Jump to content

Recommended Posts

For the past few weeks I have been plagued withsystem issues that have been driving me insane. I would type a search in yahoo or google only to have any of the links redirect me to a site that isnt what I wanted, some bogus site. My Windows Explorer quits randomly and restarts, often while im playing a game or something else and I also get random popups thanking me for visiting their internet explorer page (which wasnt even up, I use mozilla firefox) and asking if I want to cancel viewing the page. Those are highly irritating but something thats worried me now, when I downloaded the newest Malwarebytes and it tried to install it, near the end of installation a popup came up saying "Access denied" and stops the installation process, iv tried it in safe mode with the same results. Iv scanned with a rainbow variety of antispyware and virus scanners and It come up empty everytime, I am very weary by all of this, so any help would be amazing.

Here is the highjack this log, hopefully someone can help me. thank you.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:38:45 PM, on 12/31/2011

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.19088)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\doomsday machine\Desktop\HijackThis.exe

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\doomsday machine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O15 - Trusted IP range: http://192.168.1.1

O15 - ESC Trusted IP range: http://192.168.1.1

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe

O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 7255 bytes

Link to post
Share on other sites

  • Replies 71
  • Created
  • Last Reply

Top Posters In This Topic

Hello victus,

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

These steps are for member victusdementis only. If you are a casual viewer, do NOT try this on your system!

If you are not victusdementis and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.

Step 3

Start HijackThis. Look for these lines and place a checkmark against each of the following, if still present

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer (& or any other window) is closed when you click Fix Checked!

Download TFC by OldTimer and SAVE it to your desktop

  • Double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 4

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

  • A window may open with a warning. Accept the EULA and follow the prompts to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, look at your Drive light.

If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log for review.

There will be more to do after.

Link to post
Share on other sites

Thank you for the help, I followed your instructions to the letter, unfortunately during the combofix scan my explorer quit twice and restored itself like it usually does, im not sure if that affected it or not, but here is the log from combofix

ComboFix 11-12-31.03 - doomsday machine 12/31/2011 16:14:18.1.3 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3838.2460 [GMT -6:00]

Running from: c:\users\doomsday machine\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\assembly\tmp\U

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))

.

.

2011-12-31 22:48 . 2011-12-31 22:51 -------- d-----w- c:\users\doomsday machine\AppData\Local\temp

2011-12-31 21:06 . 2011-12-31 21:07 -------- d-----w- c:\program files (x86)\ERUNT

2011-12-31 05:08 . 2011-11-21 09:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F49EBC2-65C7-4F09-A5AD-BBDC35D25EED}\mpengine.dll

2011-12-24 21:51 . 2011-12-24 21:51 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2011-12-24 21:50 . 2011-12-24 21:50 -------- d-----w- c:\windows\PCHEALTH

2011-12-24 21:46 . 2011-11-21 09:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-24 03:59 . 2011-12-24 03:59 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2D8FE9E-0EA1-451E-AF83-12EEFABC75E1}\gapaengine.dll

2011-12-24 03:50 . 2011-12-24 03:50 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-12-24 03:50 . 2011-12-24 03:51 -------- d-----w- c:\program files\Microsoft Security Client

2011-12-17 21:16 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D59ABA3C-E7C6-425F-9E11-6467C5FE079C}\mpengine.dll

2011-12-17 21:11 . 2011-04-30 06:22 1027584 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll

2011-12-17 21:11 . 2011-04-30 06:09 758784 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll

2011-12-17 21:11 . 2011-02-17 07:21 613376 ----a-w- c:\windows\system32\vbscript.dll

2011-12-17 21:11 . 2011-02-17 06:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-12-12 09:33 . 2011-12-12 09:33 -------- d-----w- C:\VritualRoot

2011-12-12 07:48 . 2011-12-17 07:27 -------- d-----w- c:\programdata\CPA_VA

2011-12-12 07:42 . 2011-12-12 09:34 -------- d-----w- c:\programdata\Comodo

2011-12-12 07:42 . 2011-12-12 07:42 -------- d-----w- c:\program files\COMODO

2011-12-09 00:22 . 2011-12-09 00:22 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-12-09 00:22 . 2011-12-09 00:22 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-12-09 00:22 . 2011-12-09 00:22 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll

2011-12-09 00:22 . 2011-12-09 00:22 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll

2011-12-09 00:22 . 2011-12-09 00:22 478168 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll

2011-12-09 00:22 . 2011-12-09 00:22 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll

2011-12-09 00:22 . 2011-12-09 00:22 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll

2011-12-09 00:22 . 2011-12-09 00:22 1989592 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll

2011-12-08 21:58 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe

2011-12-07 10:14 . 2011-12-07 10:14 -------- d-----w- c:\users\doomsday machine\AppData\Local\BitTorrent

2011-12-04 18:01 . 2011-12-17 07:47 -------- d-----w- c:\programdata\AVAST Software

2011-12-04 18:01 . 2011-12-04 18:01 -------- d-----w- c:\program files\AVAST Software

2011-12-04 17:43 . 2011-12-04 17:43 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 21:24 . 2009-08-30 03:45 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-21 14:22 . 2011-05-16 13:55 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-15 20:29 . 2011-04-25 05:04 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-10-03 11:06 . 2011-04-29 01:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]

"Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]

.

c:\users\doomsday machine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]

R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]

R3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-09-07 267760]

R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-09-07 218608]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]

S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]

S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]

S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701548561-3743777735-2605900385-1000Core.job

- c:\users\doomsday machine\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-28 04:03]

.

2011-12-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701548561-3743777735-2605900385-1000UA.job

- c:\users\doomsday machine\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-28 04:03]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skytel"="Skytel.exe" [2007-11-21 1826816]

"RtHDVCpl"="RAVCpl64.exe" [2007-12-17 5453824]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SYSTEM32\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\doomsday machine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.0.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\doomsday machine\AppData\Roaming\Mozilla\Firefox\Profiles\r1ff1iqa.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

.

**************************************************************************

.

Completion time: 2011-12-31 17:13:10 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-31 23:12

.

Pre-Run: 68,622,925,824 bytes free

Post-Run: 68,398,145,536 bytes free

.

- - End Of File - - 9B3A2B54442C7D8EC75406DAF168A2D3

Link to post
Share on other sites

Combofix ran ok. Nothing major noted here. Let's have you do an online scan at ESET.

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/onlinescan/cac4.php?page=faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break

Re-enable the antivirus program when all Done.

Reply with copy of the Eset scan log

Link to post
Share on other sites

Ok followed the instructions once again and scanned with that. Here is the log, it said no system programs should operate during it and the windows explorer stopped and restored itself 3 times during the scan, not sure if its relevant.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0338)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-01 02:14:27

# local_time=2011-12-31 08:14:27 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=3073 16777214 0 35 367291 6421608 0 0

# compatibility_mode=5892 16776574 100 100 0 161976706 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=258414

# found=0

# cleaned=0

# scan_time=6066

Link to post
Share on other sites

Your system has had Avast since earlier in December. What antivirus did you have before? please advise.

The system already has MBAM onboard. Let's get it updated and then run a full scan.

1) Insure Avast is all up-to-date. Start it, and use the Update procedure, make sure all up-to-date.

2) Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Post the latest MBAM scan log, and tell me, How is your system?

btw, There will be more to do later.

Edited by Maurice Naggar
Link to post
Share on other sites

I did have avast at one point but I noticed that while I had it, My control panel icons randomly disappeared as well as any icons from the start menu. Would be fine and randomly it would happen. It stopped doing it when I removed avast. As for Malwarebytes, when I tried to update to the newest version it said "Access Denied" and it said it rolled back the version but I dont see it anywhere on my desktop or in my programs file from the start button

Link to post
Share on other sites

Let's get some reports, and post back for my review.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Add Reply because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

PS: Please use the "Add Reply" Add-Reply.png button not the Reply button when you start replying.

Link to post
Share on other sites

Alrighty, followed the instructions and as follows are the logs. I was able to get Malwarbytes updated and will scan as well, will include a log as well.

OTL--

OTL logfile created on: 1/3/2012 12:01:30 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\doomsday machine\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 57.29% Memory free

7.72 Gb Paging File | 5.50 Gb Available in Paging File | 71.32% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450.30 Gb Total Space | 70.97 Gb Free Space | 15.76% Space Free | Partition Type: NTFS

Drive D: | 15.46 Gb Total Space | 7.94 Gb Free Space | 51.34% Space Free | Partition Type: NTFS

Computer Name: DESTROYERDEVICE | User Name: doomsday machine | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/03 00:00:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\doomsday machine\Desktop\OTL.exe

PRC - [2011/12/08 18:34:42 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2011/11/25 21:31:32 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2010/07/13 00:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/08 18:34:37 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2011/12/08 18:34:34 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll

MOD - [2011/12/08 18:34:34 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2011/12/08 18:34:34 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll

MOD - [2011/12/08 18:34:34 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll

MOD - [2010/07/13 00:29:42 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\connectionDetector.dll

MOD - [2010/07/13 00:28:42 | 000,856,064 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\fsk.dll

MOD - [2010/07/13 00:26:12 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskNetInterface.dll

MOD - [2010/07/13 00:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll

MOD - [2010/07/13 00:25:50 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ticket.dll

MOD - [2010/07/13 00:25:42 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll

MOD - [2010/07/13 00:22:36 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskinLocalize.dll

MOD - [2010/07/13 00:22:02 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskPower.dll

MOD - [2010/07/13 00:16:16 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskDocumentViewer.dll

MOD - [2010/07/13 00:15:58 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskMobileMediaDevice.dll

MOD - [2010/07/13 00:15:52 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\Fskin.dll

MOD - [2010/07/13 00:13:42 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskMediaPlayers.dll

MOD - [2010/07/13 00:10:56 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\USBDetector.dll

MOD - [2010/04/02 20:23:36 | 000,815,104 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskSecurity.dll

MOD - [2010/04/02 19:44:16 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookUsb.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2010/08/25 19:57:14 | 000,203,264 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/06/29 09:11:36 | 000,412,672 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)

SRV - [2011/12/08 18:34:42 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/06/06 10:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)

SRV - [2010/04/02 20:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/09/07 12:59:40 | 000,267,760 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService)

SRV - [2009/09/07 12:59:40 | 000,218,608 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService)

SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/07/27 12:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2010/08/25 21:37:26 | 007,767,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

DRV:64bit: - [2010/08/25 21:37:26 | 007,767,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2010/08/25 21:37:26 | 007,767,040 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/08/25 19:20:56 | 000,279,040 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2009/09/09 17:24:14 | 000,074,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/02/19 23:18:02 | 000,110,096 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2008/09/07 20:02:38 | 000,029,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)

DRV:64bit: - [2008/02/27 20:36:00 | 000,174,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2008/02/15 23:24:30 | 000,062,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)

DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2008/01/20 20:47:27 | 000,903,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)

DRV:64bit: - [2008/01/20 20:47:27 | 000,214,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2008/01/20 20:46:55 | 000,111,104 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2007/12/28 11:51:00 | 000,391,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)

DRV:64bit: - [2007/06/29 09:11:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)

DRV:64bit: - [2007/06/20 04:32:58 | 001,478,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)

DRV:64bit: - [2007/06/20 04:30:22 | 000,409,600 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)

DRV:64bit: - [2007/06/20 04:29:14 | 000,740,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2007/05/09 20:50:48 | 000,050,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)

DRV:64bit: - [2007/05/09 20:46:48 | 001,127,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

DRV:64bit: - [2006/11/07 09:30:56 | 000,016,656 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

DRV:64bit: - [2006/10/06 20:13:22 | 000,550,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)

DRV:64bit: - [2006/06/19 16:27:24 | 000,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

DRV - [2005/01/01 21:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25

FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.154

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1367

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\doomsday machine\AppData\Roaming\Mozilla\Firefox\Profiles\r1ff1iqa.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()

FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\doomsday machine\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/08 18:22:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/08 18:22:24 | 000,000,000 | ---D | M]

[2011/08/18 01:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\doomsday machine\AppData\Roaming\mozilla\Extensions

[2011/12/08 18:21:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\doomsday machine\AppData\Roaming\mozilla\Firefox\Profiles\r1ff1iqa.default\extensions

[2011/09/15 15:19:43 | 000,000,000 | ---D | M] () -- C:\Users\doomsday machine\AppData\Roaming\mozilla\Firefox\Profiles\r1ff1iqa.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}

[2011/11/25 12:21:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\doomsday machine\AppData\Roaming\mozilla\Firefox\Profiles\r1ff1iqa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2008/12/12 12:23:54 | 000,002,158 | ---- | M] () -- C:\Users\doomsday machine\AppData\Roaming\Mozilla\Firefox\Profiles\r1ff1iqa.default\searchplugins\MySpace.xml

[2011/12/08 18:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/11/25 12:21:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/11/25 15:56:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2011/12/08 18:22:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/12/08 18:22:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010/01/27 15:02:51 | 000,003,700 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fast.png

[2010/01/27 15:02:51 | 000,001,963 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fast.xml

[2011/12/08 18:22:18 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/31 16:51:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\doomsday machine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{759C5489-720C-42A4-8E0F-471239CB0F93}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\doomsday machine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\doomsday machine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/03 00:00:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\doomsday machine\Desktop\OTL.exe

[2012/01/01 22:07:39 | 000,000,000 | ---D | C] -- C:\888d02cea7081ab566

[2011/12/31 18:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2011/12/31 17:13:45 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/12/31 17:13:42 | 000,000,000 | ---D | C] -- C:\Users\doomsday machine\AppData\Local\temp

[2011/12/31 16:51:30 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2011/12/31 16:04:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/12/31 16:04:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/12/31 16:04:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/12/31 16:03:34 | 000,000,000 | ---D | C] -- C:\ComboFix

[2011/12/31 16:00:42 | 004,358,797 | R--- | C] (Swearware) -- C:\Users\doomsday machine\Desktop\ComboFix.exe

[2011/12/31 15:53:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/12/31 15:50:55 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/12/31 15:37:41 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\doomsday machine\Desktop\TFC.exe

[2011/12/31 15:36:17 | 000,000,000 | ---D | C] -- C:\Users\doomsday machine\Desktop\backups

