22F-D038-45EA-BAA5-4D12B918BF62}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{36DA4864-71EA-4C01-B546-581E55CD52FC}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
"UDP Query User{4A51E0A1-1A42-4655-AE4C-0FFC7965CEE4}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |
"UDP Query User{4AD8D809-F7DA-4A6E-A351-F9EC1C08F1B6}F:\program files\valve\half-life\hl.exe" = protocol=17 | dir=in | app=f:\program files\valve\half-life\hl.exe |
"UDP Query User{4C49881A-057F-49B1-A73D-2BBC364EC8D2}C:\program files\steam\steamapps\thisstinks\sin episodes emergence\sinepisodes.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\thisstinks\sin episodes emergence\sinepisodes.exe |
"UDP Query User{54E1474F-3C5A-490C-88DB-977BBEC2F3EE}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{57A343B7-E416-4A06-A4BA-D6DB9BB57AF1}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |
"UDP Query User{582682E3-6644-44EC-9CA7-50C7C3E30CDE}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"UDP Query User{692B6297-37D3-4D0C-A133-A09B166DE666}C:\program files\steam\steamapps\common\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"UDP Query User{6D5649FB-BA8C-48E2-A7B0-77D4A5CAD477}C:\users\public\games\left4dead\hl2.exe" = protocol=17 | dir=in | app=c:\users\public\games\left4dead\hl2.exe |
"UDP Query User{7628DAF2-42BC-4BDD-87E1-FA99A3044C46}F:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=f:\program files\electronic arts\dead space\dead space.exe |
"UDP Query User{85539AD1-E9E7-498C-B0A7-F681EC29A090}C:\users\public\games\freelancer\exe\freelancer.exe" = protocol=17 | dir=in | app=c:\users\public\games\freelancer\exe\freelancer.exe |
"UDP Query User{85665AB5-3EED-4C77-B2D4-9E7D873DEF81}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{866E2447-2DBD-4067-9588-3F175A7D49B5}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{909F386B-91D9-45BE-937F-A530D727EF1E}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{A4AE1939-B12C-4B97-965B-7289FE6AB5F8}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"UDP Query User{AA287BC8-6F71-4D3E-83D5-57F9DEB2FABE}F:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=f:\program files\electronic arts\dead space\dead space.exe |
"UDP Query User{B4702540-047C-40C5-93E6-B641466F739D}C:\net7\bin\net7proxy.exe" = protocol=17 | dir=in | app=c:\net7\bin\net7proxy.exe |
"UDP Query User{C46AD609-E5AD-48DA-978D-3EF071210633}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |
"UDP Query User{D06EBCE4-A6BB-41E9-A812-9C0A3F6C0135}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{E13629F8-9A45-4FB4-96D9-1EC50264ABB0}F:\program files\microsoft games\dungeon siege\dsloa.exe" = protocol=17 | dir=in | app=f:\program files\microsoft games\dungeon siege\dsloa.exe |
"UDP Query User{E94347B9-79BC-4721-81BC-3B3CED2ABAEE}F:\program files\valve\half-life\hl.exe" = protocol=17 | dir=in | app=f:\program files\valve\half-life\hl.exe |
"UDP Query User{EAC6C6EE-679A-4A0F-AE12-C5291ADF8CA9}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C9A225D-200C-7ED1-E37F-287310111FA1}" = Catalyst Control Center Graphics Previews Common
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A8E3C5D-B772-CB4A-1117-751B5D79787B}" = Catalyst Control Center Graphics Light
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{266156C9-F681-A84B-083C-D2052A461583}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A6FFA23-9188-E796-4AFF-196A2004AA39}" = ccc-utility
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2F3BCA05-4FD4-9418-1976-32F783E43DF4}" = Catalyst Control Center Graphics Full Existing
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh
"{3248F0A8-6813-11D6-A77B-00B0D0150210}" = J2SE Runtime Environment 5.0 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4EAB2511-0135-48CA-A47B-CE1E6836793A}" = COMODO Internet Security
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{53A0D549-DD39-C3C9-1E4D-07DBB746F454}" = Catalyst Control Center Graphics Light
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{683BF9D8-5882-86CF-445F-62BED7B9AEA8}" = Catalyst Control Center Graphics Full Existing
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.4
"{785609EC-F8E5-739D-FF35-B79671482252}" = ccc-core-static
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E8242F8-BD2A-44D7-BCED-9B231A02B367}" = SpellForce 2 Patch
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CED1580-F9C0-AEE1-1223-64A323E84E41}" = Catalyst Control Center Graphics Previews Vista
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91F2493D-8A65-7BF3-5684-9D6397F8847D}" = Catalyst Control Center Core Implementation
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9794B30C-0FCB-3658-B44F-33BDDC788C2D}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BBB19C0-1FE1-4A4E-B25F-C9E1B0497EC5}" = Shaiya(US)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA3DDA7B-A960-51C2-69C5-86F3AFB3E074}" = Catalyst Control Center InstallProxy
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C16FA487-15D3-7127-F4BE-183FF53D4197}" = Catalyst Control Center HydraVision Full
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB291304-2124-AA80-9ED6-B1F8B37F9C98}" = Catalyst Control Center Graphics Full New
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEE5F860-7FAB-80D0-E7CF-022C18B95E25}" = ATI Catalyst Install Manager
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1F92724-8E5E-837F-BAC3-CC70AA2A18D1}" = CCC Help English
"{D379100F-65A2-4B54-D568-CD2BE238C6A3}" = Catalyst Control Center Graphics Previews Vista
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DBDCD3AF-20E4-4E5E-80E8-B14109FE5DD9}" = QuickSFV
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0EAC506-6ADF-4327-82D0-2A94733F49A5}" = Catalyst Control Center Core Implementation
"{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}" = Adobe Flash Player 10 ActiveX
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5968199-2327-E3D6-AD19-D0E33F2E7961}" = ccc-utility
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FBF1268D-3323-545E-4DD0-F45AD313E37E}" = Catalyst Control Center Graphics Previews Common
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"ASIO4ALL" = ASIO4ALL
"AVS Image Converter_is1" = AVS Image Converter 1.3.3.146
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BFG-Zumas Revenge - Adventure" = Zuma's Revenge - Adventure
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"COMODO GeekBuddy" = COMODO GeekBuddy
"Deus Ex" = Deus Ex
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DOSShell" = DOSShell 1.7
"Dungeon Siege Legends of Aranna 1.0" = Dungeon Siege Legends of Aranna
"EADM" = EA Download Manager
"ffdshow_is1" = ffdshow
"Game Booster_is1" = Game Booster 3
"GetDiz" = GetDiz
"Half-Life_is1" = Half-Life
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Lexmark Z2300 Series" = Lexmark Z2300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"PC Matic_is1" = PC Matic 1.1.0.33
"PhotoPad" = PhotoPad Image Editor
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.4
"rayman2" = rayman2
"Recuva" = Recuva
"Sierra Uninstall" = Sierra On-Line Games (Remove only)
"SpaceForce - Rogue Universe1.0.0.0" = SpaceForce - Rogue Universe
"Steam App 220" = Half-Life 2
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam(TM)" = Steam(TM)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Clockwork Man 2 The Hidden World Ultimate Edition 1.00" = The Clockwork Man 2 The Hidden World Ultimate Edition 1.00
"Tomb Raider: Legend" = Tomb Raider: Legend 1.0
"Web Sudoku Deluxe_is1" = Web Sudoku Deluxe 1.2.2
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinISO_is1" = WinISO 5.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2174720606-4190547358-4225541194-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Calix iMS" = Calix iMS
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/16/2011 10:16:20 PM | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19154, time stamp
0x4e8634f0, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0xbfc, application start time
0x01cc8c726d949acf.

Error - 10/16/2011 10:44:48 PM | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19154, time stamp
0x4e8634f0, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x2c408b14, process id 0xa88, application start time
0x01cc8c747750ef8f.

Error - 10/16/2011 11:19:57 PM | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Faulting application WG111v3.exe, version 3.6.83.131, time stamp 0x4af3c3ed,
faulting module WG111v3.exe, version 3.6.83.131, time stamp 0x4af3c3ed, exception
code 0xc000000d, fault offset 0x00085323, process id 0xc7c, application start time
0x01cc8c7ba42eb34d.

Error - 10/16/2011 11:19:57 PM | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Faulting application Sup_SmartRAM.exe, version 2.0.4.11, time stamp
0x2a425e19, faulting module rtl70.bpl, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000135, fault offset 0x00009f7d, process id 0xc10, application
start time 0x01cc8c7ba3efd58d.

Error - 10/16/2011 11:20:23 PM | Computer Name = Mark-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/16/2011 11:41:05 PM | Computer Name = Mark-PC | Source = VSS | ID = 8194
Description =

Error - 10/17/2011 12:50:56 AM | Computer Name = Mark-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/17/2011 1:38:07 AM | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Faulting application WG111v3.exe, version 3.6.83.131, time stamp 0x4af3c3ed,
faulting module WG111v3.exe, version 3.6.83.131, time stamp 0x4af3c3ed, exception
code 0xc000000d, fault offset 0x00085323, process id 0xc8c, application start time
0x01cc8c8ef105d5b9.

Error - 10/17/2011 1:38:18 AM | Computer Name = Mark-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/17/2011 1:23:20 PM | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Faulting application mcupdate.EXE, version 6.0.6002.18005, time stamp
0x49e02324, faulting module KERNEL32.dll, version 6.0.6002.18449, time stamp 0x4da47967,
exception code 0xe0434f4d, fault offset 0x0003fc56, process id 0xfd0, application
start time 0x01cc8cf16bf63379.

[ Media Center Events ]
Error - 2/18/2009 6:34:52 PM | Computer Name = Mark-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 10/17/2011 12:56:37 AM | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/17/2011 1:36:25 AM | Computer Name = Mark-PC | Source = DCOM | ID = 10010
Description =

Error - 10/17/2011 1:37:08 AM | Computer Name = Mark-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 10/17/2011 1:37:52 AM | Computer Name = Mark-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 10/17/2011 1:37:59 AM | Computer Name = Mark-PC | Source = Microsoft-Windows-TaskScheduler | ID = 701
Description =

Error - 10/17/2011 1:37:59 AM | Computer Name = Mark-PC | Source = Microsoft-Windows-TaskScheduler | ID = 701
Description =

Error - 10/17/2011 1:38:18 AM | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 10/17/2011 1:38:18 AM | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/17/2011 1:40:08 AM | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/17/2011 11:49:43 AM | Computer Name = Mark-PC | Source = IPRIP | ID = 29012
Description = IPRIP was unable to bind a socket to IP address 169.254.81.0. The data
is the error code.


