Solved Trojan horse Crypt.AQLW, Internet pops up, computer crashing

Perfect!

Any other current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Alas, I just started firefox to post these logs and got a redirect to an ad site. The machine also appears to be using the hard disk a lot.

OTL logs to follow:
 
OTL logfile created on: 26/02/2012 22:20:37 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Mark\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 64.32% Memory free
6.69 Gb Paging File | 5.22 Gb Available in Paging File | 78.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 33.89 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
Drive F: | 596.17 Gb Total Space | 323.89 Gb Free Space | 54.33% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/26 22:19:58 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
PRC - [2012/02/10 04:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/10 03:02:27 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/02/10 03:02:07 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/02/09 20:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/10/13 09:31:58 | 002,042,088 | ---- | M] (GameStop Corp.) -- C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 23:27:22 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/11/04 11:39:20 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008/05/26 15:20:50 | 000,585,728 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
PRC - [2008/05/26 15:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
PRC - [2007/06/07 00:50:14 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbtcoms.exe
PRC - [2005/08/31 10:46:50 | 001,691,648 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\WG311v3.exe


========== Modules (No Company Name) ==========

MOD - [2009/04/10 23:28:24 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/04/10 23:28:24 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/05/26 15:14:58 | 000,011,776 | ---- | M] () -- C:\Program Files\Virgin Broadband Wireless\AffinegyServicePS.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/08/31 10:46:50 | 001,691,648 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\WG311v3.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WUSB54GSv2SVC)
SRV - File not found [Auto | Stopped] -- -- (vmparport)
SRV - File not found [Auto | Stopped] -- -- (tvtpktfilter)
SRV - File not found [Auto | Stopped] -- -- (qmofiltr)
SRV - File not found [Auto | Stopped] -- -- (pserve)
SRV - File not found [Auto | Stopped] -- -- (k750mdfl)
SRV - File not found [Auto | Stopped] -- -- (datasvr2)
SRV - File not found [Auto | Stopped] -- -- (clsched)
SRV - File not found [Auto | Stopped] -- -- (amdk77)
SRV - [2012/02/10 04:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/09 20:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/07 21:42:02 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/12 10:49:39 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- f:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/11/04 11:39:20 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/05/26 15:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 07:33:32 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\System32\YahooAUService.dll -- (knobserv)
SRV - [2008/01/19 07:33:32 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\agpcpq.dll -- (delldmi)
SRV - [2007/06/07 00:50:14 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)


========== Driver Services (SafeList) ==========

DRV - [2012/02/10 04:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/04/10 21:46:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/01/02 13:26:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/12/13 17:37:38 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/08/22 18:56:12 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/08/22 18:56:08 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/08/22 18:55:54 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/08/22 18:55:46 | 000,007,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/10 20:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/05/26 15:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2007/10/16 17:14:24 | 000,256,512 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW13B.sys -- (MRV6X32P)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/10/18 05:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | Auto | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/26 13:17:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/13 19:24:17 | 000,000,000 | ---D | M]

[2010/06/18 13:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2011/06/17 13:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\extensions
[2010/06/28 23:49:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/26 13:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/26 13:17:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/24 22:55:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/26 13:17:54 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/26 13:17:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/26 13:17:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/26 13:17:54 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/26 13:17:54 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/02/26 04:39:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [DLBTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000..\Run: [Steam] F:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (GameStop Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O15 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..Trusted Domains: mod.uk ([www.westminster] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E5E81D0-275A-46BF-84A0-ECC564B15F1F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB12445B-E6D0-47E8-832C-8FAC67E87EAF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA0E5921-34A6-45FB-A06D-F64850E85263}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3D88CD5-9C0B-4699-9FC5-727F8FD0DD72}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: qmofiltr - File not found
NetSvcs: pserve - File not found
NetSvcs: vmparport - File not found
NetSvcs: k750mdfl - File not found
NetSvcs: delldmi - C:\Windows\System32\agpcpq.dll (Oak Technology Inc.)
NetSvcs: knobserv - C:\Windows\System32\YahooAUService.dll (Oak Technology Inc.)
NetSvcs: tvtpktfilter - File not found
NetSvcs: datasvr2 - File not found
NetSvcs: amdk77 - File not found
NetSvcs: clsched - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 22:19:55 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/02/26 13:16:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/26 04:41:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/26 04:41:11 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\temp
[2012/02/26 04:25:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/26 02:54:04 | 004,419,501 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/02/26 01:22:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/26 01:21:54 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe
[2012/02/26 01:13:22 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\RK_Quarantine
[2012/02/25 02:46:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/25 02:46:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/25 02:46:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/25 02:46:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/25 02:45:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/25 02:08:28 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
[2012/02/24 23:16:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
[2012/02/24 22:59:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes
[2012/02/24 22:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 22:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/24 22:59:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/24 22:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/22 00:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/02/22 00:15:02 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/02/17 22:47:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\AVG2012
[2012/02/17 22:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/02/17 20:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/02/17 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/26 22:19:58 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/02/26 22:14:47 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/26 22:14:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/26 19:25:51 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/26 19:22:49 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 19:22:49 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 13:38:55 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/26 13:30:05 | 000,602,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/26 13:30:05 | 000,106,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/26 13:22:46 | 3488,145,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/26 13:22:45 | 264,002,753 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/26 13:16:54 | 000,362,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/26 13:13:02 | 000,000,512 | ---- | M] () -- C:\Users\Mark\Desktop\MBR.dat
[2012/02/26 06:06:39 | 000,002,032 | ---- | M] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2012/02/26 04:39:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/26 04:11:39 | 000,139,264 | ---- | M] () -- C:\Users\Mark\Desktop\SystemLook.exe
[2012/02/26 02:54:02 | 004,419,501 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/02/26 01:21:21 | 002,044,183 | ---- | M] () -- C:\Users\Mark\Desktop\tdsskiller.zip
[2012/02/26 01:13:06 | 001,251,328 | ---- | M] () -- C:\Users\Mark\Desktop\RogueKiller.exe
[2012/02/25 02:09:11 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
[2012/02/24 23:16:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
[2012/02/24 23:14:22 | 000,302,592 | ---- | M] () -- C:\Users\Mark\Desktop\jywt1xli.exe
[2012/02/24 22:59:03 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/22 16:55:20 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe
[2012/02/12 11:52:27 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/02/12 00:16:28 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/02/12 00:16:28 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/02/12 00:08:17 | 000,153,088 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/11 19:40:26 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/02/10 04:13:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/02/10 04:13:00 | 000,008,772 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2012/02/09 20:05:44 | 000,416,064 | ---- | M] () -- C:\Windows\System32\nvStreaming.exe
[2012/02/08 01:49:14 | 002,557,112 | ---- | M] () -- C:\Users\Mark\Documents\Induction Pack 2010 V2.1.pdf
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/26 13:38:55 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/26 13:16:43 | 3488,145,408 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/26 13:13:02 | 000,000,512 | ---- | C] () -- C:\Users\Mark\Desktop\MBR.dat
[2012/02/26 04:11:39 | 000,139,264 | ---- | C] () -- C:\Users\Mark\Desktop\SystemLook.exe
[2012/02/26 01:21:21 | 002,044,183 | ---- | C] () -- C:\Users\Mark\Desktop\tdsskiller.zip
[2012/02/26 01:13:03 | 001,251,328 | ---- | C] () -- C:\Users\Mark\Desktop\RogueKiller.exe
[2012/02/25 02:46:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/25 02:46:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/25 02:46:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/25 02:46:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/25 02:46:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/24 23:14:19 | 000,302,592 | ---- | C] () -- C:\Users\Mark\Desktop\jywt1xli.exe
[2012/02/24 22:59:03 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/22 00:15:02 | 000,008,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/02/12 11:06:51 | 264,002,753 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/09 20:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/02/08 01:42:25 | 002,557,112 | ---- | C] () -- C:\Users\Mark\Documents\Induction Pack 2010 V2.1.pdf
[2011/12/18 15:27:34 | 000,069,632 | ---- | C] () -- C:\Windows\UNINSTCC.EXE
[2011/08/21 13:23:23 | 000,000,000 | ---- | C] () -- C:\Users\Mark\AppData\Local\{A847AE50-89B7-42EA-85C7-1A7112475FBB}
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/14 13:08:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/14 13:06:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/09 15:10:19 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/09/17 12:04:37 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/08/13 15:07:43 | 000,005,097 | ---- | C] () -- C:\Windows\fred2_open_3_6_12r_INF.INI
[2010/08/13 15:07:37 | 000,000,453 | ---- | C] () -- C:\Windows\fred2_open_3_6_12d_INF.INI
[2010/06/29 21:36:11 | 000,004,592 | ---- | C] () -- C:\Windows\fred2_open_3_6_12_RC3r_INF.INI
[2010/06/29 21:36:06 | 000,000,453 | ---- | C] () -- C:\Windows\fred2_open_3_6_12_RC3d_INF.INI
[2010/06/18 13:36:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== LOP Check ==========

[2010/08/12 15:17:36 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Amazon
[2008/04/10 15:37:16 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Atari
[2012/02/17 22:47:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\AVG2012
[2010/10/31 13:39:48 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Bioshock
[2011/05/15 01:15:25 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Bioshock2
[2009/09/18 11:00:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Birdstep Technology
[2009/02/23 02:21:29 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2008/12/13 17:42:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools
[2011/12/18 15:20:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Lite
[2008/12/13 17:42:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Pro
[2008/03/01 20:39:09 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\eMule
[2009/07/19 20:44:49 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\kompozer.net
[2011/01/15 11:53:58 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Softland
[2009/06/09 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Stardock
[2011/03/15 14:37:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SystemRequirementsLab
[2009/03/04 10:47:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\The Creative Assembly
[2009/08/30 14:53:43 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Vodafone
[2012/02/25 03:07:20 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/01/19 13:55:26 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/02/26 04:41:09 | 000,011,640 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/02/26 13:22:46 | 3488,145,408 | -HS- | M] () -- C:\hiberfil.sys
[2008/03/01 22:42:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/29 01:13:14 | 004,194,322 | ---- | M] () -- C:\memory_map.tga
[2008/03/01 22:42:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/02/26 13:22:45 | 3801,743,360 | -HS- | M] () -- C:\pagefile.sys
[2008/04/04 16:30:53 | 000,000,436 | ---- | M] () -- C:\profile.txt
[2010/06/16 20:05:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/06/16 22:44:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/06/17 13:48:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/06/17 13:56:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/06/17 13:56:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/06/17 21:49:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/06/17 22:20:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/06/18 13:31:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/06/29 22:29:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2011/10/15 00:55:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/06/12 21:02:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/06/12 21:47:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/06/13 08:04:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/06/15 20:12:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/06/15 23:53:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/06/16 17:27:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/06/16 18:56:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/06/16 19:54:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/06/16 19:58:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/06/16 20:03:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/06/16 20:05:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/06/16 22:44:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/06/17 13:48:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/06/17 13:56:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/06/17 13:56:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/06/17 21:49:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/06/17 22:20:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/06/18 13:31:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/06/29 22:29:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2011/10/15 00:55:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/06/12 21:02:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/06/12 21:47:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/06/13 08:04:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/06/15 20:12:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/06/15 23:53:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/06/16 17:27:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/06/16 18:56:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/06/16 19:54:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/06/16 19:58:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/06/16 20:03:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2012/02/26 01:25:04 | 000,073,982 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_26.02.2012_01.22.01_log.txt
[2012/02/26 02:02:01 | 000,073,982 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_26.02.2012_02.01.21_log.txt
[2012/02/26 13:14:07 | 000,072,818 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_26.02.2012_13.13.10_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 12:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 12:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 12:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/03/14 13:24:29 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/01/30 08:44:30 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\system32\spool\prtprocs\w32x86\dlbtPP5C.DLL
[2007/06/27 12:04:44 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5k2.dll
[2006/11/02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/05/05 00:50:19 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2003/09/03 07:46:54 | 000,010,960 | ---- | M] () -- C:\Program Files\EULA.txt
[2003/12/18 11:33:46 | 000,020,102 | ---- | M] () -- C:\Program Files\Readme.txt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 10:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/08/30 14:46:57 | 000,000,574 | -HS- | M] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/02/25 02:09:11 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
[2012/02/26 02:54:02 | 004,419,501 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/02/24 23:14:22 | 000,302,592 | ---- | M] () -- C:\Users\Mark\Desktop\jywt1xli.exe
[2012/02/26 22:19:58 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/02/26 01:13:06 | 001,251,328 | ---- | M] () -- C:\Users\Mark\Desktop\RogueKiller.exe
[2012/02/26 04:11:39 | 000,139,264 | ---- | M] () -- C:\Users\Mark\Desktop\SystemLook.exe
[2012/02/22 16:55:20 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >
[2009/05/31 15:52:57 | 007,831,552 | ---- | M] () -- C:\Program Files\Common Files\01.mpeg
[2009/05/31 15:52:23 | 007,759,872 | ---- | M] () -- C:\Program Files\Common Files\02.mpeg
[2009/05/31 15:55:11 | 007,792,640 | ---- | M] () -- C:\Program Files\Common Files\03.mpeg
[2009/06/03 11:18:42 | 002,546,976 | ---- | M] () -- C:\Program Files\Common Files\032.wmv
[2009/06/09 15:25:03 | 000,000,349 | ---- | M] () -- C:\Program Files\Common Files\04.htm
[2009/05/31 15:55:22 | 007,794,688 | ---- | M] () -- C:\Program Files\Common Files\04.mpeg
[2009/06/17 08:58:29 | 002,260,966 | ---- | M] () -- C:\Program Files\Common Files\31.mpeg

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/02/22 00:19:21 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2012/02/22 00:18:49 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2009/05/05 00:49:23 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2009/05/05 00:49:23 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2012/02/22 00:18:49 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/08/30 14:46:57 | 000,000,402 | -HS- | M] () -- C:\Users\Mark\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2008/08/20 15:45:46 | 000,020,270 | ---- | M] () -- C:\ProgramData\DeviceInstaller.xml
[2009/04/07 12:42:58 | 000,141,006 | ---- | M] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010/03/22 15:36:22 | 000,003,499 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2009/05/05 00:47:10 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