[2011/12/31 15:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2011/12/31 15:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2011/12/31 15:03:57 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\doomsday machine\Desktop\erunt-setup.exe

[2011/12/31 01:38:53 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\doomsday machine\Desktop\mbam-setup-1.60.0.1800.exe

[2011/12/27 00:05:47 | 000,000,000 | ---D | C] -- C:\Users\doomsday machine\Documents\Amazon MP3

[2011/12/24 15:50:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2011/12/24 15:49:05 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2011/12/23 21:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2011/12/23 21:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2011/12/17 15:12:12 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011/12/17 15:12:12 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011/12/17 15:12:07 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2011/12/17 15:12:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2011/12/17 15:12:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2011/12/17 15:12:07 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2011/12/17 15:12:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2011/12/17 15:12:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2011/12/17 15:12:07 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2011/12/17 15:12:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2011/12/17 15:12:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2011/12/17 15:12:06 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2011/12/17 15:12:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2011/12/17 15:11:42 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011/12/12 03:33:19 | 000,000,000 | ---D | C] -- C:\VritualRoot

[2011/12/12 01:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA

[2011/12/12 01:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2011/12/12 01:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO

[2011/12/09 11:15:48 | 000,000,000 | ---D | C] -- C:\Users\doomsday machine\Documents\My Books

[2011/12/08 16:52:39 | 000,000,000 | ---D | C] -- C:\Users\doomsday machine\Desktop\Tramsfer video

[2011/12/08 16:50:18 | 000,000,000 | ---D | C] -- C:\Users\doomsday machine\Desktop\Tramsfer progs

[2011/12/08 16:50:00 | 000,000,000 | ---D | C] -- C:\Users\doomsday machine\Desktop\Transfer docu

[2011/12/07 04:14:48 | 000,000,000 | ---D | C] -- C:\Users\doomsday machine\AppData\Local\BitTorrent

[2011/12/04 12:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2011/12/04 12:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

========== Files - Modified Within 30 Days ==========

[2012/01/03 00:00:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\doomsday machine\Desktop\OTL.exe

[2012/01/02 23:08:02 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1701548561-3743777735-2605900385-1000UA.job

[2012/01/02 23:08:01 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1701548561-3743777735-2605900385-1000Core.job

[2012/01/02 22:24:43 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/02 22:24:43 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/02 16:24:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/12/31 16:51:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011/12/31 16:00:49 | 004,358,797 | R--- | M] (Swearware) -- C:\Users\doomsday machine\Desktop\ComboFix.exe

[2011/12/31 15:37:46 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\doomsday machine\Desktop\TFC.exe

[2011/12/31 15:06:18 | 000,000,734 | ---- | M] () -- C:\Users\doomsday machine\Desktop\NTREGOPT.lnk

[2011/12/31 15:06:18 | 000,000,715 | ---- | M] () -- C:\Users\doomsday machine\Desktop\ERUNT.lnk

[2011/12/31 15:04:02 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\doomsday machine\Desktop\erunt-setup.exe

[2011/12/31 01:39:13 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\doomsday machine\Desktop\mbam-setup-1.60.0.1800.exe

[2011/12/27 13:03:40 | 000,778,786 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/12/27 13:03:40 | 000,655,604 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/12/27 13:03:40 | 000,125,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/12/27 00:01:05 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk

[2011/12/24 16:01:54 | 000,358,894 | ---- | M] () -- C:\Users\doomsday machine\Documents\cc_20111224_160057.reg

[2011/12/23 21:51:59 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif

[2011/12/23 21:50:51 | 000,793,634 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/12/20 13:28:44 | 000,000,185 | ---- | M] () -- C:\Users\doomsday machine\Desktop\RIFT.url

[2011/12/17 15:41:27 | 000,935,497 | ---- | M] () -- C:\Users\doomsday machine\AppData\Local\census.cache

[2011/12/17 15:41:25 | 000,148,195 | ---- | M] () -- C:\Users\doomsday machine\AppData\Local\ars.cache

[2011/12/17 14:40:19 | 000,439,180 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111224-152156.backup

[2011/12/17 03:28:42 | 000,439,180 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111217-144019.backup

[2011/12/17 03:28:06 | 000,439,180 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111217-032842.backup

[2011/12/15 15:50:07 | 000,001,356 | ---- | M] () -- C:\Users\doomsday machine\AppData\Local\d3d9caps.dat

[2011/12/10 15:24:08 | 000,023,152 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys

[2011/12/09 17:28:30 | 000,177,664 | ---- | M] () -- C:\Users\doomsday machine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/12/08 18:36:21 | 000,002,373 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/12/08 16:00:02 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2011/12/08 15:58:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2011/12/04 11:58:49 | 000,438,782 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111217-032806.backup

========== Files Created - No Company Name ==========

[2011/12/31 16:04:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/12/31 16:04:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/12/31 16:04:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/12/31 16:04:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/12/31 16:04:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/12/31 15:06:18 | 000,000,734 | ---- | C] () -- C:\Users\doomsday machine\Desktop\NTREGOPT.lnk

[2011/12/31 15:06:18 | 000,000,715 | ---- | C] () -- C:\Users\doomsday machine\Desktop\ERUNT.lnk

[2011/12/27 00:01:05 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk

[2011/12/24 16:01:01 | 000,358,894 | ---- | C] () -- C:\Users\doomsday machine\Documents\cc_20111224_160057.reg

[2011/12/23 21:50:13 | 000,001,819 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2011/12/23 21:47:07 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif

[2011/12/20 13:28:44 | 000,000,185 | ---- | C] () -- C:\Users\doomsday machine\Desktop\RIFT.url

[2011/12/17 15:12:12 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll

[2011/12/17 15:12:12 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll

[2011/12/17 15:12:11 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll

[2011/12/17 15:12:10 | 009,272,320 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll

[2011/12/17 15:12:10 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb

[2011/12/17 15:12:10 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll

[2011/12/17 15:12:09 | 012,477,440 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll

[2011/12/17 15:12:08 | 001,488,384 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll

[2011/12/17 15:12:07 | 002,339,840 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll

[2011/12/17 15:12:07 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl

[2011/12/17 15:12:07 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll

[2011/12/17 15:12:07 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll

[2011/12/17 15:12:07 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll

[2011/12/17 15:12:07 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll

[2011/12/17 15:12:07 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll

[2011/12/17 15:12:07 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll

[2011/12/17 15:12:07 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll

[2011/12/17 15:12:07 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll

[2011/12/17 15:12:07 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll

[2011/12/17 15:12:06 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec

[2011/12/17 15:12:06 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe

[2011/12/17 15:12:06 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll

[2011/12/17 15:12:06 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe

[2011/12/17 15:12:06 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe

[2011/12/17 15:11:42 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll

[2011/12/17 15:11:42 | 000,613,376 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll

[2011/12/08 18:22:25 | 000,000,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011/12/08 16:00:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/12/08 15:58:37 | 000,256,960 | ---- | C] () -- C:\Windows\SysNative\aswBoot.exe

[2011/12/08 15:58:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2011/11/25 16:45:44 | 000,000,053 | ---- | C] () -- C:\Windows\wininit.ini

[2011/11/25 04:42:42 | 000,000,440 | ---- | C] () -- C:\ProgramData\bHODTjoL3hdacW

[2011/07/22 04:32:50 | 000,935,497 | ---- | C] () -- C:\Users\doomsday machine\AppData\Local\census.cache

[2011/07/22 04:32:47 | 000,148,195 | ---- | C] () -- C:\Users\doomsday machine\AppData\Local\ars.cache

[2011/07/11 00:19:02 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2011/05/14 11:10:53 | 000,004,404 | -HS- | C] () -- C:\Users\doomsday machine\AppData\Local\0k6wg7yi8bi1155w717h311gb6sh301kc1x6rfl

[2011/05/14 11:10:53 | 000,004,404 | -HS- | C] () -- C:\ProgramData\0k6wg7yi8bi1155w717h311gb6sh301kc1x6rfl

[2011/04/25 20:02:57 | 000,000,036 | ---- | C] () -- C:\Users\doomsday machine\AppData\Local\housecall.guid.cache

[2011/04/24 23:10:16 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/04/07 18:15:32 | 000,000,732 | ---- | C] () -- C:\Users\doomsday machine\AppData\Local\d3d9caps64.dat

[2010/08/21 20:14:20 | 000,128,328 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2010/06/15 16:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010/02/04 20:06:25 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2009/09/07 13:14:36 | 000,000,104 | ---- | C] () -- C:\Users\doomsday machine\AppData\Local\fusioncache.dat

[2009/09/07 12:54:23 | 000,793,634 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/08/29 21:39:28 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini

[2009/05/02 01:46:22 | 000,001,356 | ---- | C] () -- C:\Users\doomsday machine\AppData\Local\d3d9caps.dat

[2008/11/15 03:40:04 | 000,000,000 | ---- | C] () -- C:\Users\doomsday machine\AppData\Roaming\wklnhst.dat

[2008/11/06 04:32:21 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2008/11/06 04:32:21 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2008/11/05 21:42:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2008/10/24 08:34:01 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll

[2008/10/23 17:24:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2008/10/23 13:37:36 | 000,177,664 | ---- | C] () -- C:\Users\doomsday machine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/05/12 13:07:39 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat

[2008/02/05 02:08:03 | 000,360,448 | ---- | C] () -- C:\Windows\SysWow64\HotlineClient.exe

[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2008/01/20 20:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/11/25 18:08:19 | 000,000,000 | ---D | M] -- C:\Users\doomsday machine\AppData\Roaming\.minecraft

[2009/04/16 18:39:32 | 000,000,000 | ---D | M] -- C:\Users\doomsday machine\AppData\Roaming\Acreon

[2011/05/21 10:24:06 | 000,000,000 | ---D | M] -- C:\Users\doomsday machine\AppData\Roaming\Amazon

[2011/08/18 03:41:50 | 000,000,000 | ---D | M] -- C:\Users\doomsday machine\AppData\Roaming\AnvSoft

[2011/12/08 15:51:11 | 000,000,000 | ---D | M] -- C:\Users\doomsday machine\AppData\Roaming\BitTorrent

[2009/05/20 00:56:06 | 000,000,000 | ---D | M] -- C:\Users\doomsday machine\AppData\Roaming\Gamelab

[2011/08/18 19:53:36 | 000,000,000 | ---D | M] -- C:\Users\doomsday machine\AppData\Roaming\LolClient

[2011/05/08 01:58:53 | 000,000,000 | ---D | M] -- C:\Users\doomsday machine\AppData\Roaming\PFStaticIP

[2011/11/15 12:22:23 | 000,000,000 | ---D | M] -- C:\Users\doomsday machine\AppData\Roaming\Red Kawa

[2009/03/04 04:42:06 | 000,000,000 | ---D | M] -- C:\Users\doomsday machine\AppData\Roaming\Screaming Bee

[2011/07/08 19:45:10 | 000,000,000 | ---D | M] -- C:\Users\doomsday machine\AppData\Roaming\Soldat

[2011/11/25 12:21:45 | 000,000,000 | ---D | M] -- C:\Users\doomsday machine\AppData\Roaming\Sony Online Entertainment

[2011/11/25 12:21:45 | 000,000,000 | ---D | M] -- C:\Users\doomsday machine\AppData\Roaming\SystemRequirementsLab

[2009/09/14 17:58:52 | 000,000,000 | ---D | M] -- C:\Users\doomsday machine\AppData\Roaming\Turbine

[2012/01/02 23:08:01 | 000,000,950 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701548561-3743777735-2605900385-1000Core.job

[2012/01/02 23:08:02 | 000,000,972 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701548561-3743777735-2605900385-1000UA.job

[2012/01/02 07:23:57 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:661DFA1C

< End of report >

Link to post
Share on other sites

Extras--

OTL Extras logfile created on: 1/3/2012 12:01:30 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\doomsday machine\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 57.29% Memory free

7.72 Gb Paging File | 5.50 Gb Available in Paging File | 71.32% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450.30 Gb Total Space | 70.97 Gb Free Space | 15.76% Space Free | Partition Type: NTFS

Drive D: | 15.46 Gb Total Space | 7.94 Gb Free Space | 51.34% Space Free | Partition Type: NTFS

Computer Name: DESTROYERDEVICE | User Name: doomsday machine | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{009E19AD-2999-4824-8D91-CF51677A47F2}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher |

"{0B31952A-576D-44E1-9C4A-76C6336DAC48}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{0BFABA52-DE9F-43FA-9C75-60D864DF24E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{14DFB628-1ECD-4B1D-8124-DCD9C5A19DDE}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |

"{19A7F5C5-21C9-42F0-8975-D75A37195764}" = lport=3390 | protocol=6 | dir=in | app=system |

"{1C352AC3-5D99-4967-A9F0-E3F0DA29A001}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{1E6C55FE-3749-4956-A477-4D5395EB9649}" = lport=6929 | protocol=6 | dir=in | name=league of legends launcher |

"{205E2BD8-C8BC-44AB-BDF8-1AB6821413A1}" = lport=10244 | protocol=6 | dir=in | app=system |

"{220BFF74-4933-4A19-AEE7-7329AB15FA1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{22250FE0-8604-40A8-B580-E13E7761F472}" = lport=2869 | protocol=6 | dir=in | app=system |

"{22F63959-F4A7-4429-83E9-CD52B6D86408}" = lport=445 | protocol=6 | dir=in | app=system |

"{2526C2F5-F72C-49CB-ABD0-F84386F6E01C}" = rport=10244 | protocol=6 | dir=out | app=system |

"{252781C2-E85D-467D-A81D-8B675D29229A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{36B942B7-272E-404F-93BF-7926682327FC}" = lport=6936 | protocol=17 | dir=in | name=league of legends launcher |

"{3A664588-15FD-4225-8062-11492361D806}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{3FF58986-0F34-4B73-AA20-DBAD36484AB8}" = lport=139 | protocol=6 | dir=in | app=system |

"{412A8DB0-1333-4236-BDC3-CD3249BF6E45}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |

"{45FC1339-32D0-402E-9E70-EC4567ABC4EA}" = lport=10243 | protocol=6 | dir=in | app=system |