< End of report >

 

[darkx]

OTL logfile created on: 10/17/2011 6:28:32 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mark\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 57.86% Memory free
6.19 Gb Paging File | 5.00 Gb Available in Paging File | 80.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 103.76 Gb Free Space | 36.66% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.41 Gb Free Space | 69.40% Space Free | Partition Type: NTFS
Drive E: | 7.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 465.71 Gb Total Space | 177.87 Gb Free Space | 38.19% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/17 18:26:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
PRC - [2011/10/07 18:47:14 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/28 21:35:54 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/07/28 21:35:26 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/25 22:43:20 | 000,154,424 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
PRC - [2010/02/04 04:17:12 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\lxdpmsdmon.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/09 03:48:28 | 000,228,808 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
PRC - [2009/04/09 03:48:00 | 000,208,328 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
PRC - [2007/11/19 17:05:32 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxdpcoms.exe
PRC - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/05/06 17:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/05/06 17:10:44 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/02/13 11:43:38 | 000,715,568 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/13 11:43:36 | 001,600,304 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 21:37:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/12 21:35:24 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/12 21:35:11 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/12 21:35:04 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/12 21:34:12 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 21:33:34 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/07/28 20:52:40 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/02/04 04:17:12 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\lxdpmsdmon.exe
MOD - [2010/02/03 05:21:48 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\app4r.monitor.core.dll
MOD - [2010/02/03 05:21:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\app4r.monitor.common.dll
MOD - [2010/02/03 05:20:52 | 000,065,536 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\app4r.devmons.mcmdevmon.dll
MOD - [2009/06/26 08:17:08 | 000,012,288 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/02/13 11:33:58 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/02/13 11:14:18 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2003/01/15 01:27:30 | 000,118,784 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (MySQL)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/10/07 18:47:14 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/09/25 12:03:26 | 003,542,616 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/netsession_win_b31de1e.dll -- (Akamai)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/28 21:35:26 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/05/25 22:43:20 | 000,154,424 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011/02/27 20:51:22 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/19 17:05:32 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdpcoms.exe -- (lxdp_device)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/05/06 17:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2006/11/02 07:36:18 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 18:47:46 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/10/07 18:47:44 | 000,488,208 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/10/07 18:47:44 | 000,038,616 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/29 17:36:34 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/08/29 17:36:34 | 000,074,456 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/07/28 22:22:06 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2011/07/28 22:22:06 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/07/28 22:22:06 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/07/28 20:53:48 | 000,247,296 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/10/14 15:07:40 | 000,348,160 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009/04/20 15:38:56 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/04/11 21:58:49 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/04/11 20:59:11 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2008/03/19 07:10:54 | 000,310,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW24B.sys -- (MRV6X32U) Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x)
DRV - [2007/09/12 03:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/09/12 03:40:48 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007/04/03 13:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 13:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616obex.sys -- (s616obex)
DRV - [2007/04/03 13:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 13:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 13:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/04/03 13:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 44 8D DB 01 B3 42 79 4F AF C4 1F B1 90 CC C8 E2 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 44 8D DB 01 B3 42 79 4F AF C4 1F B1 90 CC C8 E2 [binary data]

IE - HKU\S-1-5-21-2174720606-4190547358-4225541194-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2174720606-4190547358-4225541194-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/02/28 16:48:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/03 14:18:54 | 000,000,000 | ---D | M]

[2011/07/05 13:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2011/10/16 23:51:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [lxdpamon] C:\Program Files\Lexmark Z2300 Series\lxdpamon.exe ()
O4 - HKLM..\Run: [lxdpmon.exe] C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2174720606-4190547358-4225541194-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2174720606-4190547358-4225541194-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10x_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2174720606-4190547358-4225541194-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2174720606-4190547358-4225541194-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2174720606-4190547358-4225541194-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-2174720606-4190547358-4225541194-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 1
O7 - HKU\S-1-5-21-2174720606-4190547358-4225541194-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D1C303C-8FFD-454E-A0F2-8C69B6786967}: DhcpNameServer = 67.14.214.5 67.14.214.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEA707A9-CAA3-4D3F-AD6E-E11C8044C27A}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA605217-5848-4EA3-8D1D-92C75C299DA1}: DhcpNameServer = 67.14.214.5 67.14.214.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C91AF9B2-C392-4437-8829-54B3C897ABE8}: DhcpNameServer = 67.14.214.5 67.14.214.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCCD8129-FC46-44AA-AD96-BCD9F26ECB6E}: DhcpNameServer = 67.14.214.5 67.14.214.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2BC8AE5-6E4D-4758-8C27-F8A603A8C33D}: DhcpNameServer = 67.14.214.5 67.14.214.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB943B22-1045-4C31-BB95-2EEB3528E00E}: DhcpNameServer = 67.14.214.5 67.14.214.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6F7EA89-08F2-49A0-837D-F2E163D2F55E}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6F7EA89-08F2-49A0-837D-F2E163D2F55E}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB918CEB-6012-430F-A293-72D37280105B}: DhcpNameServer = 67.14.214.5 67.14.214.9
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) -C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/12 17:28:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2174720606-4190547358-4225541194-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioD
FileDescription)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/17 18:25:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2011/10/17 00:13:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/17 00:13:11 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\temp
[2011/10/16 23:52:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/16 23:03:24 | 000,000,000 | ---D | C] -- C:\yourname16587y
[2011/10/16 22:54:18 | 000,000,000 | ---D | C] -- C:\yourname28741y
[2011/10/16 22:19:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2011/10/16 22:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/10/16 22:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/10/16 22:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/10/16 22:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2011/10/16 21:51:55 | 061,645,096 | ---- | C] (COMODO) -- C:\Users\Mark\Desktop\cfw_installer.exe
[2011/10/16 12:44:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/16 12:44:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/16 12:44:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/16 12:43:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/16 12:43:29 | 000,000,000 | ---D | C] -- C:\yourname
[2011/10/16 12:39:33 | 004,261,887 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\yourname.exe
[2011/10/16 11:51:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/16 10:09:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\tdsskiller
[2011/10/15 17:08:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
[2011/10/15 16:04:27 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\gmer
[2011/10/15 13:25:26 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes
[2011/10/15 13:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/15 13:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/15 13:25:13 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/15 13:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/15 12:46:49 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{F97BD6E5-174B-4BED-BAFD-A906A5ABAABD}
[2011/10/14 16:40:51 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Sunbelt
[2011/10/13 12:06:02 | 000,000,000 | ---D | C] -- C:\TEMP
[2011/10/12 21:58:25 | 000,000,000 | ---D | C] -- C:\edd269d7d5d6738fe07e5365cd98
[2011/10/12 20:47:17 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/10/12 20:47:17 | 000,065,808 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/10/12 10:16:29 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/07 18:47:46 | 000,082,400 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2011/10/07 18:47:44 | 000,488,208 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
[2011/10/07 18:47:44 | 000,038,616 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2011/10/07 18:47:42 | 000,019,600 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[2011/10/07 18:47:12 | 000,300,200 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll
[2011/10/07 18:47:12 | 000,033,984 | ---- | C] (COMODO) -- C:\Windows\System32\cmdcsr.dll
[2011/10/06 10:40:28 | 000,000,000 | ---D | C] -- C:\Users\Mark\sysclean
[2011/10/04 12:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/03 22:44:42 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/09/30 14:22:02 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\New Folder
[2011/09/28 07:18:07 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Lexmark Productivity Studio
[2011/09/27 11:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark Z2300 Series
[2011/09/27 11:57:17 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdpusb1.dll
[2011/09/27 11:57:17 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDPhcp.dll
[2011/09/27 11:57:17 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdpinpa.dll
[2011/09/27 11:57:17 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdpiesc.dll
[2011/09/27 11:57:16 | 001,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdpserv.dll
[2011/09/27 11:57:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdpprox.dll
[2011/09/27 11:57:15 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdppmui.dll
[2011/09/27 11:57:15 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdplmpm.dll
[2011/09/27 11:57:14 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdphbn3.dll
[2011/09/27 11:57:14 | 000,315,392 | ---- | C] ( ) -- C:\Windows\System32\lxdpih.exe
[2011/09/27 11:57:13 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxdpcoms.exe
[2011/09/27 11:57:12 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdpcomc.dll
[2011/09/27 11:57:12 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdpcomm.dll
[2011/09/27 11:57:11 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdpcfg.exe
[2011/09/27 11:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Z2300 Series
[2011/09/27 11:53:14 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Yahoo!
[2011/09/27 11:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2011/09/27 11:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Ezprint
[2011/09/27 11:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2011/09/27 11:19:41 | 000,000,000 | ---D | C] -- C:\drivers
[2011/09/25 14:41:13 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2011/09/25 14:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2011/09/25 12:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2009/10/20 12:59:04 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdpcoin.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/17 18:26:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2011/10/17 16:37:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/17 16:37:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/17 10:50:00 | 000,000,856 | ---- | M] () -- C:\Users\Mark\Desktop\World of Warcraft.lnk
[2011/10/17 00:45:11 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/17 00:45:11 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/17 00:37:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/17 00:36:36 | 000,006,396 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/16 23:51:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/16 22:15:52 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2011/10/16 22:15:42 | 000,001,092 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/10/16 22:15:14 | 061,645,096 | ---- | M] (COMODO) -- C:\Users\Mark\Desktop\cfw_installer.exe
[2011/10/16 12:40:21 | 001,008,092 | ---- | M] () -- C:\Users\Mark\Desktop\rkill.exe
[2011/10/16 12:39:33 | 004,261,887 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\yourname.exe
[2011/10/16 11:47:48 | 000,005,863 | ---- | M] () -- C:\Users\Mark\Desktop\Attach.zip
[2011/10/16 10:08:53 | 001,541,014 | ---- | M] () -- C:\Users\Mark\Desktop\tdsskiller.zip
[2011/10/15 17:10:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
[2011/10/15 16:04:11 | 000,294,308 | ---- | M] () -- C:\Users\Mark\Desktop\gmer.zip
[2011/10/15 13:25:18 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 12:03:41 | 000,158,720 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/12 21:31:45 | 000,289,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/12 20:47:17 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/10/12 20:47:17 | 000,065,808 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/10/12 20:42:50 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/10/12 14:55:25 | 000,001,071 | ---- | M] () -- C:\Users\Mark\Quick Care.lnk
[2011/10/12 14:55:24 | 000,001,049 | ---- | M] () -- C:\Users\Mark\Advanced SystemCare 4.lnk
[2011/10/12 10:47:43 | 000,000,088 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\netstat.bat
[2011/10/07 18:47:46 | 000,082,400 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2011/10/07 18:47:44 | 000,488,208 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
[2011/10/07 18:47:44 | 000,038,616 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2011/10/07 18:47:42 | 000,019,600 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[2011/10/07 18:47:12 | 000,300,200 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2011/10/07 18:47:12 | 000,033,984 | ---- | M] (COMODO) -- C:\Windows\System32\cmdcsr.dll
[2011/10/06 16:31:13 | 000,001,356 | ---- | M] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2011/10/02 12:23:38 | 000,000,312 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\wklnhst.dat
[2011/09/27 12:10:05 | 000,063,239 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2011/09/27 11:58:06 | 000,000,904 | ---- | M] () -- C:\Users\Mark\Lexmark Productivity Studio - Z2300 Series.LNK
[2011/09/20 16:44:22 | 000,016,712 | ---- | M] () -- C:\Users\Mark\Documents\cc_20110920_164416.reg
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/16 22:15:52 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2011/10/16 22:15:42 | 000,001,092 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/10/16 12:44:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/16 12:44:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/16 12:44:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/16 12:44:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/16 12:44:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/16 12:40:16 | 001,008,092 | ---- | C] () -- C:\Users\Mark\Desktop\rkill.exe
[2011/10/16 11:47:55 | 000,005,863 | ---- | C] () -- C:\Users\Mark\Desktop\Attach.zip
[2011/10/16 10:08:47 | 001,541,014 | ---- | C] () -- C:\Users\Mark\Desktop\tdsskiller.zip
[2011/10/15 18:18:38 | 000,001,973 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
[2011/10/15 18:18:38 | 000,000,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/10/15 15:58:51 | 000,294,308 | ---- | C] () -- C:\Users\Mark\Desktop\gmer.zip
[2011/10/15 13:25:18 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/12 20:42:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/10/12 14:55:25 | 000,001,071 | ---- | C] () -- C:\Users\Mark\Quick Care.lnk
[2011/10/12 14:55:24 | 000,001,049 | ---- | C] () -- C:\Users\Mark\Advanced SystemCare 4.lnk
[2011/10/12 10:47:43 | 000,000,088 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\netstat.bat
[2011/09/27 11:58:06 | 000,000,904 | ---- | C] () -- C:\Users\Mark\Lexmark Productivity Studio - Z2300 Series.LNK
[2011/09/27 11:57:17 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDPinst.dll
[2011/09/27 11:57:13 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdpgrd.dll
[2011/09/27 11:57:11 | 000,063,239 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2011/09/27 11:57:11 | 000,001,541 | ---- | C] () -- C:\Windows\System32\lxdp.loc
[2011/09/20 16:44:20 | 000,016,712 | ---- | C] () -- C:\Users\Mark\Documents\cc_20110920_164416.reg
[2011/06/27 18:53:04 | 000,234,855 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/03 18:10:50 | 000,022,328 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\PnkBstrK.sys
[2011/03/24 17:30:21 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage3.dll
[2011/03/24 17:30:21 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage.dll
[2011/03/24 17:30:21 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DVM.dll
[2011/03/24 17:30:21 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RegisterExe.exe
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/10/01 20:26:04 | 000,000,447 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/08/17 21:16:05 | 000,000,312 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\wklnhst.dat
[2010/08/04 01:14:28 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/03/27 11:12:12 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/02 16:17:54 | 000,000,111 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/08 21:20:48 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/12 18:04:10 | 000,001,356 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2009/05/27 19:46:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/27 19:46:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/03 19:00:14 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/03 19:00:14 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/03/06 16:33:09 | 000,001,168 | ---- | C] () -- C:\Windows\Stars.ini
[2009/01/23 14:53:03 | 000,000,000 | ---- | C] () -- C:\Windows\galaxy.ini
[2009/01/05 19:31:42 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/01/05 19:31:42 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/01/05 19:31:42 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/01/01 00:08:08 | 000,034,624 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2008/10/17 23:31:54 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2008/10/15 21:14:06 | 000,001,808 | ---- | C] () -- C:\Windows\TSearch.INI
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/05 23:26:59 | 000,008,248 | ---- | C] () -- C:\Users\Mark\AppData\Local\en.ini
[2008/09/05 23:24:18 | 000,023,888 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\UserTile.png
[2008/08/22 22:55:14 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2008/08/13 07:28:20 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008/08/13 07:28:04 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008/08/12 00:56:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/08/08 02:49:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/01 23:38:39 | 000,158,720 | ---- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/06 19:13:06 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/05/29 16:42:37 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/05/29 16:42:32 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/05/29 08:47:32 | 000,006,396 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/03/31 14:47:44 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdpvs.dll
[2008/03/06 00:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/02/13 11:14:18 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,289,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/02/04 20:02:44 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Acreon
[2011/10/15 11:24:02 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\AVG10
[2011/10/15 11:24:02 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Bioshock
[2011/10/15 11:24:02 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Bioshock2
[2009/11/26 18:28:37 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Codemasters
[2009/04/11 21:08:37 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Pro
[2009/11/20 08:09:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\FOG Downloader
[2011/10/15 11:24:02 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\IObit
[2011/09/28 07:18:07 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Lexmark Productivity Studio
[2010/07/27 19:03:53 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Loonies
[2009/02/14 09:50:11 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Mount&Blade
[2009/06/28 23:00:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\MySQL
[2009/04/11 20:02:47 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Opera
[2011/09/03 12:07:15 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Outertech
[2010/11/12 22:02:53 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\OxelonMC
[2008/09/05 23:24:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\PeerNetworking
[2011/10/15 11:24:03 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\RipIt4Me
[2011/03/24 17:30:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Softinterface, Inc
[2009/06/28 19:27:39 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Subversion
[2010/08/17 21:16:07 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Template
[2009/04/07 19:09:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\The Creative Assembly
[2010/12/18 01:45:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Total Eclipse
[2010/06/07 22:12:57 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TS3Client
[2011/07/12 23:30:24 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\uTorrent
[2010/01/15 02:08:16 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Vivox
[2010/11/12 19:35:52 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Windows Live Writer
[2011/10/12 14:19:34 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