< End of report >
 
OTL Extras logfile created on: 26/02/2012 22:20:37 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Mark\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 64.32% Memory free
6.69 Gb Paging File | 5.22 Gb Available in Paging File | 78.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 33.89 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
Drive F: | 596.17 Gb Total Space | 323.89 Gb Free Space | 54.33% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BC18B4-9BE5-4B0D-95DD-1DEAE912F848}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0807447A-C6F9-4D9C-9A61-B98A1CA3E09B}" = rport=139 | protocol=6 | dir=out | app=system |
"{137F10D9-4B3B-4ADF-A346-EA94F65BD68F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{23183349-5833-4A85-834E-D962346C7493}" = rport=137 | protocol=17 | dir=out | app=system |
"{29499B4A-704D-4402-B557-C78063B3F679}" = lport=138 | protocol=17 | dir=in | app=system |
"{5C1D4566-EB3C-47DC-99CB-A80943F9706C}" = lport=139 | protocol=6 | dir=in | app=system |
"{8281CFCA-53E1-49BF-8AC9-BECDC9607934}" = rport=445 | protocol=6 | dir=out | app=system |
"{88A12A1E-0A66-4358-85F8-FED951A6AAA8}" = lport=445 | protocol=6 | dir=in | app=system |
"{9ADF40E0-EB3D-49B9-8727-B202626CA3D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AFB4577B-3DD2-47D9-9FC5-9770B44A8722}" = rport=138 | protocol=17 | dir=out | app=system |
"{B16D6474-516D-4173-9A40-CB7071AFB016}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B46A6B7C-FE04-4D16-B741-E1966001ED0D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C2FBBEF2-2B77-4D3A-A9E4-5D9A8CCC8706}" = lport=137 | protocol=17 | dir=in | app=system |
"{C397A331-D12D-4D18-936E-04F3554A134E}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008F6C46-1FAA-4983-834A-FAB6AD5AA7B9}" = protocol=6 | dir=in | app=f:\games\sins of a solar empire\sins of a solar empire.exe |
"{01778757-D9A8-4A5E-8821-876B574157ED}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{01FC501C-9BE8-4B10-BA4A-B082EBEA1B01}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{0257176D-2AD9-403C-8CB4-725F135C4BAD}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{0431E83C-D632-48B7-BBA9-2EBF557BA160}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{05787772-D5CC-459B-B64B-A3E252510F79}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{0706E76C-C8AC-43FE-BCBE-6EB7F40658B9}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{096F44AC-7963-486E-A8B9-F52AD237EE9D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{09E14331-36E5-42FF-A329-2A43B35D2EAF}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{0A0FBA71-F897-4472-A457-180837AF8A72}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{0B9AAF7B-3D22-445A-86CF-98E57731CF5C}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{0BA1B331-C4F3-4783-8EF4-2A8849A6DFF9}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{0DC6EE34-0087-4DF3-BD39-D97A9BF12078}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{0E3C4439-41A0-401A-9EE5-07115A7214F6}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{133EBFD6-7463-4D34-A95D-14EC46F23BD3}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{13F078DD-C8EA-4041-89B5-E249408AD018}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\rage\rage.exe |
"{161E1148-63E7-4692-A15C-9503F593534F}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{1C6F9E3A-7A20-4B66-94A6-FA35E77F42ED}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{1DECE29F-3359-4DC7-975C-2D9C30DB9752}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{1F04675F-11C5-443F-B330-3B1115968641}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{21B300C2-3368-4074-A373-5D5FC0DC14C5}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{21C65B61-D123-412F-994C-49D1A832CB7E}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\empire total war\empire.exe |
"{21E4CE1D-A2B6-420F-ADBC-3349A1C02387}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{25B41BF3-06A0-437D-B8E2-0D2C0572627E}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{28E4FC94-655F-404D-A6BE-6324F7AF3C04}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{2AC24120-080C-4CB6-A1D5-4718A5BB319E}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\operation flashpoint dragon rising\mission editor\missioneditor.exe |
"{2B0E0B60-5D1B-49B3-90B5-F160C5219730}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{2CFF2B50-140F-4111-8D1A-1FA74F8D3BDC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{305706DA-9977-46F0-8761-75987A20B784}" = protocol=6 | dir=in | app=f:\program files\steam\steam.exe |
"{33776374-55EE-4EF6-920A-444C61ED83A0}" = protocol=6 | dir=in | app=f:\games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{33B026B4-789C-4742-80EC-EEA6F6F2D421}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{33ED90C9-6FF3-4EB1-BCB2-5068C10A4BF4}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{3427D8E6-A098-4220-B4F1-613705354E32}" = protocol=17 | dir=in | app=f:\games\sins of a solar empire\sins of a solar empire.exe |
"{34BFF2D8-45C8-4AC4-BEFF-C57F55908E65}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{35EB4F32-D083-41C1-AEB4-54E83132D9FB}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age ii\docs\ea help\electronic_arts_technical_support.htm |
"{36970E30-13FD-4AEA-8789-3688D92C16EA}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{37DB87B6-FAE0-444F-9D19-3152E6D39CC9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{3B9671C2-3A4F-4C58-9FB4-E152EE98E515}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{3BAE3D94-4325-47C0-A801-622C63E8A166}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{3DCBF330-AAD8-4447-8DA0-468F17C55866}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age ii\dragonage2launcher.exe |
"{415E1DA0-8D0F-4FCF-A93B-6BA817F9269E}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{41933A90-3DB8-4C94-830C-BFDA95C50ABC}" = protocol=17 | dir=in | app=c:\program files\ea games\mirror's edge\binaries\mirrorsedge.exe |
"{4349E900-365F-4CC4-AA86-A7288808C61F}" = protocol=6 | dir=in | app=f:\games\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{449380C7-CE90-4B4A-A8F8-37B6996A22D0}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{48B7760E-6D24-4095-95F0-EC827001858A}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{4BDE261B-2ED5-43F2-B5E4-59734785D0E3}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{4D345D96-A5AC-4812-B0F8-8C965989675C}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{4DCF6E14-7D21-4C82-8C9E-4329D2B3708D}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{4FD7C014-274D-43C5-A990-141E07E02155}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{502CA4C9-513E-4811-ACF7-3F958DE4207B}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{505CAAB7-76E2-4C2A-8753-55AE7C6F87FF}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"{50C72BA7-E36D-4076-926C-106B2D3E3CAE}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{51F044F9-F53A-4427-8665-B672AF832453}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{53905628-E6D8-4B51-B4DA-8090A0341277}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\rage\rage.exe |
"{5474D91E-D81D-49AC-B8DE-42BB6483D867}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{554B51BD-828A-443C-9233-9BEB0109CFAB}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{558CF4A9-7FAC-4DCD-8ABB-584602F0E45E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{56B00D06-8841-4068-8BCE-A0C211886E00}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\pr011\half-life source\hl2.exe |
"{57087CFB-AB8C-41EB-90C5-56DDBAA30DCA}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{590C3A54-343E-4344-8DB3-E55BCDD2D290}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{5954B4B9-0CA7-44AD-B852-A47F3906AA1F}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{5C22AC72-D217-4306-BA84-C717786EDCAE}" = protocol=17 | dir=in | app=f:\program files\steam\steam.exe |
"{5D3487C5-2E73-4BDC-80FC-1EE2660A8CED}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age ii\docs\ea help\electronic_arts_technical_support.htm |
"{5D4308B5-9818-4FB3-B901-F64B59D7BA5A}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{618C3424-E0BB-4C5A-9F6C-3D1A24CF1F5A}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\pr011\half-life source\hl2.exe |
"{6310E154-0396-4877-9D1B-23E0470C6B6A}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\empire total war\empire.exe |
"{63614048-429E-4185-82ED-2846F38067DA}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{6664355F-65F6-412A-9372-FE65FF8E1B16}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{688918B1-ABB5-4B7C-983A-2A23A9841A9C}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\tomb raider anniversary\tra.exe |
"{68B8A3C1-912D-453F-BCF0-2BE8A05DD48F}" = protocol=17 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{69AB6A78-86AF-4B50-B457-342FC87681C0}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{6A27ADB2-4183-4F54-80B5-00FDBBCD1CE6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\help.htm |
"{6C86BDF8-FC7E-4C65-9933-86B561EE2046}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{6D3D314F-E9BF-421C-9293-BBDB3ED0FA75}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{6E353E66-7E15-464A-AF44-35FE9AB30EB2}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{6EEA4F9D-001E-4F0D-BC21-5BC257CCFF95}" = protocol=6 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{6FB5FDFA-8F22-4E34-9EF1-748ABE9D9189}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{71B0648B-0D8F-4FFC-B2A9-6D7794C7DFA7}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{74886412-F34F-4E16-92F1-4316286E2FD7}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{7662BF3A-7E65-4C6C-A6EE-8B161C6C2CE9}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age ii\dragonage2launcher.exe |
"{767BF368-4991-4EA3-8B11-F57369757F37}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{7727995C-32D5-4B41-A08E-E00E327DE1CF}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{78CBFE3A-7E22-435B-B7D2-38943AB4193B}" = protocol=17 | dir=in | app=f:\games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{794029BF-9A4B-47E4-AFBB-D105939965F4}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{79440646-0737-40D3-86D6-F2EE6D71F675}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{79B41859-BC7F-4616-AA21-D6BAA1AFB505}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age ii\docs\ea help\electronic_arts_technical_support.htm |
"{7C746ACE-64AB-4FD8-AC04-5EDF247D2071}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\the witcher 2\launcher.exe |
"{7FD84539-D02F-49D3-A6DB-12072E1BFACD}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\empire total war\empire.exe |
"{809AD6A8-A1E0-42C1-8107-2523BCAD12D7}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\operation flashpoint dragon rising\mission editor\missioneditor.exe |
"{8167A177-B360-4564-A717-F6A0AC892EAD}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{8201C254-7580-4A5B-BF86-4B3022C256BD}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\empire total war\empire.exe |
"{8284EE3D-A997-42FE-BD9F-CE7CAB9B3DB0}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{83A64509-D2B6-4FE0-878B-2F8BA440C2CD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{878E8934-FFE6-44C6-AB2A-ECFBD1333BDC}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\tomb raider anniversary\tra.exe |
"{8C16C9C2-41E6-4845-9E56-7B8B10FCC95E}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{8D9F2287-DA6F-4B65-95AC-3884D5E554E1}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{8E97E2DD-3A7F-4F44-BCA2-08CD56918E3E}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\the witcher 2\launcher.exe |
"{8EE38F5A-08C8-46CB-84E1-6B4B37F6FCFB}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{8FE1F05F-76A1-4DE0-BFA4-78BE3068DAE7}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\help.htm |
"{909F3301-EB25-4C5E-AC67-66122B9963CF}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{936EA84B-EFAA-4FDD-A1E4-9453982CAD07}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{95C79D05-98B5-4C71-9403-85189FB08883}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{9696B5F1-C819-4AF4-95FE-70554FF5DEB4}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{9879BF26-B511-4E25-9260-15406842A0A2}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dead island\deadislandgame.exe |
"{98C99B63-0141-4FF6-AB65-943B30FFE3B8}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{99AA9B95-8B9D-4CAB-8BB6-46AB7B95E617}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{9DCE9612-8FDA-4843-BE29-650C79CEA6F9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{9EB7EDB6-C3E1-4EFF-8195-86249FF3FB1F}" = protocol=6 | dir=in | app=c:\program files\ea games\mirror's edge\binaries\mirrorsedge.exe |
"{9FC04822-50A4-4B0B-8E24-A135C5EAD4DF}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{A1C6BFE3-A252-49A2-9157-25B0917F9776}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"{A336057A-A8AC-4C22-9548-06660004F38A}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{A38F76AF-831C-4ABC-9B77-4823C6857C70}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A457D4A7-0C95-47FC-B246-F642D37DBEA5}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{ABEECE16-A355-4FBE-A48D-73BF8663B3DD}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"{AC0B47D9-D7EF-4F41-93C0-65D21CAEA479}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{ACCC307D-ABFC-409D-9B9F-3D5E47945F9C}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{ACD262BE-DA5B-4B47-A8D6-C92108826B7B}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{AF4BBF70-555C-441E-975C-7BAE28B2702A}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{AF61D5B4-4E8C-455A-BC12-EEBD7B109683}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{B05755F7-4D92-4CBD-8052-E91C793AA470}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{B0EF04A0-C79F-4699-8492-1ECB26FC08BB}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{BB4B0C5F-E4DF-425A-A291-36EC71D9A957}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\help.htm |
"{BC6E3BD2-4E2E-4769-AD71-B2CE853401DF}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{BE3F5022-D01B-41F7-929F-1A73B76E66F9}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{C19A4E47-4029-4CD4-BEC7-DDFF03701046}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{C3C670E6-E4B4-4163-B2EB-653DDAA2E955}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{C6E6864B-22D5-4D8E-AA45-AC7054F3CE53}" = protocol=17 | dir=in | app=f:\games\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{C75B2660-A2A3-47D0-A7CA-7AB878C19773}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age ii\docs\ea help\electronic_arts_technical_support.htm |
"{CB2452DB-A993-44CC-BA9A-2D6A455A0CA2}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{CB2E0ADE-3E43-4379-943B-A7521488C17D}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{CC0655CE-DF6D-421C-A9F7-EB1BD81C2AD6}" = protocol=6 | dir=in | app=c:\windows\system32\dlbtcoms.exe |
"{CE6887EF-0051-4905-B4C1-4406B3A8FAE3}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{CEE0F319-5C03-4AB3-A4E2-0A16AC1A840B}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{D14F3401-FC67-4EE4-B860-AB293E06DD7B}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{D2000876-3821-4909-9655-BAA181DA1C83}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{D37B6E5C-6C56-4D36-AC47-53A4AB8FA71B}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{D3FFA52F-58C6-4EB0-A704-E8E9FCC349F6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D4E2ABCB-30DC-4BB0-B515-EE951496ACF5}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{D62A5EAA-ADAC-497B-8A92-87A0E559C8BE}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{D76CB2A2-1BC9-4B17-B637-FE1E96A5E463}" = protocol=17 | dir=in | app=c:\windows\system32\dlbtcoms.exe |