"{47FC7E83-C495-4778-B7CE-3590EED8CBDE}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher |

"{50F50A92-21DD-4F01-85B0-5BF0713F39F4}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |

"{5A450D52-03B0-4E46-B11F-93C764548859}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{63F27C80-B789-4B55-A2F9-6D009374AFAA}" = lport=137 | protocol=17 | dir=in | app=system |

"{652F0BB1-2E8D-4384-99E6-6CA02CA67A5F}" = lport=10244 | protocol=6 | dir=in | app=system |

"{66BAF4DC-9482-4094-8B20-3700AB0DEC5B}" = lport=6936 | protocol=6 | dir=in | name=league of legends launcher |

"{7141F786-F224-41B5-9D11-8EFAB4592790}" = rport=137 | protocol=17 | dir=out | app=system |

"{71EF6D37-F77C-4DFD-AD4A-6284A23D7D96}" = rport=445 | protocol=6 | dir=out | app=system |

"{762E854C-5446-44C1-9D35-7CB2A92A35FC}" = lport=3390 | protocol=6 | dir=in | app=system |

"{7861C75A-CD25-4699-B633-9D86D2ECBC67}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |

"{7BE053F7-7FB5-4ED1-9871-F86A4B1A5424}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher |

"{7E203D96-9CEF-4854-86E6-8351E7905E89}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7F7E3D33-996F-4791-AE8A-D137FEB13E19}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{7F89123D-CECA-4300-ADE4-7CA4E0010126}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{80B7E2A0-5159-4502-A893-B9D3ACA28EA0}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{82889FCE-6E87-4949-8015-24FA5493F709}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{85DCE857-52BA-49E4-8FA9-E453FCC408AC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{897B2866-E4B0-43A9-B019-7F317D6A38F7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{89E59E11-789A-49A8-A6F6-68D07D601B3F}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher |

"{8E914279-8F0C-4DA2-83BD-931096FA9386}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{8F66E392-B0AC-416E-8A09-033308AAB944}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{919DBC51-57AE-4CEE-8F52-224A2C5C56F6}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{9493AF94-B61F-419D-A6D2-C816FD9BCCA4}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |

"{97308007-7F9F-4CC8-8249-E666B808C9A4}" = lport=138 | protocol=17 | dir=in | app=system |

"{9C4A69DE-EE7D-46EC-A699-18DF1C06AEB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{9CE07B5A-3249-4D44-9C0A-B3F0662E3CAE}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |

"{AA9592D3-404F-435B-8B14-9C114D943663}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher |

"{B055C831-7F37-42C5-AE8B-C4FCA4A2414D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B070A36F-E44A-4A4C-BA91-8BEF914FA188}" = rport=139 | protocol=6 | dir=out | app=system |

"{B9E1EC3B-AD0C-47A6-9AEC-3EA612596C30}" = rport=10244 | protocol=6 | dir=out | app=system |

"{BC6EB25E-9B4B-4B31-B087-CDD3C8C77360}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C1053792-1E84-4C51-8227-29D24F88A6D9}" = rport=138 | protocol=17 | dir=out | app=system |

"{CC5A50B8-25EB-41D0-8CA4-07E9D5B74305}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D4BA2C1A-D3D4-4BFD-91A9-84BDE0933450}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{DFCB40DD-5A26-4CDE-A881-3270607B4A7D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E122FBC2-B8C4-4547-9CBB-49DCDBA45453}" = lport=6929 | protocol=17 | dir=in | name=league of legends launcher |

"{E1814287-1E67-4BB7-AFE6-2E63A9A740A1}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |

"{E51009A7-C427-4EE0-8AAC-17F476A04A4A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{EC2E4971-DA16-4E97-8595-68C9B6683BA9}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |

"{EF6E8329-6FCF-4554-869C-2367770F28BF}" = rport=10243 | protocol=6 | dir=out | app=system |

"{F5F8EFCA-C464-4B5D-852C-4B4618D1A9E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F67856A0-D90B-4EA2-8FDF-63248950B50C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

"{FBC08F4C-78C3-4221-9CE7-6857CB182AB6}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |

"{FC7E2939-E55C-417D-B32F-E0E8EFB9AEDE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{032FC1A6-CF20-4AD6-B682-E1F4E70A7011}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |

"{04A18851-C72C-437F-9E82-85188695BB16}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |

"{0690932C-82DA-4692-90D2-D6854EC87B8B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{0A92D026-E7DD-428A-A4C4-EB48D50BD466}" = protocol=17 | dir=in | app=c:\windows\syswow64\explorer.exe |

"{0B76476A-30D4-40F6-B873-F8853204377B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{11848018-7408-43CB-BEC3-A121703DC26D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{129876EE-4702-4B0B-8286-F1A7948AC653}" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe |

"{12CE4F85-4688-48E9-A777-4D1308FD4637}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deadhorde\deadhorde.exe |

"{13548437-256E-4958-B70F-2F07F762BB5E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{1A82D2E3-E316-445F-BE75-C6A38667A59C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |

"{20CAD91E-29DC-4E11-A22B-845F2A8D492B}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinenetworkservice.exe |

"{2E875322-3B87-4289-BF0A-C2BE3CD9453F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\breath of death vii\bodviipc.exe |

"{2EFC1930-678C-4040-B5AF-758BE2793751}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{341C03A6-1562-43CF-A5B4-9CA51345F22E}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{3548C3D3-A626-4EE1-83FE-D47E8CD92D25}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{364C9EEE-5696-46F2-8DFD-FF0B121A64C9}" = protocol=17 | dir=in | app=c:\windows\syswow64\explorer.exe |

"{37FE7A67-F484-46CF-9B40-FD05EE48752C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\victoria revolutions\victoria.exe |

"{3B5D8172-9845-4366-86B1-E8A666115BB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |

"{3D8D23BF-E66B-4194-8D56-86CF64A01D75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{3F014D77-0D2A-44D4-B33C-FA598E87AC37}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |

"{414033EE-E15C-42EE-825A-90AC39EB855F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cthulhu saves the world\cstw.exe |

"{455B63C7-DBB2-4C6B-A2B9-014408EA7AC4}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{46BA912D-C5D7-494C-A8CF-FF4B185BDCFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |

"{47E39C3E-B7F2-4D51-9632-3E1CED7A5E41}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{48FC6D1B-AB36-45EA-BD90-AC1EE21096CF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{494054E8-796D-48C0-A070-FACF24CC77B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |

"{498DFA4C-FE83-4951-8B43-75DF7235019E}" = protocol=6 | dir=in | app=c:\windows\syswow64\explorer.exe |

"{4C02D818-3705-4982-9206-0243F02A718C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4E627826-C19F-48A9-BB3D-0D97075B61E3}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"{4F27EF4E-A2BC-4DFE-90D5-D943E2F4F5D8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{508780D4-84E5-42BE-8EF3-D2247FCA8AD2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{56427C37-F0DA-4E91-94AD-C5D0A78E6117}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deadhorde\deadhorde.exe |

"{5837C1E1-6EA7-4C42-AF9C-AD8C7467EF01}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{590CC773-78C6-4953-B708-0B6A3D1BF4C9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{5A04F890-4677-4F11-886B-C719D71315E9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{5BF70597-7648-49B5-81D1-542C90F04CA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5C5C0755-20B4-4733-9C08-5AFA16CE00E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{65BADD90-4533-4AEE-B05D-744AE9CFAAFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{66169E87-2A92-4DB6-9584-D23C0D1ABFC1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{6859A153-DC74-49E6-BA6D-8E7247C8A793}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |

"{68C2CE92-70A1-4933-A10F-7D27C23BF6BE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{69DCC1C5-5F75-4F08-ABE0-28403CDE4B6C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{6B38EBAF-53FB-4F29-AD3B-0244EB5C304B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{75D05DC4-2A73-4C34-87AB-7AE129E20464}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{77599242-CB9E-47BA-A336-65D9415C74FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |

"{869CF32B-B8A1-4560-ACBE-405BDAD0B009}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{8D5920EA-B84B-4288-89D2-69DD73B48950}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinemessageservice.exe |

"{8D9C190D-18A7-40D1-A49B-7A51AB17CB30}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{8E9D06AE-068E-44A4-9072-528E0A52C153}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |

"{9266AD83-1375-468F-8BAD-20AD0E1780FF}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"{94D27DAF-BB64-4433-9342-0AA6204BDB1F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{95032279-E061-4A6E-BD79-4BA151FAC547}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe |

"{95AFFC85-5E57-48E0-9AAE-B9C0AEC2376B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |

"{96997C64-D318-49AF-8764-A5279C41440F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9B7CEE7E-D1AD-498C-B6A5-E5BD07237D4D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |

"{9D82642D-8135-4F8C-8021-81F18BED158A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{9D95AF80-3BFE-474D-847D-2C0BD091FAA9}" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe |

"{9DCF9029-BB0E-46CD-839E-8571136E714C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |

"{A34E9EDC-D631-4244-8006-FC3C0E7B47B7}" = protocol=6 | dir=in | app=c:\windows\syswow64\explorer.exe |

"{A379E53B-E8BF-4200-BA1D-FAD2D75D17AF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A5E3C1CD-8ADC-485A-AD6A-19D4A17788CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\victoria revolutions\victoria.exe |

"{A7A6F063-31F6-4F8A-BDE6-D5D527C8C564}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |

"{A9811739-E1D8-485C-BCDF-40FEE4F9B78F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\breath of death vii\bodviipc.exe |

"{AB225D93-57FF-43BE-AC78-123EB2D07C83}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |

"{B28FCC38-5FE2-418C-8BF5-6EA0BE9AFADD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rise of immortals\clientlauncherr.exe |

"{B548477B-5A46-456E-A437-9DE6913FEAC4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{B66DF7B2-DF4C-48E1-865F-3F095E01DD62}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{B6C387FB-23C6-437F-852D-561D4FD6EEDC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |

"{B6E4BCE7-A720-4E7E-A53F-4D5C4BDE552D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |

"{B79D83F9-588C-4E24-8F15-3DF712208E0E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B82A5F9C-ABB4-4035-BDA1-0933375F61E9}" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe |

"{BC2785AA-0265-4969-B40B-1B198672ECF2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hoard\win32\reuben.exe |

"{C155D871-F0E7-4522-9EC5-FA0693164B71}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{C5FF54B6-8CD6-424D-89B6-AC4EB77340C6}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinenetworkservice.exe |

"{C980DAA7-C8C6-4307-8108-EE80214476B1}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{CB967ECC-D1BE-481C-BCA5-4767984F6455}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |

"{CD82D2E9-B1C9-4496-AF5B-3BD5C41072FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\evil genius\evilgeniuslauncher.exe |

"{CDEDA593-AC5E-46B6-BD6C-6593D352CA0D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D0FE2CC0-198A-4D48-B0ED-443BC28F8900}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe |

"{D270FDE0-F21B-40AB-8EF6-139A05946DEF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\evil genius\evilgeniuslauncher.exe |

"{D30D4F0A-9821-4868-8C79-27178F40A2A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |

"{D310F097-FC13-4A0A-9268-634011CCBF56}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{D6EF6FF6-2E07-4739-ACBB-C718BFEB7B03}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hoard\win32\reuben.exe |

"{DAEB88F7-C3B0-41C2-85FF-3B64E53B3C03}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinemessageservice.exe |

"{DCD56E4A-D318-44C5-B2DE-341DA00476B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |

"{DF167704-AC11-43F3-926F-BEF603FF99BF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |

"{E109ED0A-0151-4FDD-B42D-8446BC8AA2EB}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{E1A93487-E752-49BF-9DD2-7B4E71779763}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{E3AC1724-8B56-4060-8974-06D257D44A4F}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{E4D49C49-8ABC-4A6D-B142-5B5816FB6912}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |

"{E7EC47A2-6BEE-4AA7-B4FE-96BD96E771BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rise of immortals\clientlauncherr.exe |

"{E8BC646D-F4D7-4309-912C-9ACE5F61CC9A}" = protocol=6 | dir=out | app=system |

"{ED33A0F1-7260-4335-B750-0E8C2DC41AAD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cthulhu saves the world\cstw.exe |

"{EFDA7CD0-C9C6-4C47-BEFC-D10ED6247388}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F1ED15B4-342C-48ED-948B-E678B5ADB486}" = dir=in | app=c:\users\doomsday machine\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{F1F5A98B-8368-45E6-9DE6-41A4031E15FD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{F8E19098-C38F-4C77-B456-F22934F1B02F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{FCF1CA21-F57C-4647-B3DE-610060E9E3F0}" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe |

"{FFD4B961-161B-4369-A6F2-D63D734BA83E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"TCP Query User{09CE2FC9-46B3-4BDF-B485-351E3BDC46EC}C:\program files (x86)\steam\steamapps\common\magicka\magicka.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |

"TCP Query User{0A9AD247-4BB6-4CA9-945C-F325F62C0DC1}C:\program files (x86)\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |

"TCP Query User{21A74E00-474D-4AC6-BBE8-C93F13E3DF38}C:\program files (x86)\fmod soundsystem\fmod sandbox\fmod_sandbox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fmod soundsystem\fmod sandbox\fmod_sandbox.exe |

"TCP Query User{3BBFCFB5-DA9D-49EE-8B43-D709552E4C2E}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |

"TCP Query User{3F18F811-069D-4E82-82E4-29A16E1F16F5}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |

"TCP Query User{4B0D556F-A5DD-4A3F-B59B-1A9D0D641019}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{705C3008-88C9-43F2-9A10-EEDF0E9556A8}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |

"TCP Query User{70C6C1B7-B767-45D6-A8E2-4CF1DCFDC4EB}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |

"TCP Query User{8A786F0A-A8AA-4673-A96D-CFEF5DE5EB75}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |

"TCP Query User{8FA44B89-A3B2-4272-87F4-40AB83BD0462}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{A8FA4FD1-1FC6-49A0-9830-0957A9E5397E}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |

"TCP Query User{C7FA369B-C35E-4E05-B367-55E2D6DC8618}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"TCP Query User{F93C37C6-F11A-49E6-9EB2-3F4494DD4852}C:\windows\syswow64\explorer.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\explorer.exe |