[darkx]

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/12/10 20:41:47 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/03/12 17:28:23 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/10/17 00:12:56 | 000,018,432 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/07/05 16:43:18 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2008/05/29 16:42:43 | 000,005,398 | RH-- | M] () -- C:\dell.sdr
[2009/01/05 19:20:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/04/06 23:36:05 | 000,000,111 | ---- | M] () -- C:\log.txt
[2011/09/27 11:42:33 | 000,000,129 | ---- | M] () -- C:\lxdp.log
[2009/04/16 19:04:10 | 004,194,322 | ---- | M] () -- C:\memory_map.tga
[2009/01/05 19:20:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/10/17 00:37:52 | 3532,881,920 | -HS- | M] () -- C:\pagefile.sys
[2011/10/16 23:00:00 | 000,000,401 | ---- | M] () -- C:\rkill.log
[2011/10/12 16:00:08 | 000,000,030 | ---- | M] () -- C:\SfeErrors.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/05/27 20:00:44 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2009/08/13 07:02:22 | 000,147,968 | ---- | M] () -- C:\Windows\system32\spool\prtprocs\w32x86\lxdpdrpp.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/07/05 16:24:28 | 000,001,264 | -HS- | M] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/10/16 22:15:14 | 061,645,096 | ---- | M] (COMODO) -- C:\Users\Mark\Desktop\cfw_installer.exe
[2011/10/17 18:26:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2011/10/16 12:40:21 | 001,008,092 | ---- | M] () -- C:\Users\Mark\Desktop\rkill.exe
[2011/10/16 12:39:33 | 004,261,887 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\yourname.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/07/14 01:16:24 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/07/14 01:16:24 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/07/14 01:16:24 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/07/14 01:16:24 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/07/14 01:16:24 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/07/14 01:16:24 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/17 18:01:52 | 000,000,402 | -HS- | M] () -- C:\Users\Mark\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/10/17 01:06:55 | 000,004,450 | ---- | M] () -- C:\ProgramData\lxdp.log
[2011/10/12 20:42:50 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:9033BDFB

< End of report >

 

[Broni]

See if you can run TDSSKiller now.

Also....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[darkx]

Neither tdssKiller or aswMBR.exe would run still, even in safemode. I made sure all antivirus and firewalls were off, in fact I used rkill while in regular windows before attempting to use either. While in safe mode I did run a new Malwarebytes full scan, it came up with and removed:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Start (Disabled.Cryptsvc) -> Bad:

 

[Broni]

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

 

[darkx]

Infected MBR Detected


Sorry, I'm finding that I'm requiring lengthy breaks from working on this computer. I don't want to lose my patience and smash the thing to bits xD.

 

[Broni]

Infected MBR Detected

.
Re-run the tool and allow it to fix MBR.

 

[darkx]

Alright, its fixed. TdssKiller will now run, haven't scanned yet. Waiting for the okay

 

[Broni]

Go ahead....