"{DA873AC3-E6A1-46F0-BAEE-F4093CD6BE8A}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{DAD75AAE-AE79-49E9-AAEC-B1BF6870ED61}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{DD112A56-6331-4971-99E7-1859009ACD2B}" = protocol=6 | dir=in | app=f:\games\sins of a solar empire\sins of a solar empire.exe |
"{DE92461D-2E3F-47CE-BBCB-2ACEB58A5448}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{DF1160FB-750B-4C77-93E8-2CC33081B25E}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dead island\deadislandgame.exe |
"{DF272278-BB2D-46A3-AA93-A01E174A9F6E}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age ii\dragonage2launcher.exe |
"{E02E04F3-A593-44D9-B128-626E6893D063}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{E30179E3-DD01-46BB-9B13-A607837B4FBD}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\tomb raider anniversary\tra.exe |
"{E52794A7-FFB8-48B9-B5A3-1E0FD4CC7C79}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age ii\dragonage2launcher.exe |
"{E547072A-AD75-4C5A-B441-5771D242EC05}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\pr011\garrysmod\hl2.exe |
"{EAA465FA-BFB8-498F-BD1B-E96A631E666F}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\help.htm |
"{EE2711B6-FE41-458A-B62B-03E169693429}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{EFDBFF13-685C-4519-87BD-D4F8D031F60E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F61DF866-8DAA-41D2-AB92-9AB9E80BD9C9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{F703B6BC-9F0B-49B4-8BDA-B58C75EF9E00}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{F774DFE1-6A31-448B-8A6D-542ECDA42785}" = protocol=17 | dir=in | app=f:\games\sins of a solar empire\sins of a solar empire.exe |
"{FB2928DB-09EF-4CAE-8991-6DB6EDAD5853}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\tomb raider anniversary\tra.exe |
"{FCB761CC-86FC-4746-96C0-1B44B2B38EC0}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{FD0B2D48-08BB-4B0C-A8E2-344AD699E99B}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{FD2F91BF-5385-4395-86EB-18B85899C949}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"{FDC294C4-2890-4B3B-9025-BF784321037A}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{FE65657D-207A-4134-86A6-18059CE681C5}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{FECCABA1-2D6E-4BB5-A4DE-DDF34AD63B2C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{FF245D15-3BD4-4763-A4EE-3261A92615B2}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\pr011\garrysmod\hl2.exe |
"TCP Query User{00F0EF41-50EC-4D7B-A271-44719BC0E8D9}F:\program files\steam\steamapps\pr011\half-life deathmatch source\hl2.exe" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\pr011\half-life deathmatch source\hl2.exe |
"TCP Query User{0B08D8F2-CB69-4C17-BE31-76E4884AAC97}C:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{1BA19CBA-06F2-45C7-AF0C-952436580FB2}C:\program files\steam\steamapps\pr011\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pr011\team fortress 2\hl2.exe |
"TCP Query User{1C96B53A-EC4D-49D5-8C36-1A35F26D0949}C:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe |
"TCP Query User{2372224C-40C0-4263-96B2-71ED2721587B}F:\games\freespace2\fs2_open_3_6_12r_inf.exe" = protocol=6 | dir=in | app=f:\games\freespace2\fs2_open_3_6_12r_inf.exe |
"TCP Query User{297B4339-B0E9-4B72-886B-172BB9AA4512}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{46FDB92C-AB62-4C85-B9D8-A41402ABF61D}C:\program files\steam\steamapps\common\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"TCP Query User{499C7920-B5E5-4713-90B7-BCFDCA1F9FCE}F:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{50D9C5E0-59D1-49BC-9565-C381D2ADF043}F:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{51BFCE68-6349-40BC-8F12-C416C9BF899C}F:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{6030F31E-D408-4875-8386-580BD8C28A3A}F:\program files\reality pump\the moon project\themoonproject.exe" = protocol=6 | dir=in | app=f:\program files\reality pump\the moon project\themoonproject.exe |
"TCP Query User{67603E8C-8E52-4100-A69F-E454DCCFBE3D}C:\games\freespace2\fs2_open_3_6_9.exe" = protocol=6 | dir=in | app=c:\games\freespace2\fs2_open_3_6_9.exe |
"TCP Query User{853E78A5-203A-427F-A4C9-382D635D187E}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{85606083-88A3-4BE9-BBA1-439477E1C936}F:\program files\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=6 | dir=in | app=f:\program files\sierra\homeworld2\bin\release\homeworld2.exe |
"TCP Query User{86CC3F2F-A100-4020-B3DA-37F84A17EC1A}C:\program files\steam\steamapps\pr011\half-life deathmatch source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pr011\half-life deathmatch source\hl2.exe |
"TCP Query User{8760D247-4D5F-42BD-8A71-9583FA53BE89}F:\program files\reality pump\the moon project\themoonproject.exe" = protocol=6 | dir=in | app=f:\program files\reality pump\the moon project\themoonproject.exe |
"TCP Query User{907D4A38-C44E-4705-B15C-D68AEA0729D0}C:\program files\steam\steamapps\pr011\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pr011\garrysmod\hl2.exe |
"TCP Query User{90B94426-33A1-43FE-8BD3-405EFCB88962}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{90E8F04F-6BAF-42A7-97E2-7C19F6FCF53B}C:\program files\vivendi\judge dredd - dredd vs death\dredd.exe" = protocol=6 | dir=in | app=c:\program files\vivendi\judge dredd - dredd vs death\dredd.exe |
"TCP Query User{9E77BE63-5ECB-463A-9ACD-A50C71CBFE7E}F:\program files\steam\steam.exe" = protocol=6 | dir=in | app=f:\program files\steam\steam.exe |
"TCP Query User{AE6CBEA0-6C39-4B37-A51D-FDC6EE473012}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{BB8833F6-6218-4CFF-BD44-75ED18561809}F:\games\freespace2\fs2_open_ant_7r_inf.exe" = protocol=6 | dir=in | app=f:\games\freespace2\fs2_open_ant_7r_inf.exe |
"TCP Query User{BD4D0A56-8389-45B3-B0EC-A7E669F2D3F7}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{C03F3AD9-ADD6-4A73-A873-511422079EA6}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{CC7A4E68-7053-43D2-B703-19A963B54635}F:\program files\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"TCP Query User{CF451374-2ED6-4CEA-A89C-5FEFAC5576B9}F:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{D4A91C6D-B35B-426F-88BC-E1BD30757743}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{D780B9D3-4DA8-4671-A6AF-618C3F9FBE0D}F:\games\freespace2\fs2_open_3_6_12d_inf.exe" = protocol=6 | dir=in | app=f:\games\freespace2\fs2_open_3_6_12d_inf.exe |
"TCP Query User{D9A58521-4236-4E42-845A-1266829F68E4}C:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe" = protocol=6 | dir=in | app=c:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe |
"TCP Query User{DC5C0835-9732-406C-849A-0D5CCA4982E6}F:\games\freespace2\fs2_open_3_6_12_rc3r_inf.exe" = protocol=6 | dir=in | app=f:\games\freespace2\fs2_open_3_6_12_rc3r_inf.exe |
"TCP Query User{E19BDB5B-3765-43DC-B8C7-ED12EBD4D628}F:\games\freespace2\fs2_open_3_6_9.exe" = protocol=6 | dir=in | app=f:\games\freespace2\fs2_open_3_6_9.exe |
"TCP Query User{F18D6F73-329D-45F4-81BF-A614701E5A06}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0FF58166-A65E-4236-9379-79A571AEDBD0}F:\program files\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=17 | dir=in | app=f:\program files\sierra\homeworld2\bin\release\homeworld2.exe |
"UDP Query User{1FC1BA28-8C64-4250-9143-C5AC13AB4E85}F:\program files\reality pump\the moon project\themoonproject.exe" = protocol=17 | dir=in | app=f:\program files\reality pump\the moon project\themoonproject.exe |
"UDP Query User{25ED52D8-6888-466A-8255-8F2869B272D5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2CB0A7F9-9650-478B-8CAB-CBBA1219B0BE}C:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe" = protocol=17 | dir=in | app=c:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe |
"UDP Query User{31CAAEB2-6834-45D1-AFC2-FA9AE55FAB16}F:\program files\steam\steamapps\pr011\half-life deathmatch source\hl2.exe" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\pr011\half-life deathmatch source\hl2.exe |
"UDP Query User{38C9E35B-ABCF-4E57-9911-3A87D064AF8E}F:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{3A74CA3E-A3A9-4EB6-9870-8813007539C5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{3B32E87E-53BA-4A76-80B0-70444C2DDE57}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{3D3C8E7E-A97D-4689-8BF7-9EB2E80675D6}C:\program files\steam\steamapps\pr011\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pr011\team fortress 2\hl2.exe |
"UDP Query User{4ABE5ABF-4561-499D-89F6-E9F5F9B924EA}F:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{54B3FD1B-C086-43D4-8A68-40392229AFC1}F:\games\freespace2\fs2_open_3_6_12_rc3r_inf.exe" = protocol=17 | dir=in | app=f:\games\freespace2\fs2_open_3_6_12_rc3r_inf.exe |
"UDP Query User{60876B65-A98E-4389-BB0E-76EFC3D222F7}F:\games\freespace2\fs2_open_3_6_12r_inf.exe" = protocol=17 | dir=in | app=f:\games\freespace2\fs2_open_3_6_12r_inf.exe |
"UDP Query User{627C7FA0-9FA9-4BA7-9221-0BD6CA4E51F6}C:\program files\steam\steamapps\common\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"UDP Query User{6690C15B-4E66-4E1D-9D4A-61C74B86DB59}C:\program files\steam\steamapps\pr011\half-life deathmatch source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pr011\half-life deathmatch source\hl2.exe |
"UDP Query User{67FA554F-615F-4E26-A591-BD3C2956BFAD}F:\games\freespace2\fs2_open_3_6_9.exe" = protocol=17 | dir=in | app=f:\games\freespace2\fs2_open_3_6_9.exe |
"UDP Query User{6C244D8A-1FA4-4352-8359-46017310A077}C:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe |
"UDP Query User{71E2D498-DD91-4D58-88E5-094B4FBB21AE}F:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{7F8B74FC-46A3-4A53-80A4-5332C3EFE0AA}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{85FBAFCF-5419-4BA3-BCE8-194E02908F5D}F:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{87880297-D554-4867-8AB9-1FEAD82A2A36}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{87E2AC77-C45E-401C-B3E8-0761F41C8012}C:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{933E0FC6-2141-4430-A24D-0D06626A25B5}F:\games\freespace2\fs2_open_3_6_12d_inf.exe" = protocol=17 | dir=in | app=f:\games\freespace2\fs2_open_3_6_12d_inf.exe |
"UDP Query User{A147EADF-C4A5-41E4-9C6A-6992D8B97A95}C:\program files\steam\steamapps\pr011\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pr011\garrysmod\hl2.exe |
"UDP Query User{B13E508B-1645-4EF7-A510-817A83A3167A}C:\program files\vivendi\judge dredd - dredd vs death\dredd.exe" = protocol=17 | dir=in | app=c:\program files\vivendi\judge dredd - dredd vs death\dredd.exe |
"UDP Query User{C082E202-7DF2-483F-811A-0A338636C602}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{CCB5E925-9A97-4A47-8C54-893BBFF2C097}F:\games\freespace2\fs2_open_ant_7r_inf.exe" = protocol=17 | dir=in | app=f:\games\freespace2\fs2_open_ant_7r_inf.exe |
"UDP Query User{D6E39775-B4B9-45A1-B62B-3055129F6435}F:\program files\steam\steam.exe" = protocol=17 | dir=in | app=f:\program files\steam\steam.exe |
"UDP Query User{E03A6F4E-35BD-4348-A7C2-07564DF87BFE}C:\games\freespace2\fs2_open_3_6_9.exe" = protocol=17 | dir=in | app=c:\games\freespace2\fs2_open_3_6_9.exe |
"UDP Query User{E4A50401-9C84-4D7F-90A5-5BBFD9BDF227}F:\program files\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"UDP Query User{E4F3E9EF-4983-4ACB-BC4C-0858AAC5C5BE}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{F7294918-A43E-4BCA-8A5C-6F0BEEFF28DB}F:\program files\reality pump\the moon project\themoonproject.exe" = protocol=17 | dir=in | app=f:\program files\reality pump\the moon project\themoonproject.exe |
"UDP Query User{F82E8A06-D6DA-481A-A89D-607F72CA0E7C}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0CA49C4E-7B1C-460c-9DB8-4A7160CDF8D1}" = ProductContext
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1DEF8B27-D75B-4f2a-B723-C506047D1438}" = K8600
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{3A98125E-B0AC-47E4-80D7-75DF75B13AA1}" = BPDSoftware_Ini
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{44B44E0E-B7F8-45D2-9B1F-B073D337A097}" = BPD_HPSU
"{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads!
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8AB184-EE5E-4277-BB68-C352BE13DD7B}" = 8600_Help
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69B078F7-E057-4488-AE6B-CB7BBEEE8DA6}" = HP Officejet Pro K8600 Series
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B3776EC-5F0A-4996-A7DF-BB5DA95B240E}" = Vodafone Mobile Connect
"{8D10D317-F8E0-4493-99AE-F6ADBB223553}" = BPDSoftware
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 295.73
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BAB0F8F5-282A-45F1-B31A-EB894827456B}" = MPM
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFA76A76-03CF-43AC-AAB4-E2E3DACE4E02}" = Vodafone Mobile Connect Lite Runtime Components
"{CFB61C36-61C9-46E9-8AA3-6E5A896AC989}" = 8600_Readme
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads!
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner (remove only)
"Command & Conquer 95" = Command & Conquer Windows 95
"Creative Jukebox Driver" = Creative Jukebox Driver
"doPDF 7 printer_is1" = doPDF 7.2 printer
"EADM" = EA Download Manager
"Earth 2150" = Earth 2150
"eMule" = eMule
"FreeSpace2" = FreeSpace 2
"Galactic Civilizations" = Galactic Civilizations
"Google Updater" = Google Updater
"Homeworld2" = Homeworld2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"Impulse" = Impulse
"InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"IvanView" = IvanView
"Knights and Merchants - The Peasants Rebellion_is1" = Knights and Merchants - The Peasants Rebellion
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motherboard Monitor 5_is1" = Motherboard Monitor 5
"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)
"MS Access 97 SP2" = MS Access 97 SP2
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oni" = Oni
"OpenAL" = OpenAL
"Orion2DeinstKey" = Master of Orion II
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment
"StarLancer 1.0" = Microsoft StarLancer
"Steam App 12830" = Operation Flashpoint: Dragon Rising
"Steam App 17450" = Dragon Age: Origins
"Steam App 20920" = The Witcher 2
"Steam App 22380" = Fallout: New Vegas
"Steam App 22690" = Worms Reloaded Demo
"Steam App 24980" = Mass Effect 2
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 41800" = Gratuitous Space Battles
"Steam App 4570" = Warhammer 40,000: Dawn of War Gold Edition
"Steam App 4580" = Warhammer 40,000: Dawn of War – Dark Crusade
"Steam App 47730" = Dragon Age: Origins - Awakening
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7670" = BioShock
"Steam App 8000" = Tomb Raider: Anniversary
"Steam App 8850" = BioShock 2
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 8980" = Borderlands
"Steam App 91310" = Dead Island
"Steam App 9200" = RAGE
"Steam App 9310" = Warhammer 40,000: Dawn of War – Winter Assault
"SystemRequirementsLab" = System Requirements Lab
"The Moon Project" = The Moon Project
"VLC media player" = VLC media player 1.1.7
"Warzone 2100" = Warzone 2100
"WinRAR archiver" = WinRAR archiver
"ZTE_MF6X6_USB_MODEM_1.2050.0.6" = ZTE_MF6X6_USB_MODEM_1.2050.0.6