"UDP Query User{15D54494-6626-4E22-A84A-668ACF790A36}C:\windows\syswow64\explorer.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\explorer.exe |

"UDP Query User{4A6D4B2A-50E4-46CE-859D-73B91AABE3DB}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{78BA507E-19FB-4A8B-A546-666FE65AF90E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"UDP Query User{84F15CD0-2FA9-4B67-A4F3-77BA2F6B141E}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |

"UDP Query User{9442CE50-CA52-4543-8904-DD808A75DFD1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{A9484B41-4B01-453B-9E2E-D32BFD762DE0}C:\program files (x86)\fmod soundsystem\fmod sandbox\fmod_sandbox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fmod soundsystem\fmod sandbox\fmod_sandbox.exe |

"UDP Query User{AF0A253B-1B00-40D8-9C03-07F274A8A4E4}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |

"UDP Query User{BF9C731E-8FCF-414E-A08F-8E65A4466AC7}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |

"UDP Query User{DCF3B84B-1EC9-4C67-ADE7-8F9C7008C09A}C:\program files (x86)\steam\steamapps\common\magicka\magicka.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |

"UDP Query User{EAF66D3D-C868-4EA8-9B18-ED3E7DD3195E}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |

"UDP Query User{F6C50669-C5E8-4A0F-AE2A-09E97101A946}C:\program files (x86)\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |

"UDP Query User{F9196039-1D14-4D01-B845-E3C45029EAD7}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |

"UDP Query User{F99C9E95-840C-479D-AB48-D737E3EA933F}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{3DDACE1F-3B1E-D6AB-CD3D-B6E987511945}" = ATI Catalyst Install Manager

"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client

"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver

"{66B4A073-2DDA-591F-A875-C311B4076F05}" = ccc-utility64

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Security Client" = Microsoft Security Essentials

"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04AA8DF8-D7B9-AE86-F4A6-5257BD20DF53}" = CCC Help English

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{17068829-10EE-4581-BDC8-C53C483694A3}" = Smart Copy

"{183AB714-2AA6-9073-2D2F-60B7FEC2F653}" = Catalyst Control Center Graphics Full Existing

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1AEBE79A-63F4-0FB2-0269-282FB8CC5129}" = Catalyst Control Center HydraVision Full

"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 29

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{37288DA4-0426-2B76-ED1F-6E2DC8DB291A}" = Catalyst Control Center Graphics Full New

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D49FC3F-1C9C-9A22-ADAB-17356CEA1BF5}" = ccc-core-static

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7BEA3C63-101D-4009-8B73-E9CE4A5F8A9C}" = League of Legends

"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial

"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A05DD3BB-90A7-EC2D-D4F4-1439183ECB1A}" = Catalyst Control Center Graphics Previews Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{ABBFD29E-6744-D0E4-4353-5089DAA21CAA}" = Catalyst Control Center Core Implementation

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3

"{AEA1A0DE-99F6-4036-2839-E48DA43CB76E}" = Skins

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype

"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX

"{E1D3B4A5-CB7D-572B-A807-E1D266DA1DD2}" = Catalyst Control Center Graphics Light

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F4DBD804-BB68-B437-34CA-619267E43596}" = Catalyst Control Center Graphics Previews Vista

"{F7049A79-20CC-4C4F-8C14-4C878AFAC27E}" = MorphVOX Junior

"62289540-dc30-11dc-95ff-0800200c9a66_is1" = Turbine Download Manager - Live

"AC3Filter_is1" = AC3Filter 1.62b

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15

"AviSynth" = AviSynth 2.5

"DivX Setup.divx.com" = DivX Setup

"ERUNT_is1" = ERUNT 1.1j

"ESET Online Scanner" = ESET Online Scanner v3

"FMOD Sandbox" = FMOD Sandbox (remove only)

"FormatFactory" = FormatFactory 2.70

"Game Booster_is1" = Game Booster

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Money2007b" = Microsoft Money Essentials

"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)

"OpenAL" = OpenAL

"PFPortChecker" = PFPortChecker 1.0.39

"Portforward Static IP Address" = Portforward Static IP Address 1.0.45

"PSP Video 9" = PSP Video 9 6

"Simple Port Forwarding" = Simple Port Forwarding

"StarCraft" = StarCraft

"Steam App 105600" = Terraria

"Steam App 107100" = Bastion

"Steam App 1250" = Killing Floor

"Steam App 22600" = Worms Reloaded

"Steam App 24200" = DC Universe Online

"Steam App 35420" = Killing Floor Mod: Defence Alliance 2

"Steam App 3720" = Evil Genius

"Steam App 39120" = RIFT™

"Steam App 40700" = Machinarium

"Steam App 42910" = Magicka

"Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012

"Steam App 630" = Alien Swarm

"Steam App 70900" = Star Ruler

"Steam App 8980" = Borderlands

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"SOE-Magic The Gathering Tactics" = Magic The Gathering Tactics

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 1/1/2012 12:39:20 PM | Computer Name = DestroyerDevice | Source = SideBySide | ID = 16842830

Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET

Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_15302f0af3bbd1ec.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2.manifest.

Error - 1/1/2012 5:47:04 PM | Computer Name = DestroyerDevice | Source = Application Error | ID = 1000

Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp

0x4907e791, faulting module mshtml.dll, version 8.0.6001.19088, time stamp 0x4de09575,

exception code 0xc0000005, fault offset 0x000000000017890c, process id 0x11b8, application

start time 0x01ccc8a1117870a0.

Error - 1/1/2012 7:59:12 PM | Computer Name = DestroyerDevice | Source = Application Error | ID = 1000

Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp

0x4907e791, faulting module mshtml.dll, version 8.0.6001.19088, time stamp 0x4de09575,

exception code 0xc0000005, fault offset 0x000000000017890c, process id 0xc80, application

start time 0x01ccc8ceea49af20.

Error - 1/1/2012 8:21:05 PM | Computer Name = DestroyerDevice | Source = Application Error | ID = 1000

Description = Faulting application Explorer.exe, version 6.0.6001.18164, time stamp

0x4907e791, faulting module mshtml.dll, version 8.0.6001.19088, time stamp 0x4de09575,

exception code 0xc0000005, fault offset 0x000000000017890c, process id 0x109c, application

start time 0x01ccc8e15dfe5490.

Error - 1/1/2012 9:47:51 PM | Computer Name = DestroyerDevice | Source = Application Error | ID = 1000

Description = Faulting application Explorer.exe, version 6.0.6001.18164, time stamp

0x4907e791, faulting module mshtml.dll, version 8.0.6001.19088, time stamp 0x4de09575,

exception code 0xc0000005, fault offset 0x000000000017890c, process id 0x1168, application

start time 0x01ccc8e46ec112b0.

Error - 1/2/2012 4:30:12 AM | Computer Name = DestroyerDevice | Source = WinMgmt | ID = 10

Description =

Error - 1/2/2012 9:00:07 AM | Computer Name = DestroyerDevice | Source = WinMgmt | ID = 10

Description =

Error - 1/2/2012 6:26:19 PM | Computer Name = DestroyerDevice | Source = WinMgmt | ID = 10

Description =

Error - 1/2/2012 9:54:35 PM | Computer Name = DestroyerDevice | Source = Application Error | ID = 1000

Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp

0x4907e791, faulting module urlmon.dll, version 8.0.6001.19088, time stamp 0x4de095ea,

exception code 0xc0000005, fault offset 0x00000000000bee41, process id 0x80c, application

start time 0x01ccc99d55c3d488.

Error - 1/2/2012 11:40:28 PM | Computer Name = DestroyerDevice | Source = Application Error | ID = 1000

Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp

0x4907e791, faulting module mshtml.dll, version 8.0.6001.19088, time stamp 0x4de09575,

exception code 0xc0000005, fault offset 0x000000000017890c, process id 0x12a8, application

start time 0x01ccc9baa8e87188.

[ Media Center Events ]

Error - 6/5/2010 10:29:39 PM | Computer Name = 2-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/20/2010 5:18:32 PM | Computer Name = 2-PC | Source = Mcx2Dvcs | ID = 401

Description =

Error - 10/20/2010 5:41:30 PM | Computer Name = 2-PC | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 4/20/2011 11:31:35 PM | Computer Name = 2-PC | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 4/25/2011 8:54:50 PM | Computer Name = DestroyerDevice | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 4/27/2011 11:18:26 PM | Computer Name = DestroyerDevice | Source = McrMgr | ID = 109

Description =

Error - 4/27/2011 11:20:14 PM | Computer Name = DestroyerDevice | Source = McrMgr | ID = 109

Description =

Error - 8/15/2011 12:55:44 AM | Computer Name = DestroyerDevice | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/15/2011 1:10:05 AM | Computer Name = DestroyerDevice | Source = McrMgr | ID = 109

Description =

Error - 8/15/2011 1:27:33 AM | Computer Name = DestroyerDevice | Source = McrMgr | ID = 109

Description =

[ System Events ]

Error - 1/2/2012 4:28:33 AM | Computer Name = DestroyerDevice | Source = HTTP | ID = 15016

Description =

Error - 1/2/2012 4:30:12 AM | Computer Name = DestroyerDevice | Source = Service Control Manager | ID = 7026

Description =

Error - 1/2/2012 8:58:29 AM | Computer Name = DestroyerDevice | Source = HTTP | ID = 15016

Description =

Error - 1/2/2012 9:00:07 AM | Computer Name = DestroyerDevice | Source = Service Control Manager | ID = 7026

Description =

Error - 1/2/2012 6:24:45 PM | Computer Name = DestroyerDevice | Source = HTTP | ID = 15016

Description =

Error - 1/2/2012 6:26:19 PM | Computer Name = DestroyerDevice | Source = Service Control Manager | ID = 7026

Description =

Error - 1/2/2012 6:46:23 PM | Computer Name = DestroyerDevice | Source = disk | ID = 262151

Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 1/2/2012 6:46:26 PM | Computer Name = DestroyerDevice | Source = disk | ID = 262151

Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 1/2/2012 6:54:33 PM | Computer Name = DestroyerDevice | Source = disk | ID = 262151

Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 1/2/2012 6:54:36 PM | Computer Name = DestroyerDevice | Source = disk | ID = 262151

Description = The device, \Device\Harddisk0\DR0, has a bad block.

< End of report >

Checkup--

Results of screen317's Security Check version 0.99.30

Windows Vista x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 29

Java 6 Update 5

Java version out of date!

Adobe Reader 8 Adobe Reader out of date!

Mozilla Firefox 8.0.1 Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

Link to post
Share on other sites

Malwarebytes--

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.02.06

Windows Vista Service Pack 1 x64 NTFS

Internet Explorer 8.0.6001.19088

doomsday machine :: DESTROYERDEVICE [administrator]

1/2/2012 5:13:59 PM

mbam-log-2012-01-02 (17-13-59).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 445591

Time elapsed: 1 hour(s), 39 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

The MBAM scan found nothing.

Download TDSSKiller:

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Save it to your desktop then Right-click on it and select Run As Administrator to start.

If TDSSKiller alerts you that the system needs to reboot, please consent.

When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.

RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Post the 2 logs AND tell me if the redirects are happening, if so, provide enough details.

How is your system now?

Link to post
Share on other sites

03:32:12.0128 5000 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

03:32:12.0146 5000 ============================================================

03:32:12.0146 5000 Current date / time: 2012/01/04 03:32:12.0146

03:32:12.0146 5000 SystemInfo:

03:32:12.0146 5000

03:32:12.0146 5000 OS Version: 6.0.6001 ServicePack: 1.0

03:32:12.0146 5000 Product type: Workstation

03:32:12.0146 5000 ComputerName: DESTROYERDEVICE

03:32:12.0146 5000 UserName: doomsday machine

03:32:12.0146 5000 Windows directory: C:\Windows

03:32:12.0146 5000 System windows directory: C:\Windows

03:32:12.0146 5000 Running under WOW64

03:32:12.0147 5000 Processor architecture: Intel x64

03:32:12.0147 5000 Number of processors: 3

03:32:12.0147 5000 Page size: 0x1000

03:32:12.0147 5000 Boot type: Normal boot

03:32:12.0147 5000 ============================================================

03:32:13.0004 5000 Initialize success

03:32:33.0561 4804 ============================================================

03:32:33.0561 4804 Scan started

03:32:33.0561 4804 Mode: Manual;

03:32:33.0561 4804 ============================================================

03:32:33.0946 4804 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys

03:32:33.0948 4804 ACPI - ok

03:32:33.0992 4804 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

03:32:33.0995 4804 adp94xx - ok

03:32:34.0046 4804 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

03:32:34.0048 4804 adpahci - ok

03:32:34.0063 4804 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

03:32:34.0065 4804 adpu160m - ok

03:32:34.0085 4804 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

03:32:34.0087 4804 adpu320 - ok

03:32:34.0141 4804 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys

03:32:34.0144 4804 AFD - ok

03:32:34.0182 4804 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

03:32:34.0183 4804 agp440 - ok

03:32:34.0198 4804 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

03:32:34.0199 4804 aic78xx - ok

03:32:34.0225 4804 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

03:32:34.0225 4804 aliide - ok

03:32:34.0257 4804 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

03:32:34.0257 4804 amdide - ok

03:32:34.0283 4804 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys

03:32:34.0284 4804 AmdK8 - ok

03:32:34.0458 4804 amdkmdag (538b0a6e89aca1929668f9eb95d3c0bc) C:\Windows\system32\DRIVERS\atikmdag.sys

03:32:34.0514 4804 amdkmdag - ok

03:32:34.0544 4804 amdkmdap (977286b382fe0920f379a69c351a7af4) C:\Windows\system32\DRIVERS\atikmpag.sys

03:32:34.0546 4804 amdkmdap - ok

03:32:34.0585 4804 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

03:32:34.0586 4804 arc - ok

03:32:34.0598 4804 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

03:32:34.0599 4804 arcsas - ok

03:32:34.0664 4804 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

03:32:34.0665 4804 AsyncMac - ok

03:32:34.0691 4804 atapi (62bd869afa2bf2e30f9d3ff428c87d5c) C:\Windows\system32\drivers\atapi.sys

03:32:34.0691 4804 atapi - ok

03:32:34.0715 4804 AtiHdmiService (da9da244b8348d876cc533fe2b5bcc88) C:\Windows\system32\drivers\AtiHdmi.sys