 

[darkx]

09:29:54.0817 3024 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
09:29:56.0829 3024 ============================================================
09:29:56.0829 3024 Current date / time: 2011/10/18 09:29:56.0829
09:29:56.0829 3024 SystemInfo:
09:29:56.0829 3024
09:29:56.0829 3024 OS Version: 6.0.6002 ServicePack: 2.0
09:29:56.0829 3024 Product type: Workstation
09:29:56.0829 3024 ComputerName: MARK-PC
09:29:56.0829 3024 UserName: Mark
09:29:56.0829 3024 Windows directory: C:\Windows
09:29:56.0829 3024 System windows directory: C:\Windows
09:29:56.0829 3024 Processor architecture: Intel x86
09:29:56.0829 3024 Number of processors: 4
09:29:56.0829 3024 Page size: 0x1000
09:29:56.0829 3024 Boot type: Normal boot
09:29:56.0829 3024 ============================================================
09:30:01.0337 3024 Initialize success
09:30:11.0259 2704 ============================================================
09:30:11.0259 2704 Scan started
09:30:11.0259 2704 Mode: Manual; SigCheck; TDLFS;
09:30:11.0259 2704 ============================================================
09:30:11.0883 2704 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:30:11.0977 2704 ACPI - ok
09:30:12.0039 2704 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
09:30:12.0055 2704 adp94xx - ok
09:30:12.0086 2704 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
09:30:12.0101 2704 adpahci - ok
09:30:12.0133 2704 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
09:30:12.0148 2704 adpu160m - ok
09:30:12.0179 2704 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
09:30:12.0195 2704 adpu320 - ok
09:30:12.0273 2704 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:30:12.0351 2704 AFD - ok
09:30:12.0398 2704 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
09:30:12.0413 2704 agp440 - ok
09:30:12.0460 2704 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:30:12.0460 2704 aic78xx - ok
09:30:12.0538 2704 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
09:30:12.0538 2704 aliide - ok
09:30:12.0632 2704 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
09:30:12.0632 2704 amdagp - ok
09:30:12.0663 2704 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
09:30:12.0663 2704 amdide - ok
09:30:12.0694 2704 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
09:30:12.0819 2704 AmdK7 - ok
09:30:12.0850 2704 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
09:30:12.0897 2704 AmdK8 - ok
09:30:13.0147 2704 amdkmdag (68d791d78454684340433e52059eb45e) C:\Windows\system32\DRIVERS\atikmdag.sys
09:30:13.0490 2704 amdkmdag - ok
09:30:13.0521 2704 amdkmdap (96cd7053a516c30e61a05df9757da7de) C:\Windows\system32\DRIVERS\atikmpag.sys
09:30:13.0552 2704 amdkmdap - ok
09:30:13.0630 2704 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
09:30:13.0630 2704 arc - ok
09:30:13.0693 2704 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
09:30:13.0693 2704 arcsas - ok
09:30:13.0739 2704 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:30:13.0802 2704 AsyncMac - ok
09:30:13.0864 2704 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\DRIVERS\atapi.sys
09:30:13.0880 2704 atapi - ok
09:30:14.0145 2704 atikmdag (68d791d78454684340433e52059eb45e) C:\Windows\system32\DRIVERS\atikmdag.sys
09:30:14.0332 2704 atikmdag - ok
09:30:14.0410 2704 atksgt (e46d344412d1abc60c58e95c73bcdc70) C:\Windows\system32\DRIVERS\atksgt.sys
09:30:29.0449 2704 atksgt - ok
09:30:29.0589 2704 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:30:29.0651 2704 Beep - ok
09:30:29.0683 2704 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
09:30:29.0729 2704 blbdrive - ok
09:30:29.0807 2704 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:30:29.0854 2704 bowser - ok
09:30:29.0901 2704 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:30:29.0948 2704 BrFiltLo - ok
09:30:29.0963 2704 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:30:30.0010 2704 BrFiltUp - ok
09:30:30.0041 2704 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:30:30.0213 2704 Brserid - ok
09:30:30.0244 2704 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:30:30.0307 2704 BrSerWdm - ok
09:30:30.0338 2704 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:30:30.0385 2704 BrUsbMdm - ok
09:30:30.0416 2704 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:30:30.0478 2704 BrUsbSer - ok
09:30:30.0572 2704 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
09:30:30.0634 2704 BthEnum - ok
09:30:30.0681 2704 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
09:30:30.0728 2704 BTHMODEM - ok
09:30:30.0759 2704 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
09:30:30.0821 2704 BthPan - ok
09:30:30.0853 2704 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
09:30:30.0899 2704 BTHPORT - ok
09:30:30.0946 2704 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
09:30:30.0962 2704 BTHUSB - ok
09:30:31.0040 2704 btwaudio (fc23e3a7ae18b02dcc1a34cbef3f80af) C:\Windows\system32\drivers\btwaudio.sys
09:30:31.0055 2704 btwaudio - ok
09:30:31.0118 2704 btwavdt (5e14c92763e51130bfb9a670afd7eddf) C:\Windows\system32\drivers\btwavdt.sys
09:30:31.0149 2704 btwavdt - ok
09:30:31.0165 2704 btwrchid (ac3fd5a3bbfa114098f75b80c4c1f3e7) C:\Windows\system32\DRIVERS\btwrchid.sys
09:30:31.0180 2704 btwrchid - ok
09:30:31.0274 2704 catchme - ok
09:30:31.0352 2704 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:30:31.0414 2704 cdfs - ok
09:30:31.0477 2704 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:30:31.0523 2704 cdrom - ok
09:30:31.0539 2704 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
09:30:31.0586 2704 circlass - ok
09:30:31.0648 2704 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:30:31.0664 2704 CLFS - ok
09:30:31.0742 2704 cmdGuard (0a2e8cde40d6fd252f4a66558d6cd18d) C:\Windows\system32\DRIVERS\cmdguard.sys
09:30:31.0757 2704 cmdGuard - ok
09:30:31.0789 2704 cmdHlp (beb0da2bf48a8f7ad3c49e893936466c) C:\Windows\system32\DRIVERS\cmdhlp.sys
09:30:31.0804 2704 cmdHlp - ok
09:30:31.0851 2704 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
09:30:31.0851 2704 cmdide - ok
09:30:31.0867 2704 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
09:30:31.0882 2704 Compbatt - ok
09:30:31.0882 2704 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
09:30:31.0898 2704 crcdisk - ok
09:30:31.0913 2704 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
09:30:31.0945 2704 Crusoe - ok
09:30:32.0007 2704 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:30:32.0069 2704 DfsC - ok
09:30:32.0163 2704 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:30:32.0179 2704 disk - ok
09:30:32.0210 2704 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:30:32.0241 2704 drmkaud - ok
09:30:32.0272 2704 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:30:32.0303 2704 DXGKrnl - ok
09:30:32.0366 2704 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
09:30:32.0381 2704 e1express - ok
09:30:32.0397 2704 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:30:32.0444 2704 E1G60 - ok
09:30:32.0522 2704 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:30:32.0537 2704 Ecache - ok
09:30:32.0569 2704 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
09:30:32.0584 2704 elxstor - ok
09:30:32.0631 2704 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
09:30:32.0678 2704 ErrDev - ok
09:30:32.0740 2704 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:30:32.0787 2704 exfat - ok
09:30:32.0803 2704 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:30:32.0849 2704 fastfat - ok
09:30:32.0896 2704 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
09:30:32.0943 2704 fdc - ok
09:30:32.0974 2704 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:30:32.0974 2704 FileInfo - ok
09:30:32.0990 2704 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:30:33.0021 2704 Filetrace - ok
09:30:33.0052 2704 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:30:33.0099 2704 flpydisk - ok
09:30:33.0177 2704 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:30:33.0193 2704 FltMgr - ok
09:30:33.0302 2704 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
09:30:33.0302 2704 fssfltr - ok
09:30:33.0349 2704 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
09:30:33.0395 2704 Fs_Rec - ok
09:30:33.0411 2704 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
09:30:33.0427 2704 gagp30kx - ok
09:30:33.0489 2704 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
09:30:33.0505 2704 hamachi - ok
09:30:33.0567 2704 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
09:30:33.0629 2704 HdAudAddService - ok
09:30:33.0676 2704 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:30:33.0723 2704 HDAudBus - ok
09:30:33.0754 2704 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
09:30:33.0770 2704 HidBth - ok
09:30:33.0801 2704 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:30:33.0848 2704 HidIr - ok
09:30:33.0926 2704 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:30:33.0941 2704 HidUsb - ok
09:30:33.0988 2704 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
09:30:33.0988 2704 HpCISSs - ok
09:30:34.0035 2704 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:30:34.0129 2704 HSF_DPV - ok
09:30:34.0175 2704 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
09:30:34.0207 2704 HSXHWBS2 - ok
09:30:34.0269 2704 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:30:34.0331 2704 HTTP - ok
09:30:34.0347 2704 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
09:30:34.0363 2704 i2omp - ok
09:30:34.0441 2704 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:30:34.0487 2704 i8042prt - ok
09:30:34.0550 2704 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
09:30:34.0581 2704 iaStor - ok
09:30:34.0597 2704 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
09:30:34.0612 2704 iaStorV - ok
09:30:34.0690 2704 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:30:34.0690 2704 iirsp - ok
09:30:34.0768 2704 inspect (2c03538258729852d55f9f2b8906a8b9) C:\Windows\system32\DRIVERS\inspect.sys
09:30:34.0799 2704 inspect - ok
09:30:34.0846 2704 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
09:30:34.0877 2704 intelide - ok
09:30:34.0909 2704 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:30:34.0940 2704 intelppm - ok
09:30:35.0002 2704 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:30:35.0049 2704 IpFilterDriver - ok
09:30:35.0049 2704 IpInIp - ok
09:30:35.0080 2704 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
09:30:35.0111 2704 IPMIDRV - ok
09:30:35.0143 2704 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:30:35.0174 2704 IPNAT - ok
09:30:35.0221 2704 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:30:35.0267 2704 IRENUM - ok
09:30:35.0283 2704 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
09:30:35.0283 2704 isapnp - ok
09:30:35.0330 2704 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:30:35.0330 2704 iScsiPrt - ok
09:30:35.0345 2704 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:30:35.0361 2704 iteatapi - ok
09:30:35.0408 2704 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:30:35.0408 2704 iteraid - ok
09:30:35.0439 2704 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:30:35.0455 2704 kbdclass - ok
09:30:35.0486 2704 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:30:35.0517 2704 kbdhid - ok
09:30:35.0564 2704 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
09:30:35.0579 2704 KSecDD - ok
09:30:35.0642 2704 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\Windows\system32\DRIVERS\lirsgt.sys
09:30:35.0673 2704 lirsgt - ok
09:30:35.0689 2704 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:30:35.0720 2704 lltdio - ok
09:30:35.0767 2704 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
09:30:35.0767 2704 LSI_FC - ok
09:30:35.0798 2704 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
09:30:35.0798 2704 LSI_SAS - ok
09:30:35.0829 2704 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
09:30:35.0845 2704 LSI_SCSI - ok
09:30:35.0860 2704 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:30:35.0907 2704 luafv - ok
09:30:36.0001 2704 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
09:30:36.0032 2704 MBAMProtector - ok
09:30:36.0094 2704 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:30:36.0110 2704 mdmxsdk - ok
09:30:36.0157 2704 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
09:30:36.0172 2704 megasas - ok
09:30:36.0219 2704 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
09:30:36.0235 2704 MegaSR - ok
09:30:36.0250 2704 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:30:36.0297 2704 Modem - ok
09:30:36.0375 2704 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:30:36.0422 2704 monitor - ok
09:30:36.0469 2704 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:30:36.0469 2704 mouclass - ok
09:30:36.0500 2704 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:30:36.0531 2704 mouhid - ok
09:30:36.0562 2704 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:30:36.0562 2704 MountMgr - ok
09:30:36.0578 2704 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
09:30:36.0593 2704 mpio - ok
09:30:36.0609 2704 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:30:36.0656 2704 mpsdrv - ok
09:30:36.0718 2704 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:30:36.0734 2704 Mraid35x - ok
09:30:36.0890 2704 MRV6X32U (88cb1d492608b44faefd1f349353c7ad) C:\Windows\system32\DRIVERS\MRVW24B.sys
09:30:36.0921 2704 MRV6X32U ( UnsignedFile.Multi.Generic ) - warning
09:30:36.0921 2704 MRV6X32U - detected UnsignedFile.Multi.Generic (1)
09:30:36.0952 2704 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:30:36.0983 2704 MRxDAV - ok
09:30:37.0015 2704 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:30:37.0030 2704 mrxsmb - ok
09:30:37.0061 2704 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:30:37.0077 2704 mrxsmb10 - ok
09:30:37.0124 2704 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:30:37.0155 2704 mrxsmb20 - ok
09:30:37.0186 2704 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
09:30:37.0202 2704 msahci - ok
09:30:37.0217 2704 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
09:30:37.0233 2704 msdsm - ok
09:30:37.0249 2704 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:30:37.0295 2704 Msfs - ok
09:30:37.0342 2704 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:30:37.0358 2704 msisadrv - ok
09:30:37.0373 2704 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:30:37.0405 2704 MSKSSRV - ok
09:30:37.0451 2704 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:30:37.0498 2704 MSPCLOCK - ok
09:30:37.0529 2704 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:30:37.0561 2704 MSPQM - ok