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/06/2010 15:09:33 | Computer Name = mark-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 06/06/2010 16:29:48 | Computer Name = mark-PC | Source = Application Error | ID = 1000
Description = Faulting application MassEffect2.exe, version 1.1.1599.0, time stamp
0x4b7ae7c3, faulting module MassEffect2.exe, version 1.1.1599.0, time stamp 0x4b7ae7c3,
exception code 0xc0000005, fault offset 0x005122e0, process id 0x1654, application
start time 0x01cb05b6b6027c6a.

Error - 11/06/2010 16:59:25 | Computer Name = mark-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 15/06/2010 15:37:01 | Computer Name = mark-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 15/06/2010 20:14:11 | Computer Name = mark-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18904 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 12d0 Start Time: 01cb0ce5e6251890 Termination Time: 0

Error - 17/06/2010 18:34:00 | Computer Name = mark-PC | Source = Google Update | ID = 20
Description =

Error - 18/06/2010 16:32:05 | Computer Name = mark-PC | Source = Google Update | ID = 20
Description =

Error - 18/06/2010 17:32:05 | Computer Name = mark-PC | Source = Google Update | ID = 20
Description =

Error - 18/06/2010 17:45:52 | Computer Name = mark-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 18/06/2010 17:46:07 | Computer Name = mark-PC | Source = MsiInstaller | ID = 11706
Description =

[ System Events ]
Error - 26/02/2012 09:23:45 | Computer Name = mark-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 26/02/2012 09:23:45 | Computer Name = mark-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 26/02/2012 09:23:45 | Computer Name = mark-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 26/02/2012 09:23:45 | Computer Name = mark-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 26/02/2012 09:23:45 | Computer Name = mark-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 26/02/2012 09:23:45 | Computer Name = mark-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 26/02/2012 09:23:45 | Computer Name = mark-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 26/02/2012 09:23:45 | Computer Name = mark-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 26/02/2012 09:23:45 | Computer Name = mark-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 26/02/2012 14:11:58 | Computer Name = mark-PC | Source = Schannel | ID = 36874
Description = An SSL connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.


< End of report >
 
Can you check if IE is getting redirected as well?

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
 
I have started IE up a few times and it does not appear to be redirected.

I will run the tool now, log to follow.

Thanks again for your help
 
GooredFix by jpshortstuff (03.07.10.1)
Log created at 23:57 on 26/02/2012 (Mark)
Firefox version 10.0.2 (en-GB)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [13:36 18/06/2010]

C:\Users\Mark\Application Data\Mozilla\Firefox\Profiles\yqgk2812.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [23:49 28/06/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [12:41 05/05/2009]