03:32:34.0716 4804 AtiHdmiService - ok

03:32:34.0859 4804 atikmdag (538b0a6e89aca1929668f9eb95d3c0bc) C:\Windows\system32\DRIVERS\atikmdag.sys

03:32:34.0909 4804 atikmdag - ok

03:32:34.0936 4804 AtiPcie (69eebb256503cded9bd0e9e43128c626) C:\Windows\system32\DRIVERS\AtiPcie.sys

03:32:34.0936 4804 AtiPcie - ok

03:32:34.0977 4804 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\Windows\system32\DRIVERS\b57nd60a.sys

03:32:34.0978 4804 b57nd60a - ok

03:32:35.0009 4804 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys

03:32:35.0014 4804 BCM43XV - ok

03:32:35.0038 4804 Beep - ok

03:32:35.0101 4804 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

03:32:35.0102 4804 blbdrive - ok

03:32:35.0129 4804 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys

03:32:35.0130 4804 bowser - ok

03:32:35.0155 4804 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

03:32:35.0156 4804 BrFiltLo - ok

03:32:35.0171 4804 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

03:32:35.0172 4804 BrFiltUp - ok

03:32:35.0195 4804 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

03:32:35.0196 4804 Brserid - ok

03:32:35.0212 4804 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

03:32:35.0213 4804 BrSerWdm - ok

03:32:35.0231 4804 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

03:32:35.0232 4804 BrUsbMdm - ok

03:32:35.0246 4804 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

03:32:35.0246 4804 BrUsbSer - ok

03:32:35.0264 4804 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

03:32:35.0265 4804 BTHMODEM - ok

03:32:35.0291 4804 catchme - ok

03:32:35.0331 4804 CAXHWBS2 (797c36e597f9fc4efd88e6e0e98abe37) C:\Windows\system32\DRIVERS\CAXHWBS2.sys

03:32:35.0334 4804 CAXHWBS2 - ok

03:32:35.0350 4804 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

03:32:35.0350 4804 cdfs - ok

03:32:35.0369 4804 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys

03:32:35.0370 4804 cdrom - ok

03:32:35.0407 4804 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

03:32:35.0407 4804 circlass - ok

03:32:35.0441 4804 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys

03:32:35.0444 4804 CLFS - ok

03:32:35.0491 4804 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

03:32:35.0492 4804 CmBatt - ok

03:32:35.0507 4804 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

03:32:35.0508 4804 cmdide - ok

03:32:35.0528 4804 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

03:32:35.0528 4804 Compbatt - ok

03:32:35.0539 4804 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

03:32:35.0540 4804 crcdisk - ok

03:32:35.0580 4804 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys

03:32:35.0582 4804 DfsC - ok

03:32:35.0617 4804 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys

03:32:35.0618 4804 disk - ok

03:32:35.0663 4804 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

03:32:35.0663 4804 drmkaud - ok

03:32:35.0774 4804 dump_wmimmc - ok

03:32:35.0816 4804 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys

03:32:35.0823 4804 DXGKrnl - ok

03:32:35.0852 4804 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

03:32:35.0854 4804 E1G60 - ok

03:32:35.0882 4804 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys

03:32:35.0884 4804 Ecache - ok

03:32:35.0927 4804 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

03:32:35.0930 4804 elxstor - ok

03:32:35.0956 4804 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

03:32:35.0957 4804 ErrDev - ok

03:32:35.0984 4804 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys

03:32:35.0986 4804 exfat - ok

03:32:36.0043 4804 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys

03:32:36.0045 4804 fastfat - ok

03:32:36.0061 4804 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

03:32:36.0062 4804 fdc - ok

03:32:36.0076 4804 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

03:32:36.0077 4804 FileInfo - ok

03:32:36.0099 4804 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

03:32:36.0099 4804 Filetrace - ok

03:32:36.0119 4804 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

03:32:36.0119 4804 flpydisk - ok

03:32:36.0130 4804 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys

03:32:36.0132 4804 FltMgr - ok

03:32:36.0164 4804 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

03:32:36.0164 4804 Fs_Rec - ok

03:32:36.0192 4804 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

03:32:36.0193 4804 gagp30kx - ok

03:32:36.0246 4804 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

03:32:36.0248 4804 HdAudAddService - ok

03:32:36.0275 4804 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys

03:32:36.0275 4804 HDAudBus - ok

03:32:36.0301 4804 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

03:32:36.0301 4804 HidBth - ok

03:32:36.0318 4804 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

03:32:36.0319 4804 HidIr - ok

03:32:36.0368 4804 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys

03:32:36.0368 4804 HidUsb - ok

03:32:36.0400 4804 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

03:32:36.0401 4804 HpCISSs - ok

03:32:36.0450 4804 HSF_DPV (1e260b33f6555146a0b826f047238c00) C:\Windows\system32\DRIVERS\CAX_DPV.sys

03:32:36.0460 4804 HSF_DPV - ok

03:32:36.0526 4804 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys

03:32:36.0530 4804 HTTP - ok

03:32:36.0552 4804 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

03:32:36.0553 4804 i2omp - ok

03:32:36.0583 4804 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

03:32:36.0584 4804 i8042prt - ok

03:32:36.0609 4804 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

03:32:36.0611 4804 iaStorV - ok

03:32:36.0647 4804 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

03:32:36.0648 4804 iirsp - ok

03:32:36.0717 4804 IntcAzAudAddService (e28d6b50a12bfa3df0bd7c31e19599f3) C:\Windows\system32\drivers\RTKVHD64.sys

03:32:36.0726 4804 IntcAzAudAddService - ok

03:32:36.0750 4804 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

03:32:36.0750 4804 intelide - ok

03:32:36.0768 4804 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

03:32:36.0769 4804 intelppm - ok

03:32:36.0808 4804 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys

03:32:36.0809 4804 IpFilterDriver - ok

03:32:36.0820 4804 IpInIp - ok

03:32:36.0836 4804 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

03:32:36.0836 4804 IPMIDRV - ok

03:32:36.0850 4804 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

03:32:36.0851 4804 IPNAT - ok

03:32:36.0867 4804 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

03:32:36.0868 4804 IRENUM - ok

03:32:36.0907 4804 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

03:32:36.0908 4804 isapnp - ok

03:32:36.0945 4804 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys

03:32:36.0947 4804 iScsiPrt - ok

03:32:36.0980 4804 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

03:32:36.0980 4804 iteatapi - ok

03:32:37.0028 4804 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

03:32:37.0029 4804 iteraid - ok

03:32:37.0060 4804 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

03:32:37.0061 4804 kbdclass - ok

03:32:37.0076 4804 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys

03:32:37.0076 4804 kbdhid - ok

03:32:37.0110 4804 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys

03:32:37.0114 4804 KSecDD - ok

03:32:37.0123 4804 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

03:32:37.0124 4804 ksthunk - ok

03:32:37.0152 4804 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

03:32:37.0152 4804 lltdio - ok

03:32:37.0189 4804 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

03:32:37.0190 4804 LSI_FC - ok

03:32:37.0207 4804 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

03:32:37.0208 4804 LSI_SAS - ok

03:32:37.0227 4804 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

03:32:37.0228 4804 LSI_SCSI - ok

03:32:37.0259 4804 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

03:32:37.0260 4804 luafv - ok

03:32:37.0295 4804 LVUSBS64 (0034f69d0007d3f77f6b96fa51228e85) C:\Windows\system32\drivers\LVUSBS64.sys

03:32:37.0296 4804 LVUSBS64 - ok

03:32:37.0332 4804 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

03:32:37.0333 4804 mdmxsdk - ok

03:32:37.0353 4804 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

03:32:37.0353 4804 megasas - ok

03:32:37.0381 4804 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

03:32:37.0384 4804 MegaSR - ok

03:32:37.0413 4804 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

03:32:37.0414 4804 Modem - ok

03:32:37.0438 4804 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

03:32:37.0439 4804 monitor - ok

03:32:37.0447 4804 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

03:32:37.0448 4804 mouclass - ok

03:32:37.0469 4804 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

03:32:37.0470 4804 mouhid - ok

03:32:37.0478 4804 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

03:32:37.0479 4804 MountMgr - ok

03:32:37.0518 4804 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

03:32:37.0520 4804 MpFilter - ok

03:32:37.0558 4804 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

03:32:37.0559 4804 mpio - ok

03:32:37.0587 4804 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

03:32:37.0587 4804 MpNWMon - ok

03:32:37.0603 4804 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

03:32:37.0604 4804 mpsdrv - ok

03:32:37.0631 4804 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

03:32:37.0632 4804 Mraid35x - ok

03:32:37.0655 4804 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys

03:32:37.0657 4804 MRxDAV - ok

03:32:37.0683 4804 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys

03:32:37.0684 4804 mrxsmb - ok

03:32:37.0713 4804 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys

03:32:37.0715 4804 mrxsmb10 - ok

03:32:37.0732 4804 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys

03:32:37.0733 4804 mrxsmb20 - ok

03:32:37.0758 4804 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

03:32:37.0759 4804 msahci - ok

03:32:37.0779 4804 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

03:32:37.0780 4804 msdsm - ok

03:32:37.0818 4804 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

03:32:37.0819 4804 Msfs - ok

03:32:37.0838 4804 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

03:32:37.0838 4804 msisadrv - ok

03:32:37.0866 4804 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

03:32:37.0867 4804 MSKSSRV - ok

03:32:37.0901 4804 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

03:32:37.0901 4804 MSPCLOCK - ok

03:32:37.0929 4804 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

03:32:37.0930 4804 MSPQM - ok

03:32:37.0941 4804 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys

03:32:37.0944 4804 MsRPC - ok

03:32:37.0965 4804 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

03:32:37.0965 4804 mssmbios - ok

03:32:37.0981 4804 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

03:32:37.0982 4804 MSTEE - ok

03:32:37.0990 4804 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys

03:32:37.0991 4804 Mup - ok

03:32:38.0032 4804 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys

03:32:38.0034 4804 NativeWifiP - ok

03:32:38.0073 4804 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys

03:32:38.0078 4804 NDIS - ok

03:32:38.0124 4804 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

03:32:38.0125 4804 NdisTapi - ok

03:32:38.0141 4804 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

03:32:38.0142 4804 Ndisuio - ok

03:32:38.0156 4804 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys

03:32:38.0158 4804 NdisWan - ok

03:32:38.0172 4804 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

03:32:38.0173 4804 NDProxy - ok

03:32:38.0189 4804 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

03:32:38.0190 4804 NetBIOS - ok

03:32:38.0206 4804 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys

03:32:38.0208 4804 netbt - ok

03:32:38.0261 4804 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

03:32:38.0262 4804 nfrd960 - ok

03:32:38.0286 4804 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

03:32:38.0287 4804 NisDrv - ok

03:32:38.0306 4804 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys

03:32:38.0307 4804 Npfs - ok

03:32:38.0328 4804 NPPTNT2 - ok

03:32:38.0342 4804 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

03:32:38.0342 4804 nsiproxy - ok

03:32:38.0387 4804 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys

03:32:38.0397 4804 Ntfs - ok

03:32:38.0411 4804 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

03:32:38.0412 4804 Null - ok

03:32:38.0554 4804 nvlddmkm (b188b1bdc7624e8e42f53fa78cade2c6) C:\Windows\system32\DRIVERS\nvlddmkm.sys

03:32:38.0595 4804 nvlddmkm - ok

03:32:38.0623 4804 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

03:32:38.0624 4804 nvraid - ok

03:32:38.0645 4804 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

03:32:38.0646 4804 nvstor - ok

03:32:38.0667 4804 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

03:32:38.0668 4804 nv_agp - ok

03:32:38.0675 4804 NwlnkFlt - ok

03:32:38.0685 4804 NwlnkFwd - ok

03:32:38.0718 4804 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys

03:32:38.0719 4804 ohci1394 - ok

03:32:38.0750 4804 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys

03:32:38.0751 4804 Parport - ok

03:32:38.0760 4804 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys

03:32:38.0761 4804 partmgr - ok

03:32:38.0788 4804 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys

03:32:38.0789 4804 pci - ok

03:32:38.0806 4804 pciide (4423e6d4d20c5d9ae27608bbe55347f7) C:\Windows\system32\drivers\pciide.sys

03:32:38.0806 4804 pciide - ok

03:32:38.0841 4804 pcmcia (a2d6b9c3f532baa27cb0c158d8ef4da6) C:\Windows\system32\DRIVERS\pcmcia.sys

03:32:38.0842 4804 pcmcia - ok

03:32:38.0879 4804 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

03:32:38.0884 4804 PEAUTH - ok

03:32:38.0945 4804 PID_PEPI (37ea62238e17ae88e4713d9246ca1c1c) C:\Windows\system32\DRIVERS\LV302V64.SYS

03:32:38.0952 4804 PID_PEPI - ok

03:32:38.0986 4804 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys

03:32:38.0987 4804 PptpMiniport - ok

03:32:39.0002 4804 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys

03:32:39.0003 4804 Processor - ok

03:32:39.0046 4804 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys

03:32:39.0048 4804 PSched - ok

03:32:39.0110 4804 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

03:32:39.0119 4804 ql2300 - ok

03:32:39.0138 4804 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

03:32:39.0139 4804 ql40xx - ok

03:32:39.0254 4804 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

03:32:39.0255 4804 QWAVEdrv - ok

03:32:39.0432 4804 R300 (538b0a6e89aca1929668f9eb95d3c0bc) C:\Windows\system32\DRIVERS\atikmdag.sys