09:30:37.0607 2704 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:30:37.0607 2704 MsRPC - ok
09:30:37.0623 2704 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:30:37.0639 2704 mssmbios - ok
09:30:37.0654 2704 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:30:37.0685 2704 MSTEE - ok
09:30:37.0717 2704 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:30:37.0732 2704 Mup - ok
09:30:37.0795 2704 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:30:37.0826 2704 NativeWifiP - ok
09:30:37.0935 2704 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:30:37.0951 2704 NDIS - ok
09:30:37.0982 2704 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:30:38.0029 2704 NdisTapi - ok
09:30:38.0044 2704 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:30:38.0060 2704 Ndisuio - ok
09:30:38.0138 2704 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:30:38.0153 2704 NdisWan - ok
09:30:38.0169 2704 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:30:38.0185 2704 NDProxy - ok
09:30:38.0231 2704 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:30:38.0247 2704 NetBIOS - ok
09:30:38.0294 2704 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:30:38.0325 2704 netbt - ok
09:30:38.0356 2704 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:30:38.0372 2704 nfrd960 - ok
09:30:38.0387 2704 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:30:38.0419 2704 Npfs - ok
09:30:38.0450 2704 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:30:38.0497 2704 nsiproxy - ok
09:30:38.0543 2704 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:30:38.0575 2704 Ntfs - ok
09:30:38.0590 2704 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:30:38.0653 2704 ntrigdigi - ok
09:30:38.0668 2704 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:30:38.0715 2704 Null - ok
09:30:38.0762 2704 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
09:30:38.0777 2704 nvraid - ok
09:30:38.0809 2704 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
09:30:38.0824 2704 nvstor - ok
09:30:38.0840 2704 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
09:30:38.0840 2704 nv_agp - ok
09:30:38.0855 2704 NwlnkFlt - ok
09:30:38.0871 2704 NwlnkFwd - ok
09:30:38.0933 2704 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
09:30:38.0965 2704 ohci1394 - ok
09:30:38.0996 2704 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:30:39.0058 2704 Parport - ok
09:30:39.0105 2704 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:30:39.0105 2704 partmgr - ok
09:30:39.0136 2704 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:30:39.0183 2704 Parvdm - ok
09:30:39.0230 2704 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:30:39.0245 2704 pci - ok
09:30:39.0245 2704 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
09:30:39.0261 2704 pciide - ok
09:30:39.0277 2704 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:30:39.0292 2704 pcmcia - ok
09:30:39.0355 2704 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:30:39.0448 2704 PEAUTH - ok
09:30:39.0495 2704 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:30:39.0542 2704 PptpMiniport - ok
09:30:39.0557 2704 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
09:30:39.0589 2704 Processor - ok
09:30:39.0635 2704 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:30:39.0667 2704 PSched - ok
09:30:39.0698 2704 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
09:30:39.0713 2704 PxHelp20 - ok
09:30:39.0776 2704 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
09:30:39.0823 2704 ql2300 - ok
09:30:39.0838 2704 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:30:39.0838 2704 ql40xx - ok
09:30:39.0869 2704 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:30:39.0885 2704 QWAVEdrv - ok
09:30:40.0072 2704 R300 (68d791d78454684340433e52059eb45e) C:\Windows\system32\DRIVERS\atikmdag.sys
09:30:40.0384 2704 R300 - ok
09:30:40.0447 2704 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:30:40.0493 2704 RasAcd - ok
09:30:40.0509 2704 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:30:40.0540 2704 Rasl2tp - ok
09:30:40.0587 2704 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:30:40.0634 2704 RasPppoe - ok
09:30:40.0665 2704 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:30:40.0681 2704 RasSstp - ok
09:30:40.0712 2704 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:30:40.0759 2704 rdbss - ok
09:30:40.0790 2704 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:30:40.0837 2704 RDPCDD - ok
09:30:40.0868 2704 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
09:30:40.0899 2704 rdpdr - ok
09:30:40.0899 2704 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:30:40.0930 2704 RDPENCDD - ok
09:30:40.0977 2704 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:30:40.0993 2704 RDPWD - ok
09:30:41.0055 2704 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
09:30:41.0086 2704 RFCOMM - ok
09:30:41.0117 2704 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:30:41.0164 2704 rspndr - ok
09:30:41.0227 2704 RTL8187B (d5d2e9f785fda3c1e021fde9f218c7f5) C:\Windows\system32\DRIVERS\wg111v3.sys
09:30:41.0242 2704 RTL8187B - ok
09:30:41.0289 2704 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
09:30:41.0305 2704 RtlProt - ok
09:30:41.0367 2704 s616bus (ef4b5a8d53f15cb269469dd4e4bb0109) C:\Windows\system32\DRIVERS\s616bus.sys
09:30:41.0383 2704 s616bus - ok
09:30:41.0398 2704 s616mdfl (96187731eefcf83e844bc1ce6617aaeb) C:\Windows\system32\DRIVERS\s616mdfl.sys
09:30:41.0414 2704 s616mdfl - ok
09:30:41.0429 2704 s616mdm (d2dd87368bfecfa099e50dc120f3f513) C:\Windows\system32\DRIVERS\s616mdm.sys
09:30:41.0445 2704 s616mdm - ok
09:30:41.0461 2704 s616nd5 (b9b507fcc67e204ef38e05ffd4176345) C:\Windows\system32\DRIVERS\s616nd5.sys
09:30:41.0492 2704 s616nd5 - ok
09:30:41.0539 2704 s616obex (f123a1f2a04a0e8dba80b64f0072475a) C:\Windows\system32\DRIVERS\s616obex.sys
09:30:41.0554 2704 s616obex - ok
09:30:41.0570 2704 s616unic (e7e55048ebd5c17bfa791b4a6ec3d54b) C:\Windows\system32\DRIVERS\s616unic.sys
09:30:41.0585 2704 s616unic - ok
09:30:41.0663 2704 sbapifs (6b650ed23a6677e197cdfc8a99cfcd8c) C:\Windows\system32\DRIVERS\sbapifs.sys
09:30:41.0679 2704 sbapifs - ok
09:30:41.0710 2704 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:30:41.0710 2704 sbp2port - ok
09:30:41.0788 2704 SBRE (16b11c7940182163d680284ebd0b5342) C:\Windows\system32\drivers\SBREDrv.sys
09:30:41.0819 2704 SBRE - ok
09:30:41.0835 2704 SbTis (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys
09:30:41.0866 2704 SbTis - ok
09:30:41.0897 2704 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:30:41.0960 2704 secdrv - ok
09:30:41.0975 2704 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:30:42.0022 2704 Serenum - ok
09:30:42.0038 2704 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:30:42.0085 2704 Serial - ok
09:30:42.0100 2704 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:30:42.0147 2704 sermouse - ok
09:30:42.0178 2704 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
09:30:42.0209 2704 sffdisk - ok
09:30:42.0241 2704 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
09:30:42.0256 2704 sffp_mmc - ok
09:30:42.0287 2704 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
09:30:42.0319 2704 sffp_sd - ok
09:30:42.0350 2704 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:30:42.0412 2704 sfloppy - ok
09:30:42.0459 2704 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
09:30:42.0459 2704 sisagp - ok
09:30:42.0475 2704 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
09:30:42.0490 2704 SiSRaid2 - ok
09:30:42.0506 2704 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
09:30:42.0521 2704 SiSRaid4 - ok
09:30:42.0553 2704 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:30:42.0568 2704 Smb - ok
09:30:42.0599 2704 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:30:42.0615 2704 spldr - ok
09:30:42.0693 2704 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
09:30:42.0693 2704 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
09:30:42.0693 2704 sptd ( LockedFile.Multi.Generic ) - warning
09:30:42.0693 2704 sptd - detected LockedFile.Multi.Generic (1)
09:30:42.0740 2704 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:30:42.0787 2704 srv - ok
09:30:42.0802 2704 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:30:42.0833 2704 srv2 - ok
09:30:42.0865 2704 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:30:42.0911 2704 srvnet - ok
09:30:42.0989 2704 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
09:30:43.0021 2704 STHDA - ok
09:30:43.0083 2704 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:30:43.0083 2704 swenum - ok
09:30:43.0130 2704 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:30:43.0130 2704 Symc8xx - ok
09:30:43.0161 2704 SymIM - ok
09:30:43.0161 2704 SymIMMP - ok
09:30:43.0208 2704 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:30:43.0223 2704 Sym_hi - ok
09:30:43.0239 2704 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:30:43.0255 2704 Sym_u3 - ok
09:30:43.0333 2704 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
09:30:43.0348 2704 Tcpip - ok
09:30:43.0379 2704 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
09:30:43.0411 2704 Tcpip6 - ok
09:30:43.0442 2704 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
09:30:43.0504 2704 tcpipreg - ok
09:30:43.0520 2704 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:30:43.0551 2704 TDPIPE - ok
09:30:43.0582 2704 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:30:43.0598 2704 TDTCP - ok
09:30:43.0645 2704 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:30:43.0660 2704 tdx - ok
09:30:43.0676 2704 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:30:43.0691 2704 TermDD - ok
09:30:43.0707 2704 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:30:43.0723 2704 tssecsrv - ok
09:30:43.0754 2704 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:30:43.0801 2704 tunmp - ok
09:30:43.0832 2704 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:30:43.0879 2704 tunnel - ok
09:30:43.0894 2704 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
09:30:43.0910 2704 uagp35 - ok
09:30:43.0941 2704 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:30:43.0972 2704 udfs - ok
09:30:44.0003 2704 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
09:30:44.0003 2704 uliagpkx - ok
09:30:44.0019 2704 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
09:30:44.0035 2704 uliahci - ok
09:30:44.0050 2704 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:30:44.0066 2704 UlSata - ok
09:30:44.0081 2704 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:30:44.0097 2704 ulsata2 - ok
09:30:44.0113 2704 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:30:44.0144 2704 umbus - ok
09:30:44.0175 2704 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:30:44.0237 2704 usbccgp - ok
09:30:44.0253 2704 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:30:44.0315 2704 usbcir - ok
09:30:44.0362 2704 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:30:44.0378 2704 usbehci - ok
09:30:44.0393 2704 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:30:44.0440 2704 usbhub - ok
09:30:44.0471 2704 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
09:30:44.0503 2704 usbohci - ok
09:30:44.0518 2704 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
09:30:44.0565 2704 usbprint - ok
09:30:44.0596 2704 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:30:44.0643 2704 USBSTOR - ok
09:30:44.0690 2704 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:30:44.0721 2704 usbuhci - ok
09:30:44.0752 2704 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
09:30:44.0799 2704 vga - ok
09:30:44.0815 2704 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:30:44.0830 2704 VgaSave - ok
09:30:44.0877 2704 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
09:30:44.0893 2704 viaagp - ok
09:30:44.0924 2704 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
09:30:44.0955 2704 ViaC7 - ok
09:30:44.0971 2704 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
09:30:44.0971 2704 viaide - ok
09:30:45.0002 2704 VMnetAdapter - ok
09:30:45.0033 2704 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:30:45.0049 2704 volmgr - ok
09:30:45.0095 2704 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:30:45.0111 2704 volmgrx - ok
09:30:45.0158 2704 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:30:45.0173 2704 volsnap - ok
09:30:45.0189 2704 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
09:30:45.0205 2704 vsmraid - ok
09:30:45.0220 2704 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:30:45.0267 2704 WacomPen - ok
09:30:45.0283 2704 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:30:45.0298 2704 Wanarp - ok
09:30:45.0314 2704 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:30:45.0329 2704 Wanarpv6 - ok
09:30:45.0345 2704 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
09:30:45.0361 2704 Wd - ok
09:30:45.0392 2704 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
09:30:45.0407 2704 Wdf01000 - ok
09:30:45.0454 2704 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:30:45.0501 2704 winachsf - ok
09:30:45.0563 2704 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
09:30:45.0595 2704 WinUsb - ok
09:30:45.0673 2704 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
09:30:45.0719 2704 WmiAcpi - ok
09:30:45.0782 2704 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
09:30:45.0844 2704 WpdUsb - ok
09:30:45.0875 2704 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:30:45.0891 2704 ws2ifsl - ok
09:30:45.0922 2704 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:30:45.0953 2704 WUDFRd - ok
09:30:45.0969 2704 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
09:30:45.0985 2704 XAudio - ok
09:30:46.0078 2704 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:30:46.0172 2704 \Device\Harddisk0\DR0 - ok
09:30:46.0187 2704 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
09:30:46.0858 2704 \Device\Harddisk1\DR1 - ok
09:30:46.0874 2704 Boot (0x1200) (e798e6d70f9958ff75d5464acc8fd5d7) \Device\Harddisk0\DR0\Partition0
09:30:46.0874 2704 \Device\Harddisk0\DR0\Partition0 - ok
09:30:46.0889 2704 Boot (0x1200) (c8af6a11026f3af21fe341a65f082455) \Device\Harddisk0\DR0\Partition1
09:30:46.0889 2704 \Device\Harddisk0\DR0\Partition1 - ok
09:30:46.0905 2704 Boot (0x1200) (7f91c8994969834dcd468a0de7b21a9a) \Device\Harddisk1\DR1\Partition0
09:30:46.0905 2704 \Device\Harddisk1\DR1\Partition0 - ok
09:30:46.0905 2704 ============================================================
09:30:46.0905 2704 Scan finished
09:30:46.0905 2704