-=E.O.F=-
 
02:43:58.0433 4600 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
02:43:58.0558 4600 ============================================================
02:43:58.0558 4600 Current date / time: 2012/02/27 02:43:58.0558
02:43:58.0558 4600 SystemInfo:
02:43:58.0558 4600
02:43:58.0558 4600 OS Version: 6.0.6002 ServicePack: 2.0
02:43:58.0558 4600 Product type: Workstation
02:43:58.0558 4600 ComputerName: MARK-PC
02:43:58.0558 4600 UserName: Mark
02:43:58.0558 4600 Windows directory: C:\Windows
02:43:58.0558 4600 System windows directory: C:\Windows
02:43:58.0558 4600 Processor architecture: Intel x86
02:43:58.0558 4600 Number of processors: 4
02:43:58.0558 4600 Page size: 0x1000
02:43:58.0558 4600 Boot type: Normal boot
02:43:58.0558 4600 ============================================================
02:44:00.0836 4600 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:44:00.0836 4600 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:44:00.0851 4600 \Device\Harddisk0\DR0:
02:44:00.0851 4600 MBR used
02:44:00.0851 4600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
02:44:00.0851 4600 \Device\Harddisk1\DR1:
02:44:00.0851 4600 MBR used
02:44:00.0851 4600 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
02:44:00.0898 4600 Initialize success
02:44:00.0898 4600 ============================================================
02:44:02.0910 5060 ============================================================
02:44:02.0910 5060 Scan started
02:44:02.0910 5060 Mode: Manual;
02:44:02.0910 5060 ============================================================
02:44:05.0001 5060 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
02:44:05.0016 5060 ACPI - ok
02:44:05.0094 5060 ADIHdAudAddService (81a61c3fe6f0f8c084c9a80b584cce21) C:\Windows\system32\drivers\ADIHdAud.sys
02:44:05.0094 5060 ADIHdAudAddService - ok
02:44:05.0126 5060 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
02:44:05.0141 5060 adp94xx - ok
02:44:05.0157 5060 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
02:44:05.0172 5060 adpahci - ok
02:44:05.0188 5060 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
02:44:05.0188 5060 adpu160m - ok
02:44:05.0219 5060 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
02:44:05.0219 5060 adpu320 - ok
02:44:05.0344 5060 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
02:44:05.0360 5060 AFD - ok
02:44:05.0391 5060 AFGMp50 - ok
02:44:05.0438 5060 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\AFGSp50.sys
02:44:05.0438 5060 AFGSp50 - ok
02:44:05.0547 5060 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
02:44:05.0547 5060 agp440 - ok
02:44:05.0578 5060 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
02:44:05.0578 5060 aic78xx - ok
02:44:05.0640 5060 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
02:44:05.0640 5060 aliide - ok
02:44:05.0687 5060 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
02:44:05.0687 5060 amdagp - ok
02:44:05.0703 5060 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
02:44:05.0703 5060 amdide - ok
02:44:05.0734 5060 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
02:44:05.0734 5060 AmdK7 - ok
02:44:05.0781 5060 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
02:44:05.0781 5060 AmdK8 - ok
02:44:05.0843 5060 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
02:44:05.0843 5060 arc - ok
02:44:05.0890 5060 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
02:44:05.0890 5060 arcsas - ok
02:44:05.0921 5060 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
02:44:05.0921 5060 AsyncMac - ok
02:44:05.0968 5060 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
02:44:05.0968 5060 atapi - ok
02:44:06.0030 5060 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
02:44:06.0030 5060 Beep - ok
02:44:06.0062 5060 blbdrive - ok
02:44:06.0108 5060 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
02:44:06.0124 5060 bowser - ok
02:44:06.0155 5060 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
02:44:06.0155 5060 BrFiltLo - ok
02:44:06.0186 5060 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
02:44:06.0186 5060 BrFiltUp - ok
02:44:06.0218 5060 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
02:44:06.0218 5060 Brserid - ok
02:44:06.0233 5060 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
02:44:06.0249 5060 BrSerWdm - ok
02:44:06.0264 5060 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
02:44:06.0264 5060 BrUsbMdm - ok
02:44:06.0280 5060 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
02:44:06.0280 5060 BrUsbSer - ok
02:44:06.0311 5060 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
02:44:06.0311 5060 BTHMODEM - ok
02:44:06.0452 5060 catchme - ok
02:44:06.0514 5060 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
02:44:06.0514 5060 cdfs - ok
02:44:06.0545 5060 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
02:44:06.0545 5060 cdrom - ok
02:44:06.0576 5060 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
02:44:06.0576 5060 circlass - ok
02:44:06.0623 5060 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
02:44:06.0623 5060 CLFS - ok
02:44:06.0654 5060 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
02:44:06.0654 5060 cmdide - ok
02:44:06.0686 5060 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
02:44:06.0686 5060 Compbatt - ok
02:44:06.0717 5060 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
02:44:06.0717 5060 crcdisk - ok
02:44:06.0748 5060 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
02:44:06.0748 5060 Crusoe - ok
02:44:06.0857 5060 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
02:44:06.0857 5060 DfsC - ok
02:44:07.0060 5060 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
02:44:07.0076 5060 disk - ok
02:44:07.0294 5060 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
02:44:07.0310 5060 Dot4 - ok
02:44:07.0388 5060 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
02:44:07.0388 5060 Dot4Print - ok
02:44:07.0450 5060 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
02:44:07.0466 5060 dot4usb - ok
02:44:07.0559 5060 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
02:44:07.0559 5060 drmkaud - ok
02:44:07.0700 5060 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
02:44:07.0715 5060 DXGKrnl - ok
02:44:07.0809 5060 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
02:44:07.0840 5060 E1G60 - ok
02:44:07.0887 5060 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
02:44:07.0887 5060 Ecache - ok
02:44:07.0949 5060 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
02:44:07.0949 5060 elxstor - ok
02:44:08.0012 5060 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
02:44:08.0012 5060 exfat - ok
02:44:08.0074 5060 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
02:44:08.0074 5060 fastfat - ok
02:44:08.0121 5060 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
02:44:08.0121 5060 fdc - ok
02:44:08.0168 5060 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
02:44:08.0168 5060 FileInfo - ok
02:44:08.0214 5060 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
02:44:08.0214 5060 Filetrace - ok
02:44:08.0246 5060 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
02:44:08.0246 5060 flpydisk - ok
02:44:08.0261 5060 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
02:44:08.0277 5060 FltMgr - ok
02:44:08.0308 5060 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
02:44:08.0308 5060 Fs_Rec - ok
02:44:08.0355 5060 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
02:44:08.0355 5060 gagp30kx - ok
02:44:08.0464 5060 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
02:44:08.0464 5060 HdAudAddService - ok
02:44:08.0698 5060 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:44:08.0729 5060 HDAudBus - ok
02:44:08.0776 5060 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
02:44:08.0776 5060 HidBth - ok
02:44:08.0792 5060 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
02:44:08.0792 5060 HidIr - ok
02:44:08.0838 5060 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
02:44:08.0838 5060 HidUsb - ok
02:44:08.0870 5060 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
02:44:08.0870 5060 HpCISSs - ok
02:44:08.0979 5060 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
02:44:08.0994 5060 HTTP - ok
02:44:09.0041 5060 hwdatacard (4154079a88089155d10168333b19627f) C:\Windows\system32\DRIVERS\ewusbmdm.sys
02:44:09.0041 5060 hwdatacard - ok
02:44:09.0057 5060 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
02:44:09.0057 5060 i2omp - ok
02:44:09.0119 5060 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
02:44:09.0119 5060 i8042prt - ok
02:44:09.0150 5060 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
02:44:09.0166 5060 iaStorV - ok
02:44:09.0197 5060 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
02:44:09.0197 5060 iirsp - ok
02:44:09.0213 5060 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
02:44:09.0213 5060 intelide - ok
02:44:09.0260 5060 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
02:44:09.0275 5060 intelppm - ok
02:44:09.0369 5060 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:44:09.0369 5060 IpFilterDriver - ok
02:44:09.0384 5060 IpInIp - ok
02:44:09.0431 5060 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
02:44:09.0431 5060 IPMIDRV - ok
02:44:09.0478 5060 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
02:44:09.0478 5060 IPNAT - ok
02:44:09.0540 5060 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
02:44:09.0540 5060 IRENUM - ok
02:44:09.0587 5060 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
02:44:09.0587 5060 isapnp - ok
02:44:09.0634 5060 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
02:44:09.0634 5060 iScsiPrt - ok
02:44:09.0790 5060 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
02:44:09.0790 5060 iteatapi - ok
02:44:09.0806 5060 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
02:44:09.0821 5060 iteraid - ok
02:44:09.0946 5060 jbridgep - ok
02:44:10.0055 5060 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
02:44:10.0055 5060 kbdclass - ok
02:44:10.0149 5060 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
02:44:10.0164 5060 kbdhid - ok
02:44:10.0305 5060 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
02:44:10.0336 5060 KSecDD - ok
02:44:10.0367 5060 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
02:44:10.0367 5060 lltdio - ok
02:44:10.0430 5060 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
02:44:10.0430 5060 LSI_FC - ok
02:44:10.0476 5060 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
02:44:10.0492 5060 LSI_SAS - ok
02:44:10.0523 5060 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
02:44:10.0523 5060 LSI_SCSI - ok
02:44:10.0570 5060 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
02:44:10.0570 5060 luafv - ok
02:44:10.0664 5060 massfilter (6490fe1b088c7199a9b6ce0e04a98a8b) C:\Windows\system32\DRIVERS\massfilter.sys
02:44:10.0664 5060 massfilter - ok
02:44:10.0710 5060 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
02:44:10.0710 5060 MBAMProtector - ok
02:44:10.0773 5060 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
02:44:10.0773 5060 mbmiodrvr - ok
02:44:10.0804 5060 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
02:44:10.0804 5060 megasas - ok
02:44:10.0835 5060 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
02:44:10.0835 5060 Modem - ok
02:44:10.0882 5060 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
02:44:10.0882 5060 monitor - ok
02:44:10.0913 5060 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
02:44:10.0913 5060 mouclass - ok
02:44:10.0944 5060 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
02:44:10.0944 5060 mouhid - ok
02:44:10.0976 5060 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
02:44:10.0976 5060 MountMgr - ok
02:44:11.0022 5060 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
02:44:11.0022 5060 mpio - ok
02:44:11.0054 5060 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
02:44:11.0054 5060 mpsdrv - ok
02:44:11.0085 5060 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
02:44:11.0085 5060 Mraid35x - ok
02:44:11.0147 5060 MRV6X32P (02b74ba962232ea2a1771aa522143eaa) C:\Windows\system32\DRIVERS\MRVW13B.sys
02:44:11.0147 5060 MRV6X32P - ok
02:44:11.0194 5060 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
02:44:11.0210 5060 MRxDAV - ok
02:44:11.0256 5060 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:44:11.0256 5060 mrxsmb - ok
02:44:11.0303 5060 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:44:11.0319 5060 mrxsmb10 - ok
02:44:11.0350 5060 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:44:11.0350 5060 mrxsmb20 - ok
02:44:11.0381 5060 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
02:44:11.0381 5060 msahci - ok
02:44:11.0412 5060 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
02:44:11.0412 5060 msdsm - ok
02:44:11.0475 5060 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
02:44:11.0475 5060 Msfs - ok
02:44:11.0522 5060 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
02:44:11.0522 5060 msisadrv - ok
02:44:11.0568 5060 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
02:44:11.0568 5060 MSKSSRV - ok
02:44:11.0631 5060 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
02:44:11.0631 5060 MSPCLOCK - ok
02:44:11.0662 5060 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
02:44:11.0662 5060 MSPQM - ok
02:44:11.0709 5060 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
02:44:11.0709 5060 MsRPC - ok
02:44:11.0756 5060 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
02:44:11.0756 5060 mssmbios - ok
02:44:11.0802 5060 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
02:44:11.0802 5060 MSTEE - ok
02:44:11.0834 5060 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
02:44:11.0834 5060 MTsensor - ok
02:44:11.0849 5060 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
02:44:11.0849 5060 Mup - ok
02:44:11.0880 5060 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
02:44:11.0896 5060 NativeWifiP - ok
02:44:11.0943 5060 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
02:44:11.0958 5060 NDIS - ok
02:44:12.0005 5060 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
02:44:12.0005 5060 NdisTapi - ok
02:44:12.0036 5060 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
02:44:12.0036 5060 Ndisuio - ok
02:44:12.0208 5060 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
02:44:12.0224 5060 NdisWan - ok
02:44:12.0317 5060 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
02:44:12.0333 5060 NDProxy - ok
02:44:12.0411 5060 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
02:44:12.0411 5060 NetBIOS - ok
02:44:12.0504 5060 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\drivers\netbt.sys
02:44:12.0520 5060 netbt - ok
02:44:12.0567 5060 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
02:44:12.0567 5060 nfrd960 - ok
02:44:12.0614 5060 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
02:44:12.0614 5060 Npfs - ok
02:44:12.0645 5060 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
02:44:12.0645 5060 nsiproxy - ok
02:44:12.0785 5060 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
02:44:12.0832 5060 Ntfs - ok
02:44:12.0863 5060 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
02:44:12.0863 5060 ntrigdigi - ok
02:44:12.0941 5060 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
02:44:12.0941 5060 NuidFltr - ok
02:44:12.0988 5060 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
02:44:13.0004 5060 Null - ok
02:44:13.0394 5060 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
02:44:13.0409 5060 NVENETFD - ok
02:44:15.0422 5060 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:44:15.0484 5060 nvlddmkm - ok
02:44:15.0843 5060 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
02:44:15.0858 5060 nvraid - ok
02:44:15.0890 5060 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
02:44:15.0890 5060 nvstor - ok
02:44:15.0936 5060 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
02:44:15.0936 5060 nvstor32 - ok
02:44:15.0999 5060 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
02:44:15.0999 5060 nv_agp - ok
02:44:16.0014 5060 NwlnkFlt - ok
02:44:16.0030 5060 NwlnkFwd - ok
02:44:16.0077 5060 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
02:44:16.0077 5060 ohci1394 - ok
02:44:16.0108 5060 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
02:44:16.0108 5060 Parport - ok
02:44:16.0155 5060 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
02:44:16.0155 5060 partmgr - ok
02:44:16.0186 5060 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
02:44:16.0186 5060 Parvdm - ok
02:44:16.0217 5060 PCASp50 - ok
02:44:16.0280 5060 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
02:44:16.0280 5060 pci - ok
02:44:16.0342 5060 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
02:44:16.0342 5060 pciide - ok
02:44:16.0373 5060 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
02:44:16.0373 5060 pcmcia - ok
02:44:16.0436 5060 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
02:44:16.0451 5060 PEAUTH - ok
02:44:16.0545 5060 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys
02:44:16.0545 5060 Point32 - ok
02:44:16.0607 5060 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
02:44:16.0607 5060 PptpMiniport - ok
02:44:16.0654 5060 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
02:44:16.0670 5060 Processor - ok
02:44:16.0748 5060 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
02:44:16.0748 5060 PSched - ok
02:44:16.0810 5060 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
02:44:16.0826 5060 ql2300 - ok
02:44:16.0872 5060 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
02:44:16.0888 5060 ql40xx - ok
02:44:16.0935 5060 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
02:44:16.0935 5060 QWAVEdrv - ok
02:44:16.0982 5060 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
02:44:16.0982 5060 RasAcd - ok
02:44:17.0013 5060 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:44:17.0013 5060 Rasl2tp - ok
02:44:17.0060 5060 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
02:44:17.0060 5060 RasPppoe - ok
02:44:17.0091 5060 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
02:44:17.0091 5060 RasSstp - ok
02:44:17.0138 5060 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
02:44:17.0138 5060 rdbss - ok
02:44:17.0184 5060 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:44:17.0184 5060 RDPCDD - ok
02:44:17.0231 5060 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
02:44:17.0231 5060 rdpdr - ok
02:44:17.0247 5060 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
02:44:17.0247 5060 RDPENCDD - ok
02:44:17.0387 5060 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
02:44:17.0434 5060 RDPWD - ok
02:44:17.0543 5060 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
02:44:17.0543 5060 rspndr - ok
02:44:17.0574 5060 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
02:44:17.0574 5060 sbp2port - ok
02:44:17.0637 5060 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:44:17.0637 5060 secdrv - ok
02:44:17.0652 5060 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
02:44:17.0652 5060 Serenum - ok
02:44:17.0684 5060 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
02:44:17.0684 5060 Serial - ok
02:44:17.0730 5060 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
02:44:17.0730 5060 sermouse - ok
02:44:17.0746 5060 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
02:44:17.0762 5060 sffdisk - ok
02:44:17.0777 5060 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
02:44:17.0777 5060 sffp_mmc - ok
02:44:17.0793 5060 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
02:44:17.0793 5060 sffp_sd - ok
02:44:17.0824 5060 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
02:44:17.0824 5060 sfloppy - ok
02:44:17.0855 5060 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
02:44:17.0855 5060 sisagp - ok
02:44:17.0886 5060 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
02:44:17.0886 5060 SiSRaid2 - ok
02:44:17.0902 5060 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
02:44:17.0918 5060 SiSRaid4 - ok
02:44:17.0949 5060 Smb (ed23daaaccaf6f7efcfaf0cc155873e8) C:\Windows\system32\DRIVERS\smb.sys
02:44:17.0949 5060 Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: ed23daaaccaf6f7efcfaf0cc155873e8, Fake md5: 7b75299a4d201d6a6533603d6914ab04
02:44:17.0949 5060 Smb ( Virus.Win32.ZAccess.c ) - infected
02:44:17.0949 5060 Smb - detected Virus.Win32.ZAccess.c (0)
02:44:17.0996 5060 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
02:44:17.0996 5060 spldr - ok
02:44:18.0058 5060 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
02:44:18.0058 5060 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
02:44:18.0074 5060 sptd ( LockedFile.Multi.Generic ) - warning
02:44:18.0074 5060 sptd - detected LockedFile.Multi.Generic (1)
02:44:18.0120 5060 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
02:44:18.0136 5060 srv - ok
02:44:18.0167 5060 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
02:44:18.0167 5060 srv2 - ok
02:44:18.0214 5060 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
02:44:18.0214 5060 srvnet - ok
02:44:18.0292 5060 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
02:44:18.0292 5060 swenum - ok
02:44:18.0339 5060 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
02:44:18.0339 5060 Symc8xx - ok
02:44:18.0370 5060 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
02:44:18.0370 5060 Sym_hi - ok
02:44:18.0417 5060 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
02:44:18.0432 5060 Sym_u3 - ok
02:44:18.0510 5060 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
02:44:18.0526 5060 Tcpip - ok
02:44:18.0588 5060 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
02:44:18.0588 5060 Tcpip6 - ok
02:44:18.0635 5060 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
02:44:18.0635 5060 tcpipreg - ok
02:44:18.0666 5060 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
02:44:18.0666 5060 TDPIPE - ok
02:44:18.0698 5060 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
02:44:18.0698 5060 TDTCP - ok
02:44:18.0744 5060 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
02:44:18.0744 5060 tdx - ok
02:44:18.0791 5060 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
02:44:18.0791 5060 TermDD - ok
02:44:18.0869 5060 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:44:18.0869 5060 tssecsrv - ok
02:44:18.0932 5060 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
02:44:18.0947 5060 tunmp - ok
02:44:18.0978 5060 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
02:44:18.0978 5060 tunnel - ok
02:44:19.0025 5060 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
02:44:19.0025 5060 uagp35 - ok
02:44:19.0072 5060 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
02:44:19.0072 5060 udfs - ok
02:44:19.0103 5060 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
02:44:19.0103 5060 uliagpkx - ok
02:44:19.0134 5060 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
02:44:19.0134 5060 uliahci - ok
02:44:19.0166 5060 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
02:44:19.0166 5060 UlSata - ok
02:44:19.0197 5060 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
02:44:19.0197 5060 ulsata2 - ok
02:44:19.0228 5060 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
02:44:19.0228 5060 umbus - ok
02:44:19.0275 5060 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
02:44:19.0290 5060 usbccgp - ok
02:44:19.0306 5060 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
02:44:19.0306 5060 usbcir - ok
02:44:19.0353 5060 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
02:44:19.0353 5060 usbehci - ok
02:44:19.0431 5060 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
02:44:19.0431 5060 usbhub - ok
02:44:19.0478 5060 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
02:44:19.0478 5060 usbohci - ok
02:44:19.0556 5060 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
02:44:19.0602 5060 usbprint - ok
02:44:19.0649 5060 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
02:44:19.0649 5060 usbscan - ok
02:44:19.0680 5060 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:44:19.0680 5060 USBSTOR - ok
02:44:19.0727 5060 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
02:44:19.0743 5060 usbuhci - ok
02:44:19.0774 5060 USB_RNDIS (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
02:44:19.0774 5060 USB_RNDIS - ok
02:44:19.0805 5060 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
02:44:19.0805 5060 vga - ok
02:44:19.0852 5060 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
02:44:19.0868 5060 VgaSave - ok
02:44:19.0883 5060 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
02:44:19.0883 5060 viaagp - ok
02:44:19.0914 5060 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
02:44:19.0914 5060 ViaC7 - ok
02:44:19.0946 5060 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
02:44:19.0946 5060 viaide - ok
02:44:19.0977 5060 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
02:44:19.0977 5060 volmgr - ok
02:44:20.0039 5060 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
02:44:20.0055 5060 volmgrx - ok
02:44:20.0086 5060 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
02:44:20.0102 5060 volsnap - ok
02:44:20.0133 5060 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
02:44:20.0133 5060 vsmraid - ok
02:44:20.0164 5060 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
02:44:20.0164 5060 WacomPen - ok
02:44:20.0211 5060 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:44:20.0211 5060 Wanarp - ok
02:44:20.0226 5060 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:44:20.0226 5060 Wanarpv6 - ok
02:44:20.0258 5060 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
02:44:20.0258 5060 Wd - ok
02:44:20.0304 5060 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
02:44:20.0320 5060 Wdf01000 - ok
02:44:20.0398 5060 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
02:44:20.0398 5060 WmiAcpi - ok
02:44:20.0445 5060 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
02:44:20.0445 5060 WpdUsb - ok
02:44:20.0492 5060 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
02:44:20.0492 5060 ws2ifsl - ok
02:44:20.0538 5060 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:44:20.0554 5060 WUDFRd - ok
02:44:20.0616 5060 ZTEusbmdm6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
02:44:20.0616 5060 ZTEusbmdm6k - ok
02:44:20.0663 5060 ZTEusbnmea (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
02:44:20.0663 5060 ZTEusbnmea - ok
02:44:20.0694 5060 ZTEusbser6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
02:44:20.0694 5060 ZTEusbser6k - ok
02:44:20.0741 5060 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
02:44:20.0788 5060 \Device\Harddisk0\DR0 - ok
02:44:20.0804 5060 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
02:44:20.0850 5060 \Device\Harddisk1\DR1 - ok
02:44:20.0850 5060 Boot (0x1200) (0764067473881a4af3236f319ce802b5) \Device\Harddisk0\DR0\Partition0
02:44:20.0850 5060 \Device\Harddisk0\DR0\Partition0 - ok
02:44:20.0850 5060 Boot (0x1200) (21fa605b69522b273bd08e3b52a2ee70) \Device\Harddisk1\DR1\Partition0
02:44:20.0850 5060 \Device\Harddisk1\DR1\Partition0 - ok
02:44:20.0850 5060 ============================================================
02:44:20.0850 5060 Scan finished
02:44:20.0850 5060 ============================================================
02:44:20.0866 5052 Detected object count: 2
02:44:20.0866 5052 Actual detected object count: 2
02:44:59.0746 5052 C:\Windows\system32\DRIVERS\smb.sys - copied to quarantine
02:44:59.0934 5052 Backup copy found, using it..
02:44:59.0949 5052 C:\Windows\system32\DRIVERS\smb.sys - will be cured on reboot
02:45:05.0643 5052 Smb ( Virus.Win32.ZAccess.c ) - User select action: Cure
02:45:05.0643 5052 sptd ( LockedFile.Multi.Generic ) - skipped by user
02:45:05.0643 5052 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
02:45:24.0082 4520 Deinitialize success
 
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-26 13:01:10
-----------------------------
13:01:10.561 OS Version: Windows 6.0.6002 Service Pack 2
13:01:10.561 Number of processors: 4 586 0xF0B
13:01:10.562 ComputerName: MARK-PC UserName: Mark
13:01:11.149 Initialize success
13:05:05.446 AVAST engine defs: 12022602
13:08:29.168 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1
13:08:29.171 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
13:08:29.173 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005a
13:08:29.176 Disk 1 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 6
13:08:29.207 Disk 0 MBR read successfully
13:08:29.211 Disk 0 MBR scan
13:08:29.216 Disk 0 Windows VISTA default MBR code
13:08:29.220 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 2048
13:08:29.227 Disk 0 scanning sectors +312578048
13:08:29.302 Disk 0 scanning C:\Windows\system32\drivers
13:08:37.702 Service scanning
13:08:50.092 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
13:08:55.321 Modules scanning
13:08:59.436 Disk 0 trace - called modules:
13:08:59.450 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85bcb1f8]<<
13:08:59.466 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a3a2c0]
13:08:59.473 3 CLASSPNP.SYS[8b5aa8b3] -> nt!IofCallDriver -> [0x85c3a598]
13:08:59.480 5 acpi.sys[807bc6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-1[0x85c7b8a0]
13:08:59.487 \Driver\atapi[0x85c3e6e8] -> IRP_MJ_CREATE -> 0x85bcb1f8
13:09:00.459 AVAST engine scan C:\Windows
13:09:02.935 AVAST engine scan C:\Windows\system32
13:11:24.873 AVAST engine scan C:\Windows\system32\drivers
13:11:34.875 AVAST engine scan C:\Users\Mark
13:13:02.760 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
13:13:02.766 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-27 02:50:04
-----------------------------
02:50:04.268 OS Version: Windows 6.0.6002 Service Pack 2
02:50:04.268 Number of processors: 4 586 0xF0B
02:50:04.284 ComputerName: MARK-PC UserName: Mark
02:50:05.828 Initialize success
02:50:13.129 AVAST engine defs: 12022602
02:50:18.433 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
02:50:18.433 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
02:50:18.433 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000059
02:50:18.433 Disk 1 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 6
02:50:18.449 Disk 0 MBR read successfully
02:50:18.449 Disk 0 MBR scan
02:50:18.449 Disk 0 Windows VISTA default MBR code
02:50:18.464 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 2048
02:50:18.464 Disk 0 scanning sectors +312578048
02:50:18.589 Disk 0 scanning C:\Windows\system32\drivers
02:50:23.519 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Sirefef-JQ [Trj]
02:50:34.049 Disk 0 trace - called modules:
02:50:34.064 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xa030afc0]<<
02:50:34.080 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b0f620]
02:50:34.080 3 CLASSPNP.SYS[8b3aa8b3] -> nt!IofCallDriver -> [0x85340b70]
02:50:34.080 \Driver\00006739[0x8a2d5120] -> IRP_MJ_CREATE -> 0xa030afc0
02:50:35.343 AVAST engine scan C:\Windows
02:50:40.164 AVAST engine scan C:\Windows\system32
02:53:59.469 AVAST engine scan C:\Windows\system32\drivers
02:54:05.444 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Sirefef-JQ [Trj]
02:54:24.663 AVAST engine scan C:\Users\Mark
02:54:56.004 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
02:54:56.035 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"
 
It looks like you got reinfected.