03:32:39.0486 4804 R300 - ok

03:32:39.0505 4804 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

03:32:39.0506 4804 RasAcd - ok

03:32:39.0526 4804 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys

03:32:39.0527 4804 Rasl2tp - ok

03:32:39.0542 4804 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys

03:32:39.0543 4804 RasPppoe - ok

03:32:39.0560 4804 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys

03:32:39.0561 4804 RasSstp - ok

03:32:39.0584 4804 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys

03:32:39.0587 4804 rdbss - ok

03:32:39.0603 4804 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

03:32:39.0604 4804 RDPCDD - ok

03:32:39.0632 4804 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

03:32:39.0635 4804 rdpdr - ok

03:32:39.0643 4804 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

03:32:39.0643 4804 RDPENCDD - ok

03:32:39.0674 4804 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys

03:32:39.0675 4804 RDPWD - ok

03:32:39.0713 4804 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

03:32:39.0714 4804 rspndr - ok

03:32:39.0749 4804 RTHDMIAzAudService (0328ffdf9d805723d0e420018136fa7b) C:\Windows\system32\drivers\RtHDMIVX.sys

03:32:39.0751 4804 RTHDMIAzAudService - ok

03:32:39.0782 4804 RTSTOR (15c2f0082d5e1ce5124eda4050e77986) C:\Windows\system32\drivers\RTSTOR64.SYS

03:32:39.0783 4804 RTSTOR - ok

03:32:39.0807 4804 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

03:32:39.0808 4804 sbp2port - ok

03:32:39.0869 4804 ScreamBAudioSvc (ef0c4a3bd1749684514ee871a355969e) C:\Windows\system32\drivers\ScreamingBAudio64.sys

03:32:39.0870 4804 ScreamBAudioSvc - ok

03:32:39.0900 4804 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys

03:32:39.0901 4804 sdbus - ok

03:32:39.0930 4804 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

03:32:39.0931 4804 secdrv - ok

03:32:39.0956 4804 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys

03:32:39.0957 4804 Serenum - ok

03:32:39.0979 4804 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys

03:32:39.0980 4804 Serial - ok

03:32:40.0002 4804 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

03:32:40.0004 4804 sermouse - ok

03:32:40.0026 4804 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

03:32:40.0027 4804 sffdisk - ok

03:32:40.0048 4804 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

03:32:40.0048 4804 sffp_mmc - ok

03:32:40.0081 4804 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

03:32:40.0082 4804 sffp_sd - ok

03:32:40.0101 4804 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

03:32:40.0101 4804 sfloppy - ok

03:32:40.0129 4804 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

03:32:40.0129 4804 SiSRaid2 - ok

03:32:40.0146 4804 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

03:32:40.0147 4804 SiSRaid4 - ok

03:32:40.0177 4804 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys

03:32:40.0178 4804 Smb - ok

03:32:40.0199 4804 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys

03:32:40.0200 4804 spldr - ok

03:32:40.0230 4804 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys

03:32:40.0234 4804 srv - ok

03:32:40.0250 4804 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys

03:32:40.0252 4804 srv2 - ok

03:32:40.0271 4804 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys

03:32:40.0273 4804 srvnet - ok

03:32:40.0321 4804 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

03:32:40.0322 4804 swenum - ok

03:32:40.0348 4804 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

03:32:40.0349 4804 Symc8xx - ok

03:32:40.0362 4804 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

03:32:40.0363 4804 Sym_hi - ok

03:32:40.0374 4804 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

03:32:40.0374 4804 Sym_u3 - ok

03:32:40.0432 4804 Tcpip (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\drivers\tcpip.sys

03:32:40.0442 4804 Tcpip - ok

03:32:40.0481 4804 Tcpip6 (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\DRIVERS\tcpip.sys

03:32:40.0491 4804 Tcpip6 - ok

03:32:40.0508 4804 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys

03:32:40.0509 4804 tcpipreg - ok

03:32:40.0530 4804 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

03:32:40.0530 4804 TDPIPE - ok

03:32:40.0554 4804 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

03:32:40.0554 4804 TDTCP - ok

03:32:40.0563 4804 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys

03:32:40.0565 4804 tdx - ok

03:32:40.0584 4804 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys

03:32:40.0585 4804 TermDD - ok

03:32:40.0616 4804 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

03:32:40.0617 4804 tssecsrv - ok

03:32:40.0632 4804 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

03:32:40.0633 4804 tunmp - ok

03:32:40.0654 4804 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys

03:32:40.0655 4804 tunnel - ok

03:32:40.0675 4804 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

03:32:40.0676 4804 uagp35 - ok

03:32:40.0699 4804 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys

03:32:40.0701 4804 udfs - ok

03:32:40.0726 4804 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

03:32:40.0727 4804 uliagpkx - ok

03:32:40.0744 4804 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

03:32:40.0746 4804 uliahci - ok

03:32:40.0770 4804 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

03:32:40.0771 4804 UlSata - ok

03:32:40.0788 4804 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

03:32:40.0789 4804 ulsata2 - ok

03:32:40.0813 4804 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

03:32:40.0814 4804 umbus - ok

03:32:40.0840 4804 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys

03:32:40.0840 4804 UMPass - ok

03:32:40.0881 4804 usbaudio (c899fb269be4740dbe2801b204cd71d4) C:\Windows\system32\drivers\usbaudio.sys

03:32:40.0882 4804 usbaudio - ok

03:32:40.0908 4804 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

03:32:40.0909 4804 usbccgp - ok

03:32:40.0929 4804 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

03:32:40.0930 4804 usbcir - ok

03:32:40.0952 4804 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys

03:32:40.0953 4804 usbehci - ok

03:32:40.0968 4804 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys

03:32:40.0970 4804 usbhub - ok

03:32:40.0988 4804 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys

03:32:40.0989 4804 usbohci - ok

03:32:41.0016 4804 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

03:32:41.0017 4804 usbprint - ok

03:32:41.0051 4804 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

03:32:41.0052 4804 usbscan - ok

03:32:41.0069 4804 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS

03:32:41.0070 4804 USBSTOR - ok

03:32:41.0086 4804 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

03:32:41.0087 4804 usbuhci - ok

03:32:41.0132 4804 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

03:32:41.0132 4804 vga - ok

03:32:41.0141 4804 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

03:32:41.0142 4804 VgaSave - ok

03:32:41.0161 4804 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

03:32:41.0162 4804 viaide - ok

03:32:41.0186 4804 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys

03:32:41.0187 4804 volmgr - ok

03:32:41.0206 4804 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys

03:32:41.0209 4804 volmgrx - ok

03:32:41.0253 4804 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys

03:32:41.0255 4804 volsnap - ok

03:32:41.0278 4804 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

03:32:41.0280 4804 vsmraid - ok

03:32:41.0306 4804 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

03:32:41.0307 4804 WacomPen - ok

03:32:41.0316 4804 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys

03:32:41.0317 4804 Wanarp - ok

03:32:41.0322 4804 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys

03:32:41.0323 4804 Wanarpv6 - ok

03:32:41.0348 4804 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

03:32:41.0349 4804 Wd - ok

03:32:41.0385 4804 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

03:32:41.0391 4804 Wdf01000 - ok

03:32:41.0440 4804 winachsf (cbdeb4b3b5cf8c49acc221d45f1c50c1) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

03:32:41.0445 4804 winachsf - ok

03:32:41.0496 4804 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

03:32:41.0497 4804 WmiAcpi - ok

03:32:41.0558 4804 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys

03:32:41.0559 4804 WpdUsb - ok

03:32:41.0579 4804 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

03:32:41.0580 4804 ws2ifsl - ok

03:32:41.0620 4804 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

03:32:41.0621 4804 WUDFRd - ok

03:32:41.0650 4804 XAudio (2f2ce5e47b014f52bc722ae28b19cbf3) C:\Windows\system32\DRIVERS\xaudio64.sys

03:32:41.0650 4804 XAudio - ok

03:32:41.0711 4804 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys

03:32:41.0717 4804 xnacc - ok

03:32:41.0755 4804 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys

03:32:41.0756 4804 xusb21 - ok

03:32:41.0801 4804 yukonx64 (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys

03:32:41.0804 4804 yukonx64 - ok

03:32:41.0822 4804 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

03:32:41.0868 4804 \Device\Harddisk0\DR0 - ok

03:32:41.0872 4804 Boot (0x1200) (65687d4fc3d8fd0e2d61fe44e7f65b80) \Device\Harddisk0\DR0\Partition0

03:32:41.0873 4804 \Device\Harddisk0\DR0\Partition0 - ok

03:32:41.0878 4804 Boot (0x1200) (2b2173b06848e1a19ead6a9b21ed8721) \Device\Harddisk0\DR0\Partition1

03:32:41.0879 4804 \Device\Harddisk0\DR0\Partition1 - ok

03:32:41.0880 4804 ============================================================

03:32:41.0880 4804 Scan finished

03:32:41.0880 4804 ============================================================

03:32:41.0893 5640 Detected object count: 0

03:32:41.0893 5640 Actual detected object count: 0

03:32:44.0570 6064 Deinitialize success

Link to post
Share on other sites

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software

Run date: 2012-01-04 03:43:23

-----------------------------

03:43:23.805 OS Version: Windows x64 6.0.6001 Service Pack 1

03:43:23.805 Number of processors: 3 586 0x203

03:43:23.805 ComputerName: DESTROYERDEVICE UserName:

03:43:24.847 Initialize success

03:43:30.173 AVAST engine defs: 12010301

03:43:34.688 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

03:43:34.690 Disk 0 Vendor: WDC_WD5000AAKS-22A7B0 01.03B01 Size: 476940MB BusType: 3

03:43:34.696 Disk 0 MBR read successfully

03:43:34.698 Disk 0 MBR scan

03:43:34.701 Disk 0 Windows VISTA default MBR code

03:43:34.703 Disk 0 MBR hidden

03:43:34.705 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 15829 MB offset 63

03:43:34.717 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461107 MB offset 32419170

03:43:34.741 Disk 0 Partition 3 80 (A) 17 Hidd HPFS/NTFS NTFS 2 MB offset 976768065

03:43:34.763 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]

03:43:34.766 Service scanning

03:43:35.348 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

03:43:35.958 Modules scanning

03:43:35.961 Scan finished successfully

03:43:59.718 Disk 0 MBR has been saved successfully to "C:\Users\doomsday machine\Desktop\MBR.dat"

03:43:59.722 The log file has been saved successfully to "C:\Users\doomsday machine\Desktop\aswMBR2.txt"

Hello the "Fix" button did not light up for me to hit it.

unfortunately im still getting the redirects, an example of what would happen would be..

1.go to http://www.google.com/

2.type in bananas, it searchs and comes up with pages of results.

3.i hit the link to wikipedia to read on bananas.

4.it loads and loads to this website "http://www.arbuildersusa.com/"

5.and then it loads again and i end up here "http://www.gimmeanswers.org/search/a005/results.php?search=Bananas&aff=itcg-20342"

and that is an example, the websites on numbers 4 and 5 have been other things as well.

Edited by Maurice Naggar
Moderator edit for emphasis
Link to post
Share on other sites

Please read carefully and follow these steps.

  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you have.
  • Download TDSSKiller and save it to your Desktop.
  • RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Again, do NOT do any websurfing, or online transactions. There is more to do.

Link to post
Share on other sites

02:29:37.0918 3676 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

02:29:38.0223 3676 ============================================================

02:29:38.0223 3676 Current date / time: 2012/01/05 02:29:38.0223

02:29:38.0223 3676 SystemInfo:

02:29:38.0223 3676

02:29:38.0224 3676 OS Version: 6.0.6001 ServicePack: 1.0

02:29:38.0224 3676 Product type: Workstation

02:29:38.0224 3676 ComputerName: DESTROYERDEVICE

02:29:38.0224 3676 UserName: doomsday machine

02:29:38.0224 3676 Windows directory: C:\Windows

02:29:38.0224 3676 System windows directory: C:\Windows

02:29:38.0224 3676 Running under WOW64

02:29:38.0224 3676 Processor architecture: Intel x64

02:29:38.0224 3676 Number of processors: 3

02:29:38.0224 3676 Page size: 0x1000

02:29:38.0224 3676 Boot type: Normal boot

02:29:38.0224 3676 ============================================================

02:29:39.0506 3676 Initialize success

02:30:05.0106 2552 ============================================================

02:30:05.0106 2552 Scan started

02:30:05.0106 2552 Mode: Manual; SigCheck; TDLFS;

02:30:05.0106 2552 ============================================================

02:30:05.0872 2552 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys

02:30:06.0004 2552 ACPI - ok

02:30:06.0111 2552 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

02:30:06.0217 2552 adp94xx - ok

02:30:06.0239 2552 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

02:30:06.0266 2552 adpahci - ok

02:30:06.0298 2552 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

02:30:06.0318 2552 adpu160m - ok

02:30:06.0337 2552 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

02:30:06.0372 2552 adpu320 - ok

02:30:06.0435 2552 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys

02:30:06.0505 2552 AFD - ok

02:30:06.0550 2552 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

02:30:06.0569 2552 agp440 - ok

02:30:06.0617 2552 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

02:30:06.0646 2552 aic78xx - ok

02:30:06.0676 2552 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

02:30:06.0714 2552 aliide - ok

02:30:06.0767 2552 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

02:30:06.0784 2552 amdide - ok

02:30:06.0809 2552 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys

02:30:06.0869 2552 AmdK8 - ok

02:30:07.0227 2552 amdkmdag (538b0a6e89aca1929668f9eb95d3c0bc) C:\Windows\system32\DRIVERS\atikmdag.sys

02:30:07.0581 2552 amdkmdag - ok

02:30:07.0612 2552 amdkmdap (977286b382fe0920f379a69c351a7af4) C:\Windows\system32\DRIVERS\atikmpag.sys

02:30:07.0666 2552 amdkmdap - ok

02:30:07.0711 2552 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

02:30:07.0730 2552 arc - ok

02:30:07.0767 2552 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

02:30:07.0785 2552 arcsas - ok

02:30:07.0849 2552 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

02:30:07.0902 2552 AsyncMac - ok

02:30:07.0967 2552 atapi (62bd869afa2bf2e30f9d3ff428c87d5c) C:\Windows\system32\drivers\atapi.sys

02:30:08.0005 2552 atapi - ok

02:30:08.0041 2552 AtiHdmiService (da9da244b8348d876cc533fe2b5bcc88) C:\Windows\system32\drivers\AtiHdmi.sys

02:30:08.0314 2552 AtiHdmiService - ok

02:30:09.0076 2552 atikmdag (538b0a6e89aca1929668f9eb95d3c0bc) C:\Windows\system32\DRIVERS\atikmdag.sys