 

[darkx]

============================================================
09:30:46.0921 2420 Detected object count: 2
09:30:46.0921 2420 Actual detected object count: 2
09:31:05.0531 2420 C:\Windows\system32\DRIVERS\MRVW24B.sys - copied to quarantine
09:31:05.0531 2420 MRV6X32U ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:31:05.0641 2420 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
09:31:05.0641 2420 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
09:31:21.0927 3612 ============================================================
09:31:21.0927 3612 Scan started
09:31:21.0927 3612 Mode: Manual; SigCheck; TDLFS;
09:31:21.0927 3612 ============================================================
09:31:22.0099 3612 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:31:22.0130 3612 ACPI - ok
09:31:22.0161 3612 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
09:31:22.0177 3612 adp94xx - ok
09:31:22.0192 3612 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
09:31:22.0208 3612 adpahci - ok
09:31:22.0255 3612 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
09:31:22.0255 3612 adpu160m - ok
09:31:22.0286 3612 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
09:31:22.0301 3612 adpu320 - ok
09:31:22.0411 3612 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:31:22.0426 3612 AFD - ok
09:31:22.0442 3612 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
09:31:22.0442 3612 agp440 - ok
09:31:22.0489 3612 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:31:22.0504 3612 aic78xx - ok
09:31:22.0520 3612 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
09:31:22.0535 3612 aliide - ok
09:31:22.0551 3612 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
09:31:22.0551 3612 amdagp - ok
09:31:22.0582 3612 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
09:31:22.0582 3612 amdide - ok
09:31:22.0598 3612 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
09:31:22.0629 3612 AmdK7 - ok
09:31:22.0645 3612 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
09:31:22.0676 3612 AmdK8 - ok
09:31:22.0879 3612 amdkmdag (68d791d78454684340433e52059eb45e) C:\Windows\system32\DRIVERS\atikmdag.sys
09:31:23.0081 3612 amdkmdag - ok
09:31:23.0113 3612 amdkmdap (96cd7053a516c30e61a05df9757da7de) C:\Windows\system32\DRIVERS\atikmpag.sys
09:31:23.0128 3612 amdkmdap - ok
09:31:23.0144 3612 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
09:31:23.0159 3612 arc - ok
09:31:23.0175 3612 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
09:31:23.0175 3612 arcsas - ok
09:31:23.0191 3612 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:31:23.0222 3612 AsyncMac - ok
09:31:23.0253 3612 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\DRIVERS\atapi.sys
09:31:23.0269 3612 atapi - ok
09:31:23.0440 3612 atikmdag (68d791d78454684340433e52059eb45e) C:\Windows\system32\DRIVERS\atikmdag.sys
09:31:23.0627 3612 atikmdag - ok
09:31:23.0674 3612 atksgt (e46d344412d1abc60c58e95c73bcdc70) C:\Windows\system32\DRIVERS\atksgt.sys
09:31:38.0713 3612 atksgt - ok
09:31:38.0822 3612 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:31:38.0837 3612 Beep - ok
09:31:38.0869 3612 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
09:31:38.0884 3612 blbdrive - ok
09:31:38.0947 3612 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:31:38.0962 3612 bowser - ok
09:31:38.0978 3612 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:31:38.0993 3612 BrFiltLo - ok
09:31:39.0025 3612 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:31:39.0040 3612 BrFiltUp - ok
09:31:39.0056 3612 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:31:39.0087 3612 Brserid - ok
09:31:39.0118 3612 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:31:39.0149 3612 BrSerWdm - ok
09:31:39.0196 3612 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:31:39.0227 3612 BrUsbMdm - ok
09:31:39.0274 3612 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:31:39.0321 3612 BrUsbSer - ok
09:31:39.0352 3612 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
09:31:39.0383 3612 BthEnum - ok
09:31:39.0415 3612 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
09:31:39.0430 3612 BTHMODEM - ok
09:31:39.0461 3612 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
09:31:39.0477 3612 BthPan - ok
09:31:39.0508 3612 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
09:31:39.0539 3612 BTHPORT - ok
09:31:39.0555 3612 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
09:31:39.0571 3612 BTHUSB - ok
09:31:39.0617 3612 btwaudio (fc23e3a7ae18b02dcc1a34cbef3f80af) C:\Windows\system32\drivers\btwaudio.sys
09:31:39.0633 3612 btwaudio - ok
09:31:39.0664 3612 btwavdt (5e14c92763e51130bfb9a670afd7eddf) C:\Windows\system32\drivers\btwavdt.sys
09:31:39.0680 3612 btwavdt - ok
09:31:39.0711 3612 btwrchid (ac3fd5a3bbfa114098f75b80c4c1f3e7) C:\Windows\system32\DRIVERS\btwrchid.sys
09:31:39.0727 3612 btwrchid - ok
09:31:39.0805 3612 catchme - ok
09:31:39.0820 3612 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:31:39.0851 3612 cdfs - ok
09:31:39.0914 3612 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:31:39.0929 3612 cdrom - ok
09:31:39.0945 3612 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
09:31:39.0961 3612 circlass - ok
09:31:40.0007 3612 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:31:40.0023 3612 CLFS - ok
09:31:40.0070 3612 cmdGuard (0a2e8cde40d6fd252f4a66558d6cd18d) C:\Windows\system32\DRIVERS\cmdguard.sys
09:31:40.0101 3612 cmdGuard - ok
09:31:40.0132 3612 cmdHlp (beb0da2bf48a8f7ad3c49e893936466c) C:\Windows\system32\DRIVERS\cmdhlp.sys
09:31:40.0148 3612 cmdHlp - ok
09:31:40.0226 3612 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
09:31:40.0226 3612 cmdide - ok
09:31:40.0257 3612 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
09:31:40.0273 3612 Compbatt - ok
09:31:40.0288 3612 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
09:31:40.0304 3612 crcdisk - ok
09:31:40.0335 3612 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
09:31:40.0351 3612 Crusoe - ok
09:31:40.0413 3612 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:31:40.0429 3612 DfsC - ok
09:31:40.0475 3612 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:31:40.0491 3612 disk - ok
09:31:40.0522 3612 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:31:40.0538 3612 drmkaud - ok
09:31:40.0585 3612 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:31:40.0616 3612 DXGKrnl - ok
09:31:40.0631 3612 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
09:31:40.0647 3612 e1express - ok
09:31:40.0678 3612 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:31:40.0694 3612 E1G60 - ok
09:31:40.0741 3612 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:31:40.0741 3612 Ecache - ok
09:31:40.0772 3612 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
09:31:40.0787 3612 elxstor - ok
09:31:40.0803 3612 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
09:31:40.0834 3612 ErrDev - ok
09:31:40.0881 3612 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:31:40.0943 3612 exfat - ok
09:31:40.0990 3612 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:31:41.0006 3612 fastfat - ok
09:31:41.0053 3612 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
09:31:41.0084 3612 fdc - ok
09:31:41.0099 3612 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:31:41.0115 3612 FileInfo - ok
09:31:41.0115 3612 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:31:41.0146 3612 Filetrace - ok
09:31:41.0162 3612 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:31:41.0177 3612 flpydisk - ok
09:31:41.0224 3612 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:31:41.0240 3612 FltMgr - ok
09:31:41.0271 3612 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
09:31:41.0287 3612 fssfltr - ok
09:31:41.0302 3612 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
09:31:41.0318 3612 Fs_Rec - ok
09:31:41.0333 3612 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
09:31:41.0349 3612 gagp30kx - ok
09:31:41.0411 3612 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
09:31:41.0427 3612 hamachi - ok
09:31:41.0458 3612 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
09:31:41.0474 3612 HdAudAddService - ok
09:31:41.0536 3612 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:31:41.0552 3612 HDAudBus - ok
09:31:41.0599 3612 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
09:31:41.0614 3612 HidBth - ok
09:31:41.0645 3612 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:31:41.0677 3612 HidIr - ok
09:31:41.0723 3612 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:31:41.0739 3612 HidUsb - ok
09:31:41.0770 3612 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
09:31:41.0786 3612 HpCISSs - ok
09:31:41.0879 3612 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:31:41.0942 3612 HSF_DPV - ok
09:31:41.0957 3612 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
09:31:41.0957 3612 HSXHWBS2 - ok
09:31:42.0035 3612 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:31:42.0067 3612 HTTP - ok
09:31:42.0098 3612 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
09:31:42.0098 3612 i2omp - ok
09:31:42.0129 3612 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:31:42.0145 3612 i8042prt - ok
09:31:42.0176 3612 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
09:31:42.0207 3612 iaStor - ok
09:31:42.0223 3612 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
09:31:42.0238 3612 iaStorV - ok
09:31:42.0254 3612 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:31:42.0269 3612 iirsp - ok
09:31:42.0316 3612 inspect (2c03538258729852d55f9f2b8906a8b9) C:\Windows\system32\DRIVERS\inspect.sys
09:31:42.0332 3612 inspect - ok
09:31:42.0363 3612 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
09:31:42.0363 3612 intelide - ok
09:31:42.0379 3612 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:31:42.0410 3612 intelppm - ok
09:31:42.0425 3612 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:31:42.0441 3612 IpFilterDriver - ok
09:31:42.0457 3612 IpInIp - ok