Re-run TDSSKiller one more time.

Also....

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\Windows\system32\Drivers\dfsc.sys
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
 
04:15:46.0224 4600 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
04:15:46.0349 4600 ============================================================
04:15:46.0349 4600 Current date / time: 2012/02/27 04:15:46.0349
04:15:46.0349 4600 SystemInfo:
04:15:46.0349 4600
04:15:46.0349 4600 OS Version: 6.0.6002 ServicePack: 2.0
04:15:46.0349 4600 Product type: Workstation
04:15:46.0349 4600 ComputerName: MARK-PC
04:15:46.0349 4600 UserName: Mark
04:15:46.0349 4600 Windows directory: C:\Windows
04:15:46.0349 4600 System windows directory: C:\Windows
04:15:46.0349 4600 Processor architecture: Intel x86
04:15:46.0349 4600 Number of processors: 4
04:15:46.0349 4600 Page size: 0x1000
04:15:46.0349 4600 Boot type: Normal boot
04:15:46.0349 4600 ============================================================
04:15:47.0456 4600 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
04:15:47.0472 4600 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
04:15:47.0472 4600 \Device\Harddisk0\DR0:
04:15:47.0472 4600 MBR used
04:15:47.0472 4600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
04:15:47.0472 4600 \Device\Harddisk1\DR1:
04:15:47.0472 4600 MBR used
04:15:47.0472 4600 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
04:15:47.0519 4600 Initialize success
04:15:47.0519 4600 ============================================================
04:15:48.0720 4312 ============================================================
04:15:48.0720 4312 Scan started
04:15:48.0720 4312 Mode: Manual;
04:15:48.0720 4312 ============================================================
04:15:49.0781 4312 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
04:15:49.0796 4312 ACPI - ok
04:15:49.0874 4312 ADIHdAudAddService (81a61c3fe6f0f8c084c9a80b584cce21) C:\Windows\system32\drivers\ADIHdAud.sys
04:15:49.0874 4312 ADIHdAudAddService - ok
04:15:49.0937 4312 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
04:15:49.0952 4312 adp94xx - ok
04:15:50.0015 4312 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
04:15:50.0015 4312 adpahci - ok
04:15:50.0046 4312 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
04:15:50.0046 4312 adpu160m - ok
04:15:50.0062 4312 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
04:15:50.0062 4312 adpu320 - ok
04:15:50.0155 4312 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
04:15:50.0155 4312 AFD - ok
04:15:50.0202 4312 AFGMp50 - ok
04:15:50.0249 4312 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\AFGSp50.sys
04:15:50.0249 4312 AFGSp50 - ok
04:15:50.0311 4312 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
04:15:50.0311 4312 agp440 - ok
04:15:50.0342 4312 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
04:15:50.0342 4312 aic78xx - ok
04:15:50.0389 4312 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
04:15:50.0389 4312 aliide - ok
04:15:50.0420 4312 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
04:15:50.0420 4312 amdagp - ok
04:15:50.0436 4312 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
04:15:50.0436 4312 amdide - ok
04:15:50.0452 4312 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
04:15:50.0452 4312 AmdK7 - ok
04:15:50.0498 4312 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
04:15:50.0498 4312 AmdK8 - ok
04:15:50.0561 4312 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
04:15:50.0561 4312 arc - ok
04:15:50.0592 4312 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
04:15:50.0592 4312 arcsas - ok
04:15:50.0623 4312 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
04:15:50.0623 4312 AsyncMac - ok
04:15:50.0670 4312 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
04:15:50.0670 4312 atapi - ok
04:15:50.0732 4312 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
04:15:50.0732 4312 Beep - ok
04:15:50.0764 4312 blbdrive - ok
04:15:50.0810 4312 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
04:15:50.0810 4312 bowser - ok
04:15:50.0857 4312 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
04:15:50.0857 4312 BrFiltLo - ok
04:15:50.0873 4312 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
04:15:50.0873 4312 BrFiltUp - ok
04:15:50.0904 4312 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
04:15:50.0904 4312 Brserid - ok
04:15:50.0935 4312 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
04:15:50.0935 4312 BrSerWdm - ok
04:15:50.0951 4312 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
04:15:50.0951 4312 BrUsbMdm - ok
04:15:50.0966 4312 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
04:15:50.0966 4312 BrUsbSer - ok
04:15:50.0998 4312 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
04:15:50.0998 4312 BTHMODEM - ok
04:15:51.0091 4312 catchme - ok
04:15:51.0154 4312 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
04:15:51.0154 4312 cdfs - ok
04:15:51.0185 4312 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
04:15:51.0185 4312 cdrom - ok
04:15:51.0216 4312 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
04:15:51.0216 4312 circlass - ok
04:15:51.0263 4312 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
04:15:51.0263 4312 CLFS - ok
04:15:51.0294 4312 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
04:15:51.0294 4312 cmdide - ok
04:15:51.0310 4312 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
04:15:51.0310 4312 Compbatt - ok
04:15:51.0341 4312 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
04:15:51.0341 4312 crcdisk - ok
04:15:51.0388 4312 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
04:15:51.0388 4312 Crusoe - ok
04:15:51.0481 4312 DfsC (4ce25ee05f00ce7baa8bcf74a04a6bf2) C:\Windows\system32\Drivers\dfsc.sys
04:15:51.0481 4312 Suspicious file (Forged): C:\Windows\system32\Drivers\dfsc.sys. Real md5: 4ce25ee05f00ce7baa8bcf74a04a6bf2, Fake md5: a7179de59ae269ab70345527894ccd7c
04:15:51.0481 4312 DfsC ( Virus.Win32.ZAccess.c ) - infected
04:15:51.0481 4312 DfsC - detected Virus.Win32.ZAccess.c (0)
04:15:51.0575 4312 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
04:15:51.0575 4312 disk - ok
04:15:51.0668 4312 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
04:15:51.0668 4312 Dot4 - ok
04:15:51.0731 4312 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
04:15:51.0731 4312 Dot4Print - ok
04:15:51.0778 4312 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
04:15:51.0778 4312 dot4usb - ok
04:15:51.0824 4312 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
04:15:51.0824 4312 drmkaud - ok
04:15:51.0902 4312 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
04:15:51.0902 4312 DXGKrnl - ok
04:15:51.0934 4312 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
04:15:51.0934 4312 E1G60 - ok
04:15:51.0996 4312 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
04:15:51.0996 4312 Ecache - ok
04:15:52.0058 4312 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
04:15:52.0058 4312 elxstor - ok
04:15:52.0121 4312 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
04:15:52.0121 4312 exfat - ok
04:15:52.0168 4312 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
04:15:52.0168 4312 fastfat - ok
04:15:52.0199 4312 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
04:15:52.0199 4312 fdc - ok
04:15:52.0246 4312 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
04:15:52.0246 4312 FileInfo - ok
04:15:52.0292 4312 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
04:15:52.0292 4312 Filetrace - ok
04:15:52.0324 4312 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
04:15:52.0324 4312 flpydisk - ok
04:15:52.0339 4312 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
04:15:52.0339 4312 FltMgr - ok
04:15:52.0402 4312 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
04:15:52.0402 4312 Fs_Rec - ok
04:15:52.0448 4312 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
04:15:52.0448 4312 gagp30kx - ok
04:15:52.0542 4312 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
04:15:52.0542 4312 HdAudAddService - ok
04:15:52.0589 4312 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:15:52.0604 4312 HDAudBus - ok
04:15:52.0620 4312 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
04:15:52.0620 4312 HidBth - ok
04:15:52.0636 4312 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
04:15:52.0636 4312 HidIr - ok
04:15:52.0698 4312 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
04:15:52.0698 4312 HidUsb - ok
04:15:52.0729 4312 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
04:15:52.0729 4312 HpCISSs - ok
04:15:52.0823 4312 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
04:15:52.0823 4312 HTTP - ok
04:15:52.0885 4312 hwdatacard (4154079a88089155d10168333b19627f) C:\Windows\system32\DRIVERS\ewusbmdm.sys
04:15:52.0885 4312 hwdatacard - ok
04:15:52.0885 4312 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
04:15:52.0901 4312 i2omp - ok
04:15:52.0948 4312 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
04:15:52.0948 4312 i8042prt - ok
04:15:52.0979 4312 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
04:15:52.0979 4312 iaStorV - ok
04:15:53.0010 4312 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
04:15:53.0010 4312 iirsp - ok
04:15:53.0041 4312 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
04:15:53.0041 4312 intelide - ok
04:15:53.0088 4312 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
04:15:53.0088 4312 intelppm - ok
04:15:53.0150 4312 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:15:53.0150 4312 IpFilterDriver - ok
04:15:53.0166 4312 IpInIp - ok
04:15:53.0197 4312 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
04:15:53.0197 4312 IPMIDRV - ok
04:15:53.0228 4312 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
04:15:53.0228 4312 IPNAT - ok
04:15:53.0275 4312 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
04:15:53.0275 4312 IRENUM - ok
04:15:53.0291 4312 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
04:15:53.0291 4312 isapnp - ok
04:15:53.0338 4312 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
04:15:53.0338 4312 iScsiPrt - ok
04:15:53.0369 4312 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
04:15:53.0369 4312 iteatapi - ok
04:15:53.0384 4312 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
04:15:53.0384 4312 iteraid - ok
04:15:53.0478 4312 jbridgep - ok
04:15:53.0509 4312 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
04:15:53.0509 4312 kbdclass - ok
04:15:53.0540 4312 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
04:15:53.0540 4312 kbdhid - ok
04:15:53.0618 4312 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
04:15:53.0618 4312 KSecDD - ok
04:15:53.0665 4312 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
04:15:53.0665 4312 lltdio - ok
04:15:53.0712 4312 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
04:15:53.0712 4312 LSI_FC - ok
04:15:53.0743 4312 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
04:15:53.0743 4312 LSI_SAS - ok
04:15:53.0790 4312 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
04:15:53.0790 4312 LSI_SCSI - ok
04:15:53.0821 4312 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
04:15:53.0821 4312 luafv - ok
04:15:53.0868 4312 massfilter (6490fe1b088c7199a9b6ce0e04a98a8b) C:\Windows\system32\DRIVERS\massfilter.sys
04:15:53.0868 4312 massfilter - ok
04:15:53.0899 4312 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
04:15:53.0899 4312 MBAMProtector - ok
04:15:53.0962 4312 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
04:15:53.0962 4312 mbmiodrvr - ok
04:15:53.0993 4312 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
04:15:53.0993 4312 megasas - ok
04:15:54.0024 4312 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
04:15:54.0024 4312 Modem - ok
04:15:54.0086 4312 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
04:15:54.0086 4312 monitor - ok
04:15:54.0118 4312 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
04:15:54.0118 4312 mouclass - ok
04:15:54.0133 4312 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
04:15:54.0133 4312 mouhid - ok
04:15:54.0164 4312 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
04:15:54.0164 4312 MountMgr - ok
04:15:54.0211 4312 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
04:15:54.0211 4312 mpio - ok
04:15:54.0242 4312 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
04:15:54.0242 4312 mpsdrv - ok
04:15:54.0274 4312 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
04:15:54.0274 4312 Mraid35x - ok
04:15:54.0336 4312 MRV6X32P (02b74ba962232ea2a1771aa522143eaa) C:\Windows\system32\DRIVERS\MRVW13B.sys
04:15:54.0336 4312 MRV6X32P - ok
04:15:54.0383 4312 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
04:15:54.0383 4312 MRxDAV - ok
04:15:54.0430 4312 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:15:54.0430 4312 mrxsmb - ok
04:15:54.0476 4312 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:15:54.0476 4312 mrxsmb10 - ok
04:15:54.0492 4312 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:15:54.0492 4312 mrxsmb20 - ok
04:15:54.0523 4312 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
04:15:54.0523 4312 msahci - ok
04:15:54.0554 4312 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
04:15:54.0554 4312 msdsm - ok
04:15:54.0617 4312 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
04:15:54.0617 4312 Msfs - ok
04:15:54.0664 4312 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
04:15:54.0664 4312 msisadrv - ok
04:15:54.0726 4312 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
04:15:54.0726 4312 MSKSSRV - ok
04:15:54.0773 4312 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
04:15:54.0773 4312 MSPCLOCK - ok
04:15:54.0835 4312 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
04:15:54.0835 4312 MSPQM - ok
04:15:54.0866 4312 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
04:15:54.0882 4312 MsRPC - ok
04:15:54.0913 4312 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
04:15:54.0913 4312 mssmbios - ok
04:15:54.0960 4312 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
04:15:54.0960 4312 MSTEE - ok
04:15:54.0991 4312 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
04:15:54.0991 4312 MTsensor - ok
04:15:55.0007 4312 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
04:15:55.0007 4312 Mup - ok
04:15:55.0054 4312 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
04:15:55.0054 4312 NativeWifiP - ok
04:15:55.0085 4312 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
04:15:55.0085 4312 NDIS - ok
04:15:55.0132 4312 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
04:15:55.0132 4312 NdisTapi - ok
04:15:55.0163 4312 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
04:15:55.0163 4312 Ndisuio - ok
04:15:55.0178 4312 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
04:15:55.0178 4312 NdisWan - ok
04:15:55.0225 4312 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
04:15:55.0225 4312 NDProxy - ok
04:15:55.0272 4312 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
04:15:55.0272 4312 NetBIOS - ok
04:15:55.0350 4312 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\drivers\netbt.sys
04:15:55.0350 4312 netbt - ok
04:15:55.0397 4312 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
04:15:55.0397 4312 nfrd960 - ok
04:15:55.0444 4312 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
04:15:55.0444 4312 Npfs - ok
04:15:55.0475 4312 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
04:15:55.0475 4312 nsiproxy - ok
04:15:55.0553 4312 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
04:15:55.0584 4312 Ntfs - ok
04:15:55.0615 4312 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
04:15:55.0615 4312 ntrigdigi - ok
04:15:55.0678 4312 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
04:15:55.0678 4312 NuidFltr - ok
04:15:55.0709 4312 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
04:15:55.0709 4312 Null - ok
04:15:55.0787 4312 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
04:15:55.0818 4312 NVENETFD - ok
04:15:56.0114 4312 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
04:15:56.0317 4312 nvlddmkm - ok
04:15:56.0348 4312 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
04:15:56.0348 4312 nvraid - ok
04:15:56.0395 4312 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
04:15:56.0395 4312 nvstor - ok
04:15:56.0426 4312 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
04:15:56.0426 4312 nvstor32 - ok
04:15:56.0489 4312 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
04:15:56.0489 4312 nv_agp - ok
04:15:56.0504 4312 NwlnkFlt - ok
04:15:56.0520 4312 NwlnkFwd - ok
04:15:56.0582 4312 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
04:15:56.0582 4312 ohci1394 - ok
04:15:56.0598 4312 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
04:15:56.0598 4312 Parport - ok
04:15:56.0645 4312 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
04:15:56.0645 4312 partmgr - ok
04:15:56.0676 4312 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
04:15:56.0676 4312 Parvdm - ok
04:15:56.0707 4312 PCASp50 - ok
04:15:56.0754 4312 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
04:15:56.0754 4312 pci - ok
04:15:56.0816 4312 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
04:15:56.0816 4312 pciide - ok
04:15:56.0863 4312 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
04:15:56.0863 4312 pcmcia - ok
04:15:56.0957 4312 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
04:15:56.0972 4312 PEAUTH - ok
04:15:57.0050 4312 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys
04:15:57.0050 4312 Point32 - ok
04:15:57.0066 4312 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
04:15:57.0066 4312 PptpMiniport - ok
04:15:57.0097 4312 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
04:15:57.0097 4312 Processor - ok
04:15:57.0160 4312 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
04:15:57.0160 4312 PSched - ok
04:15:57.0222 4312 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
04:15:57.0253 4312 ql2300 - ok
04:15:57.0284 4312 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
04:15:57.0284 4312 ql40xx - ok
04:15:57.0316 4312 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
04:15:57.0316 4312 QWAVEdrv - ok
04:15:57.0362 4312 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
04:15:57.0362 4312 RasAcd - ok
04:15:57.0394 4312 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:15:57.0394 4312 Rasl2tp - ok
04:15:57.0440 4312 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
04:15:57.0440 4312 RasPppoe - ok
04:15:57.0472 4312 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
04:15:57.0472 4312 RasSstp - ok
04:15:57.0518 4312 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
04:15:57.0534 4312 rdbss - ok
04:15:57.0565 4312 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:15:57.0565 4312 RDPCDD - ok
04:15:57.0612 4312 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
04:15:57.0628 4312 rdpdr - ok
04:15:57.0628 4312 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
04:15:57.0628 4312 RDPENCDD - ok
04:15:57.0674 4312 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
04:15:57.0674 4312 RDPWD - ok
04:15:57.0721 4312 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
04:15:57.0721 4312 rspndr - ok
04:15:57.0752 4312 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
04:15:57.0752 4312 sbp2port - ok
04:15:57.0815 4312 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
04:15:57.0815 4312 secdrv - ok
04:15:57.0846 4312 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
04:15:57.0846 4312 Serenum - ok
04:15:57.0877 4312 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
04:15:57.0877 4312 Serial - ok
04:15:57.0924 4312 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
04:15:57.0924 4312 sermouse - ok
04:15:57.0940 4312 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
04:15:57.0940 4312 sffdisk - ok
04:15:57.0971 4312 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
04:15:57.0971 4312 sffp_mmc - ok
04:15:57.0986 4312 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
04:15:57.0986 4312 sffp_sd - ok
04:15:58.0018 4312 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
04:15:58.0018 4312 sfloppy - ok
04:15:58.0064 4312 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
04:15:58.0064 4312 sisagp - ok
04:15:58.0096 4312 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
04:15:58.0096 4312 SiSRaid2 - ok
04:15:58.0111 4312 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
04:15:58.0111 4312 SiSRaid4 - ok
04:15:58.0158 4312 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
04:15:58.0158 4312 Smb - ok
04:15:58.0205 4312 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
04:15:58.0205 4312 spldr - ok
04:15:58.0267 4312 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
04:15:58.0267 4312 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
04:15:58.0283 4312 sptd ( LockedFile.Multi.Generic ) - warning
04:15:58.0283 4312 sptd - detected LockedFile.Multi.Generic (1)
04:15:58.0330 4312 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
04:15:58.0330 4312 srv - ok
04:15:58.0376 4312 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
04:15:58.0376 4312 srv2 - ok
04:15:58.0423 4312 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
04:15:58.0423 4312 srvnet - ok
04:15:58.0517 4312 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
04:15:58.0517 4312 swenum - ok
04:15:58.0564 4312 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
04:15:58.0564 4312 Symc8xx - ok
04:15:58.0579 4312 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
04:15:58.0579 4312 Sym_hi - ok
04:15:58.0610 4312 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
04:15:58.0610 4312 Sym_u3 - ok
04:15:58.0673 4312 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
04:15:58.0673 4312 Tcpip - ok
04:15:58.0704 4312 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
04:15:58.0720 4312 Tcpip6 - ok
04:15:58.0751 4312 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
04:15:58.0751 4312 tcpipreg - ok
04:15:58.0813 4312 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
04:15:58.0813 4312 TDPIPE - ok
04:15:58.0829 4312 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
04:15:58.0829 4312 TDTCP - ok
04:15:58.0876 4312 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
04:15:58.0876 4312 tdx - ok
04:15:58.0907 4312 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
04:15:58.0922 4312 TermDD - ok
04:15:58.0954 4312 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:15:58.0954 4312 tssecsrv - ok
04:15:59.0016 4312 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
04:15:59.0016 4312 tunmp - ok
04:15:59.0047 4312 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
04:15:59.0047 4312 tunnel - ok
04:15:59.0094 4312 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
04:15:59.0094 4312 uagp35 - ok
04:15:59.0141 4312 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
04:15:59.0141 4312 udfs - ok
04:15:59.0172 4312 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
04:15:59.0172 4312 uliagpkx - ok
04:15:59.0203 4312 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
04:15:59.0203 4312 uliahci - ok
04:15:59.0234 4312 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
04:15:59.0234 4312 UlSata - ok
04:15:59.0250 4312 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
04:15:59.0250 4312 ulsata2 - ok
04:15:59.0297 4312 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
04:15:59.0297 4312 umbus - ok
04:15:59.0328 4312 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
04:15:59.0328 4312 usbccgp - ok
04:15:59.0359 4312 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
04:15:59.0359 4312 usbcir - ok
04:15:59.0406 4312 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
04:15:59.0406 4312 usbehci - ok
04:15:59.0437 4312 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
04:15:59.0453 4312 usbhub - ok
04:15:59.0468 4312 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
04:15:59.0484 4312 usbohci - ok
04:15:59.0515 4312 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
04:15:59.0515 4312 usbprint - ok
04:15:59.0562 4312 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
04:15:59.0578 4312 usbscan - ok
04:15:59.0609 4312 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:15:59.0609 4312 USBSTOR - ok
04:15:59.0624 4312 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
04:15:59.0624 4312 usbuhci - ok
04:15:59.0656 4312 USB_RNDIS (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
04:15:59.0656 4312 USB_RNDIS - ok
04:15:59.0702 4312 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
04:15:59.0702 4312 vga - ok
04:15:59.0765 4312 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
04:15:59.0765 4312 VgaSave - ok
04:15:59.0827 4312 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
04:15:59.0827 4312 viaagp - ok
04:15:59.0858 4312 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
04:15:59.0858 4312 ViaC7 - ok
04:15:59.0874 4312 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
04:15:59.0874 4312 viaide - ok
04:15:59.0921 4312 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
04:15:59.0921 4312 volmgr - ok
04:15:59.0968 4312 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
04:15:59.0968 4312 volmgrx - ok
04:16:00.0014 4312 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
04:16:00.0014 4312 volsnap - ok
04:16:00.0046 4312 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
04:16:00.0046 4312 vsmraid - ok
04:16:00.0077 4312 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
04:16:00.0077 4312 WacomPen - ok
04:16:00.0108 4312 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:16:00.0108 4312 Wanarp - ok
04:16:00.0139 4312 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:16:00.0139 4312 Wanarpv6 - ok
04:16:00.0170 4312 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
04:16:00.0170 4312 Wd - ok
04:16:00.0217 4312 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
04:16:00.0217 4312 Wdf01000 - ok
04:16:00.0311 4312 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
04:16:00.0311 4312 WmiAcpi - ok
04:16:00.0342 4312 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
04:16:00.0342 4312 WpdUsb - ok
04:16:00.0389 4312 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
04:16:00.0389 4312 ws2ifsl - ok
04:16:00.0436 4312 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:16:00.0436 4312 WUDFRd - ok
04:16:00.0498 4312 ZTEusbmdm6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
04:16:00.0498 4312 ZTEusbmdm6k - ok
04:16:00.0560 4312 ZTEusbnmea (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
04:16:00.0560 4312 ZTEusbnmea - ok
04:16:00.0576 4312 ZTEusbser6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
04:16:00.0592 4312 ZTEusbser6k - ok
04:16:00.0623 4312 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
04:16:00.0670 4312 \Device\Harddisk0\DR0 - ok
04:16:00.0685 4312 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
04:16:00.0732 4312 \Device\Harddisk1\DR1 - ok
04:16:00.0732 4312 Boot (0x1200) (0764067473881a4af3236f319ce802b5) \Device\Harddisk0\DR0\Partition0
04:16:00.0732 4312 \Device\Harddisk0\DR0\Partition0 - ok
04:16:00.0732 4312 Boot (0x1200) (21fa605b69522b273bd08e3b52a2ee70) \Device\Harddisk1\DR1\Partition0
04:16:00.0732 4312 \Device\Harddisk1\DR1\Partition0 - ok
04:16:00.0732 4312 ============================================================
04:16:00.0732 4312 Scan finished
04:16:00.0732 4312 ============================================================
04:16:00.0748 5272 Detected object count: 2
04:16:00.0748 5272 Actual detected object count: 2
04:16:06.0395 5272 C:\Windows\system32\Drivers\dfsc.sys - copied to quarantine
04:16:09.0796 5272 Backup copy not found, trying to cure infected file..
04:16:09.0827 5272 Cure success, using it..
04:16:09.0827 5272 C:\Windows\system32\Drivers\dfsc.sys - will be cured on reboot
04:16:12.0931 5272 DfsC ( Virus.Win32.ZAccess.c ) - User select action: Cure
04:16:12.0931 5272 sptd ( LockedFile.Multi.Generic ) - skipped by user
04:16:12.0931 5272 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
04:16:29.0296 4224 Deinitialize success
 