02:30:09.0290 2552 atikmdag - ok

02:30:09.0354 2552 AtiPcie (69eebb256503cded9bd0e9e43128c626) C:\Windows\system32\DRIVERS\AtiPcie.sys

02:30:09.0387 2552 AtiPcie - ok

02:30:09.0445 2552 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\Windows\system32\DRIVERS\b57nd60a.sys

02:30:09.0507 2552 b57nd60a - ok

02:30:09.0544 2552 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys

02:30:09.0778 2552 BCM43XV - ok

02:30:09.0808 2552 Beep - ok

02:30:09.0861 2552 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

02:30:09.0917 2552 blbdrive - ok

02:30:10.0031 2552 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys

02:30:10.0088 2552 bowser - ok

02:30:10.0115 2552 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

02:30:10.0226 2552 BrFiltLo - ok

02:30:10.0239 2552 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

02:30:10.0285 2552 BrFiltUp - ok

02:30:10.0346 2552 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

02:30:10.0420 2552 Brserid - ok

02:30:10.0505 2552 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

02:30:10.0609 2552 BrSerWdm - ok

02:30:10.0624 2552 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

02:30:10.0722 2552 BrUsbMdm - ok

02:30:10.0739 2552 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

02:30:10.0811 2552 BrUsbSer - ok

02:30:10.0832 2552 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

02:30:10.0912 2552 BTHMODEM - ok

02:30:10.0959 2552 catchme - ok

02:30:11.0033 2552 CAXHWBS2 (797c36e597f9fc4efd88e6e0e98abe37) C:\Windows\system32\DRIVERS\CAXHWBS2.sys

02:30:11.0112 2552 CAXHWBS2 - ok

02:30:11.0134 2552 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

02:30:11.0181 2552 cdfs - ok

02:30:11.0212 2552 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys

02:30:11.0272 2552 cdrom - ok

02:30:11.0308 2552 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

02:30:11.0365 2552 circlass - ok

02:30:11.0576 2552 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys

02:30:11.0621 2552 CLFS - ok

02:30:11.0667 2552 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

02:30:11.0740 2552 CmBatt - ok

02:30:11.0758 2552 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

02:30:11.0776 2552 cmdide - ok

02:30:11.0796 2552 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

02:30:11.0816 2552 Compbatt - ok

02:30:11.0826 2552 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

02:30:11.0845 2552 crcdisk - ok

02:30:11.0898 2552 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys

02:30:11.0941 2552 DfsC - ok

02:30:11.0980 2552 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys

02:30:11.0999 2552 disk - ok

02:30:12.0039 2552 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

02:30:12.0085 2552 drmkaud - ok

02:30:12.0292 2552 dump_wmimmc - ok

02:30:12.0436 2552 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys

02:30:12.0526 2552 DXGKrnl - ok

02:30:12.0570 2552 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

02:30:12.0633 2552 E1G60 - ok

02:30:12.0673 2552 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys

02:30:12.0697 2552 Ecache - ok

02:30:12.0803 2552 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

02:30:12.0839 2552 elxstor - ok

02:30:12.0882 2552 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

02:30:12.0936 2552 ErrDev - ok

02:30:13.0002 2552 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys

02:30:13.0079 2552 exfat - ok

02:30:13.0103 2552 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys

02:30:13.0166 2552 fastfat - ok

02:30:13.0204 2552 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

02:30:13.0259 2552 fdc - ok

02:30:13.0289 2552 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

02:30:13.0310 2552 FileInfo - ok

02:30:13.0333 2552 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

02:30:13.0390 2552 Filetrace - ok

02:30:13.0478 2552 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

02:30:13.0565 2552 flpydisk - ok

02:30:13.0718 2552 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys

02:30:13.0747 2552 FltMgr - ok

02:30:13.0773 2552 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

02:30:13.0823 2552 Fs_Rec - ok

02:30:13.0844 2552 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

02:30:13.0863 2552 gagp30kx - ok

02:30:13.0976 2552 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

02:30:14.0060 2552 HdAudAddService - ok

02:30:14.0143 2552 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys

02:30:14.0226 2552 HDAudBus - ok

02:30:14.0252 2552 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

02:30:14.0339 2552 HidBth - ok

02:30:14.0353 2552 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

02:30:14.0426 2552 HidIr - ok

02:30:14.0486 2552 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys

02:30:14.0565 2552 HidUsb - ok

02:30:14.0609 2552 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

02:30:14.0627 2552 HpCISSs - ok

02:30:14.0843 2552 HSF_DPV (1e260b33f6555146a0b826f047238c00) C:\Windows\system32\DRIVERS\CAX_DPV.sys

02:30:15.0085 2552 HSF_DPV - ok

02:30:15.0177 2552 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys

02:30:15.0308 2552 HTTP - ok

02:30:15.0337 2552 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

02:30:15.0369 2552 i2omp - ok

02:30:15.0435 2552 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

02:30:15.0481 2552 i8042prt - ok

02:30:15.0569 2552 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

02:30:15.0611 2552 iaStorV - ok

02:30:15.0649 2552 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

02:30:15.0665 2552 iirsp - ok

02:30:15.0745 2552 IntcAzAudAddService (e28d6b50a12bfa3df0bd7c31e19599f3) C:\Windows\system32\drivers\RTKVHD64.sys

02:30:15.0806 2552 IntcAzAudAddService - ok

02:30:15.0843 2552 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

02:30:15.0860 2552 intelide - ok

02:30:15.0877 2552 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

02:30:15.0929 2552 intelppm - ok

02:30:15.0967 2552 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys

02:30:16.0029 2552 IpFilterDriver - ok

02:30:16.0054 2552 IpInIp - ok

02:30:16.0078 2552 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

02:30:16.0132 2552 IPMIDRV - ok

02:30:16.0193 2552 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

02:30:16.0268 2552 IPNAT - ok

02:30:16.0310 2552 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

02:30:16.0366 2552 IRENUM - ok

02:30:16.0383 2552 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

02:30:16.0403 2552 isapnp - ok

02:30:16.0471 2552 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys

02:30:16.0513 2552 iScsiPrt - ok

02:30:16.0539 2552 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

02:30:16.0557 2552 iteatapi - ok

02:30:16.0571 2552 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

02:30:16.0589 2552 iteraid - ok

02:30:16.0619 2552 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

02:30:16.0656 2552 kbdclass - ok

02:30:16.0685 2552 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys

02:30:16.0737 2552 kbdhid - ok

02:30:16.0778 2552 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys

02:30:16.0820 2552 KSecDD - ok

02:30:16.0841 2552 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

02:30:16.0899 2552 ksthunk - ok

02:30:16.0944 2552 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

02:30:16.0996 2552 lltdio - ok

02:30:17.0024 2552 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

02:30:17.0053 2552 LSI_FC - ok

02:30:17.0075 2552 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

02:30:17.0095 2552 LSI_SAS - ok

02:30:17.0120 2552 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

02:30:17.0140 2552 LSI_SCSI - ok

02:30:17.0168 2552 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

02:30:17.0227 2552 luafv - ok

02:30:17.0271 2552 LVUSBS64 (0034f69d0007d3f77f6b96fa51228e85) C:\Windows\system32\drivers\LVUSBS64.sys

02:30:17.0316 2552 LVUSBS64 - ok

02:30:17.0359 2552 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

02:30:17.0405 2552 mdmxsdk - ok

02:30:17.0429 2552 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

02:30:17.0447 2552 megasas - ok

02:30:17.0491 2552 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

02:30:17.0521 2552 MegaSR - ok

02:30:17.0547 2552 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

02:30:17.0606 2552 Modem - ok

02:30:17.0631 2552 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

02:30:17.0688 2552 monitor - ok

02:30:17.0728 2552 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

02:30:17.0747 2552 mouclass - ok

02:30:17.0770 2552 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

02:30:17.0825 2552 mouhid - ok

02:30:17.0861 2552 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

02:30:17.0881 2552 MountMgr - ok

02:30:17.0920 2552 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

02:30:17.0945 2552 MpFilter - ok

02:30:17.0984 2552 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

02:30:18.0004 2552 mpio - ok

02:30:18.0029 2552 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

02:30:18.0048 2552 MpNWMon - ok

02:30:18.0062 2552 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

02:30:18.0113 2552 mpsdrv - ok

02:30:18.0132 2552 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

02:30:18.0149 2552 Mraid35x - ok

02:30:18.0159 2552 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys

02:30:18.0208 2552 MRxDAV - ok

02:30:18.0265 2552 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys

02:30:18.0326 2552 mrxsmb - ok

02:30:18.0356 2552 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys

02:30:18.0397 2552 mrxsmb10 - ok

02:30:18.0417 2552 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys

02:30:18.0456 2552 mrxsmb20 - ok

02:30:18.0476 2552 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

02:30:18.0504 2552 msahci - ok

02:30:18.0522 2552 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

02:30:18.0542 2552 msdsm - ok

02:30:18.0578 2552 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

02:30:18.0653 2552 Msfs - ok

02:30:18.0730 2552 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

02:30:18.0748 2552 msisadrv - ok

02:30:18.0767 2552 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

02:30:18.0821 2552 MSKSSRV - ok

02:30:18.0860 2552 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

02:30:18.0917 2552 MSPCLOCK - ok

02:30:18.0947 2552 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

02:30:18.0991 2552 MSPQM - ok

02:30:19.0003 2552 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys

02:30:19.0028 2552 MsRPC - ok

02:30:19.0049 2552 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

02:30:19.0068 2552 mssmbios - ok

02:30:19.0090 2552 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

02:30:19.0142 2552 MSTEE - ok

02:30:19.0150 2552 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys

02:30:19.0185 2552 Mup - ok

02:30:19.0241 2552 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys

02:30:19.0290 2552 NativeWifiP - ok

02:30:19.0332 2552 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys

02:30:19.0411 2552 NDIS - ok

02:30:19.0458 2552 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

02:30:19.0507 2552 NdisTapi - ok

02:30:19.0526 2552 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

02:30:19.0601 2552 Ndisuio - ok

02:30:19.0741 2552 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys

02:30:19.0826 2552 NdisWan - ok

02:30:19.0857 2552 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

02:30:19.0907 2552 NDProxy - ok

02:30:19.0982 2552 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

02:30:20.0064 2552 NetBIOS - ok

02:30:20.0107 2552 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys

02:30:20.0194 2552 netbt - ok

02:30:20.0253 2552 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

02:30:20.0287 2552 nfrd960 - ok

02:30:20.0321 2552 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

02:30:20.0339 2552 NisDrv - ok

02:30:20.0432 2552 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys

02:30:20.0496 2552 Npfs - ok

02:30:20.0527 2552 NPPTNT2 - ok

02:30:20.0550 2552 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

02:30:20.0633 2552 nsiproxy - ok

02:30:20.0679 2552 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys

02:30:20.0806 2552 Ntfs - ok

02:30:20.0829 2552 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

02:30:20.0892 2552 Null - ok

02:30:22.0322 2552 nvlddmkm (b188b1bdc7624e8e42f53fa78cade2c6) C:\Windows\system32\DRIVERS\nvlddmkm.sys

02:30:22.0803 2552 nvlddmkm - ok

02:30:23.0282 2552 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

02:30:23.0315 2552 nvraid - ok

02:30:23.0337 2552 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

02:30:23.0356 2552 nvstor - ok

02:30:23.0376 2552 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

02:30:23.0399 2552 nv_agp - ok

02:30:23.0406 2552 NwlnkFlt - ok

02:30:23.0415 2552 NwlnkFwd - ok

02:30:23.0452 2552 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys

02:30:23.0499 2552 ohci1394 - ok

02:30:23.0559 2552 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys

02:30:23.0606 2552 Parport - ok

02:30:23.0700 2552 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys

02:30:23.0742 2552 partmgr - ok

02:30:23.0863 2552 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys

02:30:23.0885 2552 pci - ok

02:30:23.0915 2552 pciide (4423e6d4d20c5d9ae27608bbe55347f7) C:\Windows\system32\drivers\pciide.sys

02:30:23.0932 2552 pciide - ok

02:30:24.0000 2552 pcmcia (a2d6b9c3f532baa27cb0c158d8ef4da6) C:\Windows\system32\DRIVERS\pcmcia.sys

02:30:24.0041 2552 pcmcia - ok

02:30:24.0288 2552 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

02:30:24.0446 2552 PEAUTH - ok

02:30:24.0570 2552 PID_PEPI (37ea62238e17ae88e4713d9246ca1c1c) C:\Windows\system32\DRIVERS\LV302V64.SYS

02:30:24.0663 2552 PID_PEPI - ok

02:30:24.0729 2552 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys

02:30:24.0785 2552 PptpMiniport - ok

02:30:24.0861 2552 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys

02:30:24.0914 2552 Processor - ok

02:30:24.0989 2552 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys

02:30:25.0036 2552 PSched - ok

02:30:25.0127 2552 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

02:30:25.0205 2552 ql2300 - ok

02:30:25.0280 2552 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

02:30:25.0318 2552 ql40xx - ok

02:30:25.0346 2552 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

02:30:25.0370 2552 QWAVEdrv - ok

02:30:26.0125 2552 R300 (538b0a6e89aca1929668f9eb95d3c0bc) C:\Windows\system32\DRIVERS\atikmdag.sys

02:30:26.0355 2552 R300 - ok

02:30:26.0381 2552 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

02:30:26.0460 2552 RasAcd - ok

02:30:26.0502 2552 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys

02:30:26.0558 2552 Rasl2tp - ok

02:30:26.0592 2552 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys

02:30:26.0651 2552 RasPppoe - ok

02:30:26.0669 2552 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys

02:30:26.0728 2552 RasSstp - ok

02:30:26.0760 2552 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys

02:30:26.0827 2552 rdbss - ok

02:30:26.0846 2552 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

02:30:26.0889 2552 RDPCDD - ok

02:30:26.0916 2552 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

02:30:26.0970 2552 rdpdr - ok

02:30:26.0979 2552 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

02:30:27.0031 2552 RDPENCDD - ok

02:30:27.0058 2552 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys

02:30:27.0131 2552 RDPWD - ok

02:30:27.0189 2552 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

02:30:27.0236 2552 rspndr - ok

02:30:27.0266 2552 RTHDMIAzAudService (0328ffdf9d805723d0e420018136fa7b) C:\Windows\system32\drivers\RtHDMIVX.sys