09:31:42.0488 3612 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
09:31:42.0503 3612 IPMIDRV - ok
09:31:42.0519 3612 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:31:42.0550 3612 IPNAT - ok
09:31:42.0566 3612 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:31:42.0597 3612 IRENUM - ok
09:31:42.0597 3612 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
09:31:42.0613 3612 isapnp - ok
09:31:42.0644 3612 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:31:42.0659 3612 iScsiPrt - ok
09:31:42.0675 3612 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:31:42.0691 3612 iteatapi - ok
09:31:42.0722 3612 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:31:42.0722 3612 iteraid - ok
09:31:42.0737 3612 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:31:42.0753 3612 kbdclass - ok
09:31:42.0784 3612 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:31:42.0815 3612 kbdhid - ok
09:31:42.0847 3612 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
09:31:42.0878 3612 KSecDD - ok
09:31:42.0925 3612 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\Windows\system32\DRIVERS\lirsgt.sys
09:31:42.0940 3612 lirsgt - ok
09:31:42.0971 3612 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:31:42.0987 3612 lltdio - ok
09:31:43.0003 3612 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
09:31:43.0018 3612 LSI_FC - ok
09:31:43.0034 3612 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
09:31:43.0049 3612 LSI_SAS - ok
09:31:43.0081 3612 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
09:31:43.0096 3612 LSI_SCSI - ok
09:31:43.0159 3612 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:31:43.0174 3612 luafv - ok
09:31:43.0237 3612 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
09:31:43.0268 3612 MBAMProtector - ok
09:31:43.0299 3612 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:31:43.0299 3612 mdmxsdk - ok
09:31:43.0346 3612 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
09:31:43.0346 3612 megasas - ok
09:31:43.0377 3612 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
09:31:43.0393 3612 MegaSR - ok
09:31:43.0408 3612 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:31:43.0439 3612 Modem - ok
09:31:43.0486 3612 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:31:43.0502 3612 monitor - ok
09:31:43.0533 3612 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:31:43.0549 3612 mouclass - ok
09:31:43.0564 3612 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:31:43.0580 3612 mouhid - ok
09:31:43.0595 3612 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:31:43.0611 3612 MountMgr - ok
09:31:43.0642 3612 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
09:31:43.0658 3612 mpio - ok
09:31:43.0673 3612 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:31:43.0689 3612 mpsdrv - ok
09:31:43.0705 3612 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:31:43.0720 3612 Mraid35x - ok
09:31:43.0767 3612 MRV6X32U (88cb1d492608b44faefd1f349353c7ad) C:\Windows\system32\DRIVERS\MRVW24B.sys
09:31:43.0767 3612 MRV6X32U ( UnsignedFile.Multi.Generic ) - warning
09:31:43.0767 3612 MRV6X32U - detected UnsignedFile.Multi.Generic (1)
09:31:43.0798 3612 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:31:43.0814 3612 MRxDAV - ok
09:31:43.0861 3612 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:31:43.0892 3612 mrxsmb - ok
09:31:43.0923 3612 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:31:43.0939 3612 mrxsmb10 - ok
09:31:43.0954 3612 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:31:43.0970 3612 mrxsmb20 - ok
09:31:44.0001 3612 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
09:31:44.0001 3612 msahci - ok
09:31:44.0017 3612 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
09:31:44.0032 3612 msdsm - ok
09:31:44.0048 3612 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:31:44.0063 3612 Msfs - ok
09:31:44.0079 3612 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:31:44.0095 3612 msisadrv - ok
09:31:44.0110 3612 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:31:44.0141 3612 MSKSSRV - ok
09:31:44.0157 3612 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:31:44.0173 3612 MSPCLOCK - ok
09:31:44.0188 3612 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:31:44.0219 3612 MSPQM - ok
09:31:44.0251 3612 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:31:44.0266 3612 MsRPC - ok
09:31:44.0282 3612 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:31:44.0282 3612 mssmbios - ok
09:31:44.0297 3612 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:31:44.0329 3612 MSTEE - ok
09:31:44.0375 3612 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:31:44.0391 3612 Mup - ok
09:31:44.0438 3612 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:31:44.0453 3612 NativeWifiP - ok
09:31:44.0485 3612 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:31:44.0516 3612 NDIS - ok
09:31:44.0531 3612 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:31:44.0547 3612 NdisTapi - ok
09:31:44.0563 3612 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:31:44.0578 3612 Ndisuio - ok
09:31:44.0687 3612 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:31:44.0703 3612 NdisWan - ok
09:31:44.0719 3612 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:31:44.0750 3612 NDProxy - ok
09:31:44.0781 3612 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:31:44.0812 3612 NetBIOS - ok
09:31:44.0843 3612 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:31:44.0859 3612 netbt - ok
09:31:44.0875 3612 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:31:44.0890 3612 nfrd960 - ok
09:31:44.0906 3612 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:31:44.0921 3612 Npfs - ok
09:31:44.0937 3612 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:31:44.0953 3612 nsiproxy - ok
09:31:45.0015 3612 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:31:45.0062 3612 Ntfs - ok
09:31:45.0077 3612 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:31:45.0124 3612 ntrigdigi - ok
09:31:45.0140 3612 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:31:45.0155 3612 Null - ok
09:31:45.0171 3612 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
09:31:45.0187 3612 nvraid - ok
09:31:45.0202 3612 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
09:31:45.0218 3612 nvstor - ok
09:31:45.0233 3612 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
09:31:45.0233 3612 nv_agp - ok
09:31:45.0249 3612 NwlnkFlt - ok
09:31:45.0265 3612 NwlnkFwd - ok
09:31:45.0296 3612 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
09:31:45.0311 3612 ohci1394 - ok
09:31:45.0327 3612 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:31:45.0374 3612 Parport - ok
09:31:45.0421 3612 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:31:45.0436 3612 partmgr - ok
09:31:45.0467 3612 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:31:45.0514 3612 Parvdm - ok
09:31:45.0561 3612 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:31:45.0561 3612 pci - ok
09:31:45.0592 3612 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
09:31:45.0592 3612 pciide - ok
09:31:45.0608 3612 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:31:45.0623 3612 pcmcia - ok
09:31:45.0686 3612 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:31:45.0748 3612 PEAUTH - ok
09:31:45.0826 3612 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:31:45.0842 3612 PptpMiniport - ok
09:31:45.0873 3612 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
09:31:45.0889 3612 Processor - ok
09:31:45.0935 3612 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:31:45.0967 3612 PSched - ok
09:31:45.0982 3612 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
09:31:46.0013 3612 PxHelp20 - ok
09:31:46.0045 3612 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
09:31:46.0076 3612 ql2300 - ok
09:31:46.0107 3612 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:31:46.0107 3612 ql40xx - ok
09:31:46.0138 3612 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:31:46.0138 3612 QWAVEdrv - ok
09:31:46.0341 3612 R300 (68d791d78454684340433e52059eb45e) C:\Windows\system32\DRIVERS\atikmdag.sys
09:31:46.0528 3612 R300 - ok
09:31:46.0559 3612 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:31:46.0575 3612 RasAcd - ok
09:31:46.0606 3612 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:31:46.0622 3612 Rasl2tp - ok
09:31:46.0684 3612 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:31:46.0700 3612 RasPppoe - ok
09:31:46.0731 3612 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:31:46.0747 3612 RasSstp - ok
09:31:46.0778 3612 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:31:46.0809 3612 rdbss - ok
09:31:46.0825 3612 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:31:46.0856 3612 RDPCDD - ok
09:31:46.0887 3612 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
09:31:46.0903 3612 rdpdr - ok
09:31:46.0918 3612 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:31:46.0934 3612 RDPENCDD - ok
09:31:46.0981 3612 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:31:47.0012 3612 RDPWD - ok
09:31:47.0074 3612 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
09:31:47.0090 3612 RFCOMM - ok
09:31:47.0105 3612 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:31:47.0137 3612 rspndr - ok
09:31:47.0199 3612 RTL8187B (d5d2e9f785fda3c1e021fde9f218c7f5) C:\Windows\system32\DRIVERS\wg111v3.sys
09:31:47.0230 3612 RTL8187B - ok
09:31:47.0261 3612 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
09:31:47.0293 3612 RtlProt - ok
09:31:47.0339 3612 s616bus (ef4b5a8d53f15cb269469dd4e4bb0109) C:\Windows\system32\DRIVERS\s616bus.sys
09:31:47.0355 3612 s616bus - ok
09:31:47.0386 3612 s616mdfl (96187731eefcf83e844bc1ce6617aaeb) C:\Windows\system32\DRIVERS\s616mdfl.sys
09:31:47.0402 3612 s616mdfl - ok
09:31:47.0417 3612 s616mdm (d2dd87368bfecfa099e50dc120f3f513) C:\Windows\system32\DRIVERS\s616mdm.sys
09:31:47.0449 3612 s616mdm - ok
09:31:47.0480 3612 s616nd5 (b9b507fcc67e204ef38e05ffd4176345) C:\Windows\system32\DRIVERS\s616nd5.sys