Not quite sure which part of the website result to post...

SHA256: 6aa67f34c7349b8b7efa6e6c143dda08f80d8d027e2e1ac41490e351c22bfa5b
SHA1: b91e38016d093396e96c8def801662596b2ebfb2
MD5: a7179de59ae269ab70345527894ccd7c
File size: 73.0 KB ( 74752 bytes )
File name: C:\Windows\System32\drivers\dfsc.sys
File type: Win32 EXE
Detection ratio: 0 / 43
Analysis date: 2012-02-27 04:32:14 UTC ( 0 minutes ago )
 
Apologies for delay.

I am still getting redirected. When I run TDSSKiller, it seems to neutralise the threats it detects, and then reboots the computer. Its as if on reboot the virus is re-establishing itself, in a kind of cycle.
 
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Click on SCAN.
    [/b]
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=================================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
RogueKiller V7.2.0 [02/27/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Mark [Admin rights]
Mode: Scan -- Date: 02/29/2012 07:13:07

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600AAJB-00PVA0 ATA Device +++++
--- User ---
[MBR] 7be4d50977873353752aa4c68214641c
[BSP] 40f40e7e33546ef3548f3ee71c27c7ca : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD64 01AALS-00L3B SCSI Disk Device +++++
--- User ---
[MBR] 8a22d489db3b89375fd554178146aad4
[BSP] bac0c001ecfd76fe391e8a7490c585ab : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610478 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
Hello again. I think this virus must hate me!

I downloaded and ran FixTDSS, it was very quick (instant, in fact, which I thought was odd because it said it would search for TDSS) and then rebooted the machine. On reboot I got a BSOD. The machine rebooted again and got into a cycle of BSODs and reboots. I tried to launch the machine in safe mode but again resulted in a BSOD.

The machine would only boot when I selected "use last known good config", where FixTDSS displayed an error message stating that it could not run with "-postboot", and a few moments later got another BSOD, after this the machine booted normally.

I then booted the machine into safe mode and tried to run FixTDSS again, but again it rebooted to a BSOD and I had to launch with last known config; where I got the same error message.
 
Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Under the Custom Scan box paste this in:

    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    dfsc.sys
    /md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
I managed to boot the liveCD successfully. Log below:

OTL logfile created on: 3/2/2012 7:47:29 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 33.06 Gb Free Space | 22.18% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 323.89 Gb Free Space | 54.33% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (WUSB54GSv2SVC)
SRV - File not found [Auto] -- -- (vmparport)
SRV - File not found [Auto] -- -- (tvtpktfilter)
SRV - File not found [Auto] -- -- (qmofiltr)
SRV - File not found [Auto] -- -- (pserve)
SRV - File not found [Auto] -- -- (k750mdfl)
SRV - File not found [On_Demand] -- -- (DAUpdaterSvc)
SRV - File not found [Auto] -- -- (datasvr2)
SRV - File not found [Auto] -- -- (clsched)
SRV - File not found [Auto] -- -- (amdk77)
SRV - [2012/02/09 23:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/09 15:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/07 16:42:02 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/13 09:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008/11/04 06:39:20 | 000,014,336 | ---- | M] (Vodafone) [Auto] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/05/26 10:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto] -- C:\Windows\System32\YahooAUService.dll -- (knobserv)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto] -- C:\Windows\System32\agpcpq.dll -- (delldmi)
SRV - [2007/06/06 19:50:14 | 000,538,096 | ---- | M] ( ) [Auto] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (PCASp50)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (jbridgep)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (AFGMp50)
DRV - [2012/02/26 21:46:30 | 000,066,560 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
DRV - [2012/02/09 23:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/12/10 10:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/04/10 16:46:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/01/02 08:26:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/12/13 12:37:38 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/08/22 13:56:12 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/08/22 13:56:08 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/08/22 13:55:54 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/08/22 13:55:46 | 000,007,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/08/01 14:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/10 15:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/05/26 10:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2007/10/16 12:14:24 | 000,256,512 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MRVW13B.sys -- (MRV6X32P)
DRV - [2007/08/09 13:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2006/10/18 00:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/10 04:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | Auto] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Mark_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - HKU\Mark_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Mark_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/26 08:17:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/13 14:24:17 | 000,000,000 | ---D | M]

[2010/06/18 08:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2011/06/17 08:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\extensions
[2010/06/28 18:49:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/26 08:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/26 08:17:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/24 17:55:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/26 08:17:54 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/26 08:17:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/26 08:17:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/26 08:17:54 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/26 08:17:54 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/02/25 23:39:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [DLBTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKU\Mark_ON_C..\Run: [Steam] File not found
O4 - HKU\UpdatusUser_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (GameStop Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Mark_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Mark_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\UpdatusUser_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/02 02:20:44 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\Mark\Desktop\OTLPENet.exe
[2012/03/01 12:22:08 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe
[2012/03/01 02:39:44 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Mark\Desktop\FixTDSS.exe
[2012/02/29 02:12:21 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Mark\Desktop\boot_cleaner.exe
[2012/02/26 18:57:34 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\GooredFix Backups
[2012/02/26 18:56:55 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Mark\Desktop\GooredFix.exe
[2012/02/26 17:19:55 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/02/26 08:16:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/25 23:41:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/25 23:41:11 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\temp
[2012/02/25 23:25:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/25 21:56:27 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.svs
[2012/02/25 21:54:04 | 004,419,501 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/02/25 20:22:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/25 20:13:22 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\RK_Quarantine
[2012/02/24 21:46:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/24 21:46:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/24 21:46:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/24 21:46:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/24 21:45:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/24 21:08:28 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
[2012/02/24 18:16:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
[2012/02/24 17:59:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes
[2012/02/24 17:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 17:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/24 17:59:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/24 17:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/24 17:55:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/24 17:55:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/24 17:55:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/24 17:16:52 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/02/24 17:16:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/02/24 17:16:43 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/02/24 17:16:43 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/02/24 17:16:38 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/02/24 17:16:37 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/02/24 17:16:37 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/02/24 17:16:36 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/02/24 17:16:31 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/02/24 17:16:29 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/02/24 17:16:27 | 001,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2012/02/24 17:16:26 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/02/24 17:16:24 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/24 17:14:48 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/24 17:14:48 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/24 17:14:48 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/24 17:14:48 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/24 17:14:48 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/24 17:14:48 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/24 17:14:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/24 17:14:47 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/24 17:14:46 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/24 17:14:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/24 17:14:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/24 17:14:45 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/02/24 17:14:45 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/24 17:14:45 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/24 17:14:45 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/24 17:14:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/24 17:14:44 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/24 17:14:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/21 19:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/02/21 19:17:58 | 000,000,000 | ---D | C] -- C:\Users\UpdatusUser
[2012/02/21 19:15:02 | 019,443,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/02/21 19:15:02 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/02/21 19:15:02 | 010,816,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/02/21 19:15:02 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/02/21 19:15:02 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/02/21 19:15:02 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/02/21 19:15:02 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/02/17 17:47:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\AVG2012
[2012/02/17 17:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/02/17 15:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/02/17 15:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2007/06/06 19:50:16 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbtih.exe
[2007/06/06 19:50:14 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbtcoms.exe
[2007/06/06 19:50:12 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbtcfg.exe
[2007/01/30 08:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbtpmui.dll
[2007/01/30 08:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbtserv.dll
[2007/01/30 08:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomm.dll
[2007/01/30 08:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbtlmpm.dll
[2007/01/30 08:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbtiesc.dll
[2007/01/30 08:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbtpplc.dll
[2007/01/30 08:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomc.dll
[2007/01/30 08:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbtprox.dll
[2007/01/30 08:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbtinpa.dll
[2007/01/30 08:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbtusb1.dll
[2007/01/30 08:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbthbn3.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/02 02:34:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/02 02:31:06 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 02:31:06 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 02:30:17 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Mark\Desktop\OTLPENet.exe
[2012/03/02 02:19:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/02 02:13:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/01 12:36:18 | 000,602,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/01 12:36:18 | 000,106,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/01 12:31:02 | 3488,145,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/01 12:31:01 | 276,892,865 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/01 12:25:29 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/03/01 12:21:59 | 002,045,015 | ---- | M] () -- C:\Users\Mark\Desktop\tdsskiller.zip
[2012/03/01 12:07:35 | 000,362,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/01 02:39:45 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Mark\Desktop\FixTDSS.exe
[2012/02/29 09:06:36 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe
[2012/02/29 02:11:26 | 001,281,024 | ---- | M] () -- C:\Users\Mark\Desktop\RogueKiller.exe
[2012/02/28 02:12:02 | 000,000,832 | ---- | M] () -- C:\Users\Mark\Desktop\WinRAR.lnk
[2012/02/26 21:54:56 | 000,000,512 | ---- | M] () -- C:\Users\Mark\Desktop\MBR.dat
[2012/02/26 21:46:30 | 000,066,560 | ---- | M] () -- C:\Windows\System32\drivers\smb.sys
[2012/02/26 18:56:56 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Mark\Desktop\GooredFix.exe
[2012/02/26 17:19:58 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/02/26 01:06:39 | 000,002,032 | ---- | M] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2012/02/25 23:39:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/25 23:11:39 | 000,139,264 | ---- | M] () -- C:\Users\Mark\Desktop\SystemLook.exe
[2012/02/25 21:54:02 | 004,419,501 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/02/24 21:09:11 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
[2012/02/24 18:16:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
[2012/02/24 18:14:22 | 000,302,592 | ---- | M] () -- C:\Users\Mark\Desktop\jywt1xli.exe
[2012/02/24 17:59:03 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/24 17:59:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 17:55:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/02/24 17:55:38 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/24 17:55:38 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/24 17:55:38 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/24 17:22:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/21 19:19:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/02/12 06:52:27 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/02/11 19:16:28 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/02/11 19:16:28 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/02/11 19:08:17 | 000,153,088 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/11 14:40:26 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/02/09 23:13:00 | 019,443,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/02/09 23:13:00 | 017,543,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/02/09 23:13:00 | 015,009,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012/02/09 23:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/02/09 23:13:00 | 007,713,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2012/02/09 23:13:00 | 005,892,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/02/09 23:13:00 | 002,517,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/02/09 23:13:00 | 002,437,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/02/09 23:13:00 | 002,301,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2012/02/09 23:13:00 | 001,000,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/02/09 23:13:00 | 000,881,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2012/02/09 23:13:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/02/09 23:13:00 | 000,008,772 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2012/02/09 22:02:06 | 003,881,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2012/02/09 22:00:44 | 002,719,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2012/02/09 22:00:26 | 000,108,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2012/02/09 22:00:26 | 000,062,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2012/02/09 15:05:44 | 000,416,064 | ---- | M] () -- C:\Windows\System32\nvStreaming.exe
[2012/02/07 20:49:14 | 002,557,112 | ---- | M] () -- C:\Users\Mark\Documents\Induction Pack 2010 V2.1.pdf
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/01 12:21:57 | 002,045,015 | ---- | C] () -- C:\Users\Mark\Desktop\tdsskiller.zip
[2012/03/01 12:07:03 | 3488,145,408 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/29 02:11:25 | 001,281,024 | ---- | C] () -- C:\Users\Mark\Desktop\RogueKiller.exe
[2012/02/28 02:12:02 | 000,000,832 | ---- | C] () -- C:\Users\Mark\Desktop\WinRAR.lnk
[2012/02/26 08:38:55 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/26 08:13:02 | 000,000,512 | ---- | C] () -- C:\Users\Mark\Desktop\MBR.dat
[2012/02/25 23:11:39 | 000,139,264 | ---- | C] () -- C:\Users\Mark\Desktop\SystemLook.exe
[2012/02/24 21:46:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/24 21:46:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/24 21:46:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/24 21:46:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/24 21:46:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/24 18:14:19 | 000,302,592 | ---- | C] () -- C:\Users\Mark\Desktop\jywt1xli.exe
[2012/02/24 17:59:03 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/21 19:15:02 | 000,008,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/02/12 06:06:51 | 276,892,865 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/09 15:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/02/07 20:42:25 | 002,557,112 | ---- | C] () -- C:\Users\Mark\Documents\Induction Pack 2010 V2.1.pdf
[2011/12/18 10:27:34 | 000,069,632 | ---- | C] () -- C:\Windows\UNINSTCC.EXE
[2011/08/21 08:23:23 | 000,000,000 | ---- | C] () -- C:\Users\Mark\AppData\Local\{A847AE50-89B7-42EA-85C7-1A7112475FBB}
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/14 08:08:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/14 08:06:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/14 08:06:41 | 000,066,560 | ---- | C] () -- C:\Windows\System32\drivers\smb.sys
[2010/11/09 10:10:19 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/09/17 07:04:37 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/08/13 10:07:43 | 000,005,097 | ---- | C] () -- C:\Windows\fred2_open_3_6_12r_INF.INI
[2010/08/13 10:07:37 | 000,000,453 | ---- | C] () -- C:\Windows\fred2_open_3_6_12d_INF.INI
[2010/06/29 16:36:11 | 000,004,592 | ---- | C] () -- C:\Windows\fred2_open_3_6_12_RC3r_INF.INI
[2010/06/29 16:36:06 | 000,000,453 | ---- | C] () -- C:\Windows\fred2_open_3_6_12_RC3d_INF.INI
[2010/06/18 08:36:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/06/15 18:32:30 | 002,260,966 | ---- | C] () -- C:\Program Files\Common Files\31.mpeg
[2009/06/09 10:25:02 | 000,000,349 | ---- | C] () -- C:\Program Files\Common Files\04.htm
[2009/06/03 06:18:31 | 002,546,976 | ---- | C] () -- C:\Program Files\Common Files\032.wmv
[2009/05/29 09:59:06 | 007,759,872 | ---- | C] () -- C:\Program Files\Common Files\02.mpeg
[2009/05/29 09:54:35 | 007,831,552 | ---- | C] () -- C:\Program Files\Common Files\01.mpeg
[2009/05/27 20:00:23 | 007,794,688 | ---- | C] () -- C:\Program Files\Common Files\04.mpeg
[2009/05/27 20:00:15 | 007,792,640 | ---- | C] () -- C:\Program Files\Common Files\03.mpeg
[2009/05/05 07:02:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/07 07:42:58 | 000,141,006 | ---- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009/03/14 15:10:33 | 000,151,448 | ---- | C] () -- C:\Windows\hpwins11.dat
[2009/03/14 15:10:33 | 000,000,522 | ---- | C] () -- C:\Windows\hpwmdl11.dat
[2008/08/20 10:45:46 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2008/07/31 05:01:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ToolBx.dll
[2008/07/07 18:01:41 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/07/07 18:01:40 | 000,022,328 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\PnkBstrK.sys
[2008/07/07 18:01:14 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008/07/07 18:01:13 | 000,674,600 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2008/07/07 18:01:13 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008/06/25 19:33:57 | 000,094,208 | ---- | C] () -- C:\Windows\System32\GTW32N50.dll
[2008/06/25 19:25:21 | 000,002,898 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2008/06/18 15:45:04 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2008/03/26 08:27:15 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/07 11:03:14 | 000,013,312 | ---- | C] () -- C:\Windows\System32\CallSimReader.dll
[2008/03/07 11:02:24 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SimReader.dll
[2008/03/06 06:34:02 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat
[2008/03/01 20:24:17 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/01/18 17:25:32 | 000,153,088 | ---- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/18 17:05:28 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008/01/18 17:05:23 | 000,003,781 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/01/18 17:05:07 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2008/01/18 17:01:51 | 000,002,032 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2007/12/12 07:44:44 | 000,466,944 | ---- | C] () -- C:\Windows\System32\RemoveDevice.dll
[2007/02/19 01:20:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlbtinsr.dll
[2007/02/19 01:20:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlbtcur.dll
[2007/02/19 01:20:02 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlbtjswr.dll
[2007/02/19 01:17:06 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlbtinsb.dll
[2007/02/19 01:17:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbtcub.dll
[2007/02/19 01:16:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbtcu.dll
[2007/02/19 01:16:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlbtins.dll
[2007/02/19 01:15:34 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlbtutil.dll
[2007/02/07 11:57:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbtcoin.dll
[2007/01/22 01:18:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlbtcfg.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,362,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,602,846 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,106,292 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/18 04:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbtvs.dll
[2005/05/25 07:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbtcnv4.dll
[2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2000/01/27 19:00:00 | 000,061,440 | ---- | C] () -- C:\Windows\System32\wrkgadm.exe
[2000/01/27 19:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/08/12 10:17:36 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Amazon
[2008/04/10 10:37:16 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Atari
[2012/02/17 17:47:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\AVG2012
[2010/10/31 08:39:48 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Bioshock
[2011/05/14 20:15:25 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Bioshock2
[2009/09/18 06:00:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Birdstep Technology
[2009/02/22 21:21:29 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2008/12/13 12:42:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools
[2011/12/18 10:20:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Lite
[2008/12/13 12:42:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Pro
[2008/03/01 15:39:09 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\eMule
[2009/07/19 15:44:49 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\kompozer.net
[2011/01/15 06:53:58 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Softland
[2009/06/09 16:01:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Stardock
[2011/03/15 09:37:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SystemRequirementsLab
[2009/03/04 05:47:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\The Creative Assembly
[2009/08/30 09:53:43 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Vodafone
[2011/05/28 13:48:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Affinegy
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/02/24 22:09:34 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG2012
[2012/02/17 16:25:45 | 000,000,000 | ---D | M] -- C:\ProgramData\avg9
[2009/11/15 11:06:20 | 000,000,000 | ---D | M] -- C:\ProgramData\BioWare
[2009/09/18 06:00:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Birdstep Technology
[2011/03/15 09:17:06 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2008/12/13 12:41:58 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/12/05 14:56:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2008/03/01 15:39:20 | 000,000,000 | ---D | M] -- C:\ProgramData\eMule
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/06/25 20:19:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Gibraltar
[2009/06/09 17:14:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Ironclad Games
[2012/02/24 21:42:04 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData
[2008/06/15 10:38:50 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2008/06/24 14:36:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Stardock
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/06/15 10:38:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Steam
[2012/02/17 15:58:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/08/30 09:55:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Vodafone
[2008/06/24 14:36:41 | 000,000,000 | -H-D | M] -- C:\ProgramData\{1EB63B4B-5639-4477-8E24-05C31B5F8019}
[2012/03/02 02:34:20 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========
 
Back