02:30:27.0291 2552 RTHDMIAzAudService - ok

02:30:27.0324 2552 RTSTOR (15c2f0082d5e1ce5124eda4050e77986) C:\Windows\system32\drivers\RTSTOR64.SYS

02:30:27.0358 2552 RTSTOR - ok

02:30:27.0383 2552 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

02:30:27.0404 2552 sbp2port - ok

02:30:27.0470 2552 ScreamBAudioSvc (ef0c4a3bd1749684514ee871a355969e) C:\Windows\system32\drivers\ScreamingBAudio64.sys

02:30:27.0488 2552 ScreamBAudioSvc - ok

02:30:27.0518 2552 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys

02:30:27.0573 2552 sdbus - ok

02:30:27.0672 2552 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

02:30:27.0772 2552 secdrv - ok

02:30:27.0873 2552 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys

02:30:27.0953 2552 Serenum - ok

02:30:28.0004 2552 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys

02:30:28.0066 2552 Serial - ok

02:30:28.0144 2552 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

02:30:28.0215 2552 sermouse - ok

02:30:28.0243 2552 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

02:30:28.0296 2552 sffdisk - ok

02:30:28.0323 2552 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

02:30:28.0367 2552 sffp_mmc - ok

02:30:28.0390 2552 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

02:30:28.0436 2552 sffp_sd - ok

02:30:28.0460 2552 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

02:30:28.0550 2552 sfloppy - ok

02:30:28.0637 2552 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

02:30:28.0675 2552 SiSRaid2 - ok

02:30:28.0696 2552 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

02:30:28.0717 2552 SiSRaid4 - ok

02:30:28.0744 2552 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys

02:30:28.0801 2552 Smb - ok

02:30:28.0833 2552 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys

02:30:28.0851 2552 spldr - ok

02:30:29.0047 2552 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys

02:30:29.0126 2552 srv - ok

02:30:29.0166 2552 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys

02:30:29.0222 2552 srv2 - ok

02:30:29.0255 2552 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys

02:30:29.0280 2552 srvnet - ok

02:30:29.0330 2552 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

02:30:29.0349 2552 swenum - ok

02:30:29.0373 2552 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

02:30:29.0412 2552 Symc8xx - ok

02:30:29.0437 2552 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

02:30:29.0455 2552 Sym_hi - ok

02:30:29.0466 2552 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

02:30:29.0484 2552 Sym_u3 - ok

02:30:29.0540 2552 Tcpip (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\drivers\tcpip.sys

02:30:29.0608 2552 Tcpip - ok

02:30:29.0662 2552 Tcpip6 (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\DRIVERS\tcpip.sys

02:30:29.0788 2552 Tcpip6 - ok

02:30:29.0884 2552 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys

02:30:29.0945 2552 tcpipreg - ok

02:30:30.0005 2552 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

02:30:30.0084 2552 TDPIPE - ok

02:30:30.0121 2552 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

02:30:30.0177 2552 TDTCP - ok

02:30:30.0201 2552 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys

02:30:30.0251 2552 tdx - ok

02:30:30.0276 2552 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys

02:30:30.0317 2552 TermDD - ok

02:30:30.0358 2552 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

02:30:30.0447 2552 tssecsrv - ok

02:30:30.0498 2552 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

02:30:30.0546 2552 tunmp - ok

02:30:30.0571 2552 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys

02:30:30.0606 2552 tunnel - ok

02:30:30.0625 2552 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

02:30:30.0644 2552 uagp35 - ok

02:30:30.0732 2552 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys

02:30:30.0800 2552 udfs - ok

02:30:30.0834 2552 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

02:30:30.0854 2552 uliagpkx - ok

02:30:30.0878 2552 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

02:30:30.0900 2552 uliahci - ok

02:30:30.0921 2552 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

02:30:30.0941 2552 UlSata - ok

02:30:30.0997 2552 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

02:30:31.0046 2552 ulsata2 - ok

02:30:31.0064 2552 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

02:30:31.0116 2552 umbus - ok

02:30:31.0132 2552 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys

02:30:31.0190 2552 UMPass - ok

02:30:31.0231 2552 usbaudio (c899fb269be4740dbe2801b204cd71d4) C:\Windows\system32\drivers\usbaudio.sys

02:30:31.0292 2552 usbaudio - ok

02:30:31.0325 2552 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

02:30:31.0366 2552 usbccgp - ok

02:30:31.0388 2552 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

02:30:31.0462 2552 usbcir - ok

02:30:31.0494 2552 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys

02:30:31.0550 2552 usbehci - ok

02:30:31.0585 2552 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys

02:30:31.0643 2552 usbhub - ok

02:30:31.0663 2552 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys

02:30:31.0738 2552 usbohci - ok

02:30:31.0775 2552 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

02:30:31.0810 2552 usbprint - ok

02:30:31.0851 2552 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

02:30:31.0884 2552 usbscan - ok

02:30:31.0903 2552 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS

02:30:31.0963 2552 USBSTOR - ok

02:30:32.0020 2552 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

02:30:32.0071 2552 usbuhci - ok

02:30:32.0115 2552 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

02:30:32.0160 2552 vga - ok

02:30:32.0200 2552 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

02:30:32.0247 2552 VgaSave - ok

02:30:32.0261 2552 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

02:30:32.0278 2552 viaide - ok

02:30:32.0303 2552 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys

02:30:32.0341 2552 volmgr - ok

02:30:32.0485 2552 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys

02:30:32.0537 2552 volmgrx - ok

02:30:32.0595 2552 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys

02:30:32.0615 2552 volsnap - ok

02:30:32.0663 2552 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

02:30:32.0687 2552 vsmraid - ok

02:30:32.0715 2552 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

02:30:32.0771 2552 WacomPen - ok

02:30:32.0793 2552 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys

02:30:32.0857 2552 Wanarp - ok

02:30:32.0861 2552 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys

02:30:32.0908 2552 Wanarpv6 - ok

02:30:32.0990 2552 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

02:30:33.0020 2552 Wd - ok

02:30:33.0144 2552 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

02:30:33.0202 2552 Wdf01000 - ok

02:30:33.0256 2552 winachsf (cbdeb4b3b5cf8c49acc221d45f1c50c1) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

02:30:33.0317 2552 winachsf - ok

02:30:33.0372 2552 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

02:30:33.0420 2552 WmiAcpi - ok

02:30:33.0608 2552 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys

02:30:33.0679 2552 WpdUsb - ok

02:30:33.0704 2552 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

02:30:33.0752 2552 ws2ifsl - ok

02:30:33.0787 2552 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

02:30:33.0845 2552 WUDFRd - ok

02:30:33.0916 2552 XAudio (2f2ce5e47b014f52bc722ae28b19cbf3) C:\Windows\system32\DRIVERS\xaudio64.sys

02:30:33.0950 2552 XAudio - ok

02:30:34.0028 2552 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys

02:30:34.0140 2552 xnacc - ok

02:30:34.0189 2552 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys

02:30:34.0210 2552 xusb21 - ok

02:30:34.0260 2552 yukonx64 (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys

02:30:34.0346 2552 yukonx64 - ok

02:30:34.0372 2552 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

02:30:34.0884 2552 \Device\Harddisk0\DR0 - ok

02:30:34.0888 2552 Boot (0x1200) (65687d4fc3d8fd0e2d61fe44e7f65b80) \Device\Harddisk0\DR0\Partition0

02:30:34.0888 2552 \Device\Harddisk0\DR0\Partition0 - ok

02:30:34.0893 2552 Boot (0x1200) (2b2173b06848e1a19ead6a9b21ed8721) \Device\Harddisk0\DR0\Partition1

02:30:34.0894 2552 \Device\Harddisk0\DR0\Partition1 - ok

02:30:34.0895 2552 ============================================================

02:30:34.0895 2552 Scan finished

02:30:34.0895 2552 ============================================================

02:30:34.0906 4192 Detected object count: 0

02:30:34.0906 4192 Actual detected object count: 0

Im not sure how relevant it is but i noticed a few reports ago there was something found, alureon or something? is that whats causing all these shenanigans?

Link to post
Share on other sites

To your last question, yes there was a TDL4 infection onboard this system.

I want to insure it is no longer around. Let's do one other run of aswMBR, get it's report.

Temporarily disable your Anti-virus app. If needed, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

RIGHT click on aswMBR.exe and select Run As Administrator to start.

Change the a-v scan to None.

Uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Re-enable your Anti-virus app

Tell me how your Windows o.s. is looking in general. Don't do any websurfing on this system.

We have a lot more checking to do.

Link to post
Share on other sites

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software

Run date: 2012-01-05 12:10:32

-----------------------------

12:10:32.577 OS Version: Windows x64 6.0.6001 Service Pack 1

12:10:32.577 Number of processors: 3 586 0x203

12:10:32.577 ComputerName: DESTROYERDEVICE UserName:

12:10:34.632 Initialize success

12:12:00.035 AVAST engine defs: 12010500

12:12:37.126 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

12:12:37.127 Disk 0 Vendor: WDC_WD5000AAKS-22A7B0 01.03B01 Size: 476940MB BusType: 3

12:12:37.140 Disk 0 MBR read successfully

12:12:37.141 Disk 0 MBR scan

12:12:37.145 Disk 0 Windows VISTA default MBR code

12:12:37.146 Disk 0 MBR hidden

12:12:37.148 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 15829 MB offset 63

12:12:37.161 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461107 MB offset 32419170

12:12:37.185 Disk 0 Partition 3 80 (A) 17 Hidd HPFS/NTFS NTFS 2 MB offset 976768065

12:12:37.188 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk] alert-icon.gif

12:12:37.191 Service scanning

12:12:37.806 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

12:12:38.430 Modules scanning

12:12:38.433 Scan finished successfully

12:12:51.408 Disk 0 MBR has been saved successfully to "C:\Users\doomsday machine\Desktop\MBR.dat"

12:12:51.411 The log file has been saved successfully to "C:\Users\doomsday machine\Desktop\aswMBR.txt"

"Fix" didnt light up this time.

well I think vista in general is an insanely buggy version of windows to be honest.

I still tend to have the same problems originally listed nothing better or worse.

Edited by Maurice Naggar
Highlighting added
Link to post
Share on other sites

Allright. I imagine any reboot of the system caused "the malware" to appear again.

Download the >> Gparted Live CD ISO << and burn it to CD or DVD as an ISO image.

and let me know after you have finished. Stay tuned for later instructions.

Hopefully you have another (clean) pc to do this work.

Meantime, do not do websurfing on the infected machine.

P.S. Would you also get these 2 files uploaded / Attached into your next reply

C:\Users\doomsday machine\Desktop\MBR.dat

C:\Users\doomsday machine\Desktop\aswMBR.txt

Edited by Maurice Naggar
added 2 files to Attach
Link to post
Share on other sites

I know how to do data cds and such but not sure how i burn these on my burner as an iso image.

unfortunately i have to use the computer thats infected, its my only means at the moment.

also it wouldnt permit me to attach the .dat file you requested

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software

Run date: 2012-01-05 12:10:32

-----------------------------

12:10:32.577 OS Version: Windows x64 6.0.6001 Service Pack 1

12:10:32.577 Number of processors: 3 586 0x203

12:10:32.577 ComputerName: DESTROYERDEVICE UserName:

12:10:34.632 Initialize success

12:12:00.035 AVAST engine defs: 12010500

12:12:37.126 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

12:12:37.127 Disk 0 Vendor: WDC_WD5000AAKS-22A7B0 01.03B01 Size: 476940MB BusType: 3

12:12:37.140 Disk 0 MBR read successfully

12:12:37.141 Disk 0 MBR scan

12:12:37.145 Disk 0 Windows VISTA default MBR code

12:12:37.146 Disk 0 MBR hidden

12:12:37.148 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 15829 MB offset 63

12:12:37.161 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461107 MB offset 32419170

12:12:37.185 Disk 0 Partition 3 80 (A) 17 Hidd HPFS/NTFS NTFS 2 MB offset 976768065

12:12:37.188 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]

12:12:37.191 Service scanning

12:12:37.806 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

12:12:38.430 Modules scanning

12:12:38.433 Scan finished successfully

12:12:51.408 Disk 0 MBR has been saved successfully to "C:\Users\doomsday machine\Desktop\MBR.dat"

12:12:51.411 The log file has been saved successfully to "C:\Users\doomsday machine\Desktop\aswMBR.txt"

aswMBR.txt

Edited by Maurice Naggar
Placed log In-line
Link to post
Share on other sites

eusa_hand.gifThe fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

Your system has the Alureon bootkit infection.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Close any open documents if any and save your work if any.

Make sure all "external" HDD drives are not connected.

Do a Windows shutdown.

Place the Gparted CD in the drive.

You must Change the boot order in the BIOS to boot to the CD first, or just hit the Function key that displays on your screen at system restart to Change the Boot Order.

Restart the pc to boot up from CD

Once booted and program is started, You will see a menu.

Choose the GParted Live (Default Settings) option and hit Enter.

Allow GParted to load by selecting all the default options (simply press enter when prompted).

When asked "Which Mode do you Prefer" - Hit Enter to use Gparted automatically, and the GParted Desktop will display:

I do not want you to edit anything.

You will see on screen information about the 3 partitions on your HDD system.

Similar to to this snapshot here

http://secure-computer-solutions.com/blog/GPartedGUI-ScreenieJPG.jpg

I just want you to describe to me each partition as it is listed: Partition name (letters) , Size, Label (ie Reserved), and especially tell me which partition has "Boot" next to it.

Also tell me if you see "unallocated" space.

Write down all information.

IF at all possible, take a digital picture with your cell phone (if you have) and upload and attach the snapshot in your reply.

Boot back into Windows and post your results please.

You can see an article with examples at Negster22's BITS and PC's blog here

http://secure-computer-solutions.com/blog/2011/11/

Once again, do not make ANY changes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.