09:31:47.0511 3612 s616nd5 - ok
09:31:47.0589 3612 s616obex (f123a1f2a04a0e8dba80b64f0072475a) C:\Windows\system32\DRIVERS\s616obex.sys
09:31:47.0605 3612 s616obex - ok
09:31:47.0667 3612 s616unic (e7e55048ebd5c17bfa791b4a6ec3d54b) C:\Windows\system32\DRIVERS\s616unic.sys
09:31:47.0683 3612 s616unic - ok
09:31:47.0745 3612 sbapifs (6b650ed23a6677e197cdfc8a99cfcd8c) C:\Windows\system32\DRIVERS\sbapifs.sys
09:31:47.0761 3612 sbapifs - ok
09:31:47.0792 3612 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:31:47.0807 3612 sbp2port - ok
09:31:47.0839 3612 SBRE (16b11c7940182163d680284ebd0b5342) C:\Windows\system32\drivers\SBREDrv.sys
09:31:47.0870 3612 SBRE - ok
09:31:47.0885 3612 SbTis (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys
09:31:47.0917 3612 SbTis - ok
09:31:47.0948 3612 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:31:47.0979 3612 secdrv - ok
09:31:48.0010 3612 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:31:48.0057 3612 Serenum - ok
09:31:48.0073 3612 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:31:48.0104 3612 Serial - ok
09:31:48.0135 3612 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:31:48.0151 3612 sermouse - ok
09:31:48.0182 3612 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
09:31:48.0197 3612 sffdisk - ok
09:31:48.0213 3612 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
09:31:48.0244 3612 sffp_mmc - ok
09:31:48.0244 3612 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
09:31:48.0275 3612 sffp_sd - ok
09:31:48.0275 3612 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:31:48.0322 3612 sfloppy - ok
09:31:48.0338 3612 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
09:31:48.0353 3612 sisagp - ok
09:31:48.0369 3612 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
09:31:48.0369 3612 SiSRaid2 - ok
09:31:48.0400 3612 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
09:31:48.0400 3612 SiSRaid4 - ok
09:31:48.0447 3612 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:31:48.0463 3612 Smb - ok
09:31:48.0494 3612 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:31:48.0494 3612 spldr - ok
09:31:48.0587 3612 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
09:31:48.0587 3612 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
09:31:48.0587 3612 sptd ( LockedFile.Multi.Generic ) - warning
09:31:48.0587 3612 sptd - detected LockedFile.Multi.Generic (1)
09:31:48.0665 3612 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:31:48.0681 3612 srv - ok
09:31:48.0712 3612 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:31:48.0728 3612 srv2 - ok
09:31:48.0806 3612 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:31:48.0806 3612 srvnet - ok
09:31:48.0853 3612 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
09:31:48.0868 3612 STHDA - ok
09:31:48.0899 3612 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:31:48.0899 3612 swenum - ok
09:31:48.0931 3612 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:31:48.0931 3612 Symc8xx - ok
09:31:48.0946 3612 SymIM - ok
09:31:48.0946 3612 SymIMMP - ok
09:31:48.0977 3612 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:31:48.0977 3612 Sym_hi - ok
09:31:49.0009 3612 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:31:49.0009 3612 Sym_u3 - ok
09:31:49.0087 3612 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
09:31:49.0118 3612 Tcpip - ok
09:31:49.0149 3612 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
09:31:49.0165 3612 Tcpip6 - ok
09:31:49.0211 3612 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
09:31:49.0227 3612 tcpipreg - ok
09:31:49.0258 3612 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:31:49.0274 3612 TDPIPE - ok
09:31:49.0289 3612 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:31:49.0321 3612 TDTCP - ok
09:31:49.0367 3612 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:31:49.0399 3612 tdx - ok
09:31:49.0414 3612 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:31:49.0414 3612 TermDD - ok
09:31:49.0445 3612 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:31:49.0461 3612 tssecsrv - ok
09:31:49.0477 3612 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:31:49.0492 3612 tunmp - ok
09:31:49.0555 3612 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:31:49.0555 3612 tunnel - ok
09:31:49.0601 3612 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
09:31:49.0617 3612 uagp35 - ok
09:31:49.0664 3612 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:31:49.0679 3612 udfs - ok
09:31:49.0695 3612 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
09:31:49.0711 3612 uliagpkx - ok
09:31:49.0726 3612 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
09:31:49.0742 3612 uliahci - ok
09:31:49.0757 3612 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:31:49.0773 3612 UlSata - ok
09:31:49.0804 3612 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:31:49.0820 3612 ulsata2 - ok
09:31:49.0835 3612 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:31:49.0867 3612 umbus - ok
09:31:49.0898 3612 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:31:49.0913 3612 usbccgp - ok
09:31:49.0945 3612 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:31:49.0991 3612 usbcir - ok
09:31:50.0038 3612 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:31:50.0054 3612 usbehci - ok
09:31:50.0069 3612 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:31:50.0101 3612 usbhub - ok
09:31:50.0116 3612 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
09:31:50.0147 3612 usbohci - ok
09:31:50.0163 3612 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
09:31:50.0194 3612 usbprint - ok
09:31:50.0241 3612 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:31:50.0257 3612 USBSTOR - ok
09:31:50.0272 3612 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:31:50.0288 3612 usbuhci - ok
09:31:50.0319 3612 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
09:31:50.0335 3612 vga - ok
09:31:50.0366 3612 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:31:50.0381 3612 VgaSave - ok
09:31:50.0413 3612 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
09:31:50.0413 3612 viaagp - ok
09:31:50.0428 3612 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
09:31:50.0459 3612 ViaC7 - ok
09:31:50.0459 3612 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
09:31:50.0475 3612 viaide - ok
09:31:50.0491 3612 VMnetAdapter - ok
09:31:50.0506 3612 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:31:50.0506 3612 volmgr - ok
09:31:50.0569 3612 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:31:50.0584 3612 volmgrx - ok
09:31:50.0631 3612 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:31:50.0647 3612 volsnap - ok
09:31:50.0662 3612 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
09:31:50.0678 3612 vsmraid - ok
09:31:50.0693 3612 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:31:50.0740 3612 WacomPen - ok
09:31:50.0756 3612 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:31:50.0771 3612 Wanarp - ok
09:31:50.0787 3612 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:31:50.0803 3612 Wanarpv6 - ok
09:31:50.0834 3612 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
09:31:50.0834 3612 Wd - ok
09:31:50.0865 3612 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
09:31:50.0896 3612 Wdf01000 - ok
09:31:50.0943 3612 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:31:50.0959 3612 winachsf - ok
09:31:51.0115 3612 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
09:31:51.0130 3612 WinUsb - ok
09:31:51.0146 3612 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
09:31:51.0177 3612 WmiAcpi - ok
09:31:51.0239 3612 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
09:31:51.0255 3612 WpdUsb - ok
09:31:51.0271 3612 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:31:51.0302 3612 ws2ifsl - ok
09:31:51.0817 3612 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:31:51.0832 3612 WUDFRd - ok
09:31:51.0863 3612 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
09:31:51.0879 3612 XAudio - ok
09:31:51.0926 3612 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:31:51.0988 3612 \Device\Harddisk0\DR0 - ok
09:31:51.0988 3612 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
09:31:52.0612 3612 \Device\Harddisk1\DR1 - ok
09:31:52.0643 3612 Boot (0x1200) (e798e6d70f9958ff75d5464acc8fd5d7) \Device\Harddisk0\DR0\Partition0
09:31:52.0643 3612 \Device\Harddisk0\DR0\Partition0 - ok
09:31:52.0643 3612 Boot (0x1200) (c8af6a11026f3af21fe341a65f082455) \Device\Harddisk0\DR0\Partition1
09:31:52.0643 3612 \Device\Harddisk0\DR0\Partition1 - ok
09:31:52.0643 3612 Boot (0x1200) (7f91c8994969834dcd468a0de7b21a9a) \Device\Harddisk1\DR1\Partition0
09:31:52.0643 3612 \Device\Harddisk1\DR1\Partition0 - ok
09:31:52.0643 3612 ============================================================
09:31:52.0643 3612 Scan finished
09:31:52.0643 3612 ============================================================
09:31:52.0659 2940 Detected object count: 2
09:31:52.0659 2940 Actual detected object count: 2
09:32:06.0449 2940 HKLM\SYSTEM\ControlSet001\services\MRV6X32U - will be deleted on reboot
09:32:06.0481 2940 HKLM\SYSTEM\ControlSet003\services\MRV6X32U - will be deleted on reboot
09:32:06.0481 2940 C:\Windows\system32\DRIVERS\MRVW24B.sys - will be deleted on reboot
09:32:06.0481 2940 MRV6X32U ( UnsignedFile.Multi.Generic ) - User select action: Delete
09:32:06.0481 2940 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
09:32:06.0481 2940 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted on reboot
09:32:06.0496 2940 C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
09:32:06.0496 2940 sptd ( LockedFile.Multi.Generic ) - User select action: Delete
09:32:08.0727 2296 Deinitialize success

 

[darkx]

Ehh, after rebooting Normal mode isn't working, after the welcome screen the moniter sort of flickers and goes blank, though the pc is still on. Left it like that and rebooted a few times, Safe mode works fine though. I'm currently logged onto safemode with networking.