Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Random Internet Explorer ads and Google redirect


  • This topic is locked This topic is locked

#1
reallydumb4real

reallydumb4real

    Member

  • Member
  • PipPip
  • 10 posts
Hey guys,

First time posting in here. My laptop was attacked by a virus a couple days ago. I got a window that said I had hard drive failure and then the icons on my desktop and start menu disappeared. I ran Malwarebytes and was able to remove the virus (so I thought) and then did a system restore to a previous point.

My icons came back but I started having other problems. First I noticed random audio that sounded like commercials started playing but not from any windows I had open. These seemed to be associated with the iexplorer.exe process which I just had to keep manually closing from Windows Task Manager.

Also, all the links on my Google searches are being redirected to suspicious sites. I'm not sure if these are related/the same virus, but I really need some help. Thanks.
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello reallydumb4real and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Sorry for delay... Let's start do some cleaning :unsure:

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#3
reallydumb4real

reallydumb4real

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks mailprog. I will run those scans and post them when I get home from work. I thought I should also mention that I have already run Malwarebytes, SuperAntiSpyware, and GMER. Should I post those logs here as well?
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Update your Malwarebytes before scan. Don't do GMER scans for now. Maybe we will need it later...
  • 0

#5
reallydumb4real

reallydumb4real

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Sorry, I already ran it previously. Here's the Malwarebytes log:


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6851

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

6/13/2011 9:43:14 PM
mbam-log-2011-06-13 (21-43-14).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 389124
Time elapsed: 1 hour(s), 3 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\config\systemprofile\AppData\Local\haglwv.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
  • 0

#6
reallydumb4real

reallydumb4real

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
And here is the SuperAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/14/2011 at 00:39 AM

Application Version : 4.54.1000

Core Rules Database Version : 7263
Trace Rules Database Version: 5075

Scan type : Complete Scan
Total Scan Time : 02:33:46

Memory items scanned : 319
Memory threats detected : 0
Registry items scanned : 9476
Registry threats detected : 0
File items scanned : 216925
File threats detected : 111

Adware.Unknown Origin
C:\PROGRAM FILES\HEWLETT-PACKARD\HP ADVISOR\COMPSHOP\TEMPLATES\AD.HTML

Adware.Tracking Cookie
ad.yieldmanager.com [ C:\Users\Matt Leung\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Matt Leung\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
C:\Users\Matt Leung\AppData\Local\Temp\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Local\Temp\Cookies\[email protected][2].txt
C:\Users\Matt Leung\AppData\Local\Temp\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Local\Temp\Cookies\[email protected][2].txt
C:\Users\Matt Leung\AppData\Local\Temp\Cookies\[email protected][2].txt
media1.break.com [ C:\Users\Matt Leung\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M7E2BKRP ]
secure-us.imrworldwide.com [ C:\Users\Matt Leung\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M7E2BKRP ]
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
crackle.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GYT34LYS ]
ds.serving-sys.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GYT34LYS ]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
  • 0

#7
reallydumb4real

reallydumb4real

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
And the GMER log:

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-14 17:01:38
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.BBFO
Running: xydjetpo.exe; Driver: C:\Users\MATTLE~1\AppData\Local\Temp\uxrorpow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8F217620]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 854 81EFCE18 4 Bytes [20, 76, 21, 8F]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtProtectVirtualMemory 76E28968 5 Bytes JMP 0071000A
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtWriteVirtualMemory 76E292A8 5 Bytes JMP 0072000A
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!KiUserExceptionDispatcher 76E299E8 5 Bytes JMP 0070000A
.text C:\Windows\system32\svchost.exe[1116] ole32.dll!CoCreateInstance 76C1E188 5 Bytes JMP 0149000A
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!GetForegroundWindow 757CE697 5 Bytes JMP 0162000A
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!GetCursorPos 757E0F5E 5 Bytes JMP 014A000A
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!WindowFromPoint 757F3ADE 5 Bytes JMP 0151000A
.text C:\Windows\system32\wuauclt.exe[2160] ntdll.dll!NtProtectVirtualMemory 76E28968 5 Bytes JMP 00C1000A
.text C:\Windows\system32\wuauclt.exe[2160] ntdll.dll!NtWriteVirtualMemory 76E292A8 5 Bytes JMP 00C2000A
.text C:\Windows\system32\wuauclt.exe[2160] ntdll.dll!KiUserExceptionDispatcher 76E299E8 5 Bytes JMP 0085000A
.text C:\Windows\Explorer.EXE[3356] ntdll.dll!NtProtectVirtualMemory 76E28968 5 Bytes JMP 00E6000A
.text C:\Windows\Explorer.EXE[3356] ntdll.dll!NtWriteVirtualMemory 76E292A8 5 Bytes JMP 00E7000A
.text C:\Windows\Explorer.EXE[3356] ntdll.dll!KiUserExceptionDispatcher 76E299E8 5 Bytes JMP 00E5000A
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[4092] kernel32.dll!SetUnhandledExceptionFilter 76B16E2D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 [email protected] code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
  • 0

#8
reallydumb4real

reallydumb4real

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the OTL log:

OTL logfile created on: 6/15/2011 5:09:00 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Matt Leung\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 35.56% Memory free
6.18 Gb Paging File | 4.30 Gb Available in Paging File | 69.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.20 Gb Total Space | 19.62 Gb Free Space | 8.87% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 1.99 Gb Free Space | 17.07% Space Free | Partition Type: NTFS

Computer Name: FREEPIZZA | User Name: Matt Leung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/15 17:08:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matt Leung\Downloads\OTL.scr
PRC - [2011/05/25 02:00:34 | 002,151,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/25 02:00:34 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/19 21:47:01 | 002,969,496 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/09/15 13:08:39 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 19:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/17 15:48:50 | 002,056,275 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
PRC - [2007/09/10 15:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007/05/04 13:14:04 | 000,036,864 | ---- | M] ( ) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe


========== Modules (SafeList) ==========

MOD - [2011/06/15 17:08:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matt Leung\Downloads\OTL.scr
MOD - [2008/01/20 19:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (npkcmsvc)
SRV - [2011/06/09 06:32:03 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8675ab0.dll -- (Akamai)
SRV - [2011/05/25 02:00:34 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/03/06 20:36:19 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/08/30 14:19:01 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/25 02:00:36 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/05/25 02:00:36 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/06/06 20:12:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 19:23:21 | 000,227,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\volsnap.sys -- (volsnap)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/01 08:35:52 | 000,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/21 01:13:04 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2007/08/08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/18 05:03:26 | 000,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/02 00:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://asu.edu/"
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.31.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 22:04:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/03 22:04:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 1\components [2011/04/08 17:09:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 1\plugins

[2009/11/25 09:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt Leung\AppData\Roaming\Mozilla\Extensions
[2009/11/25 09:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt Leung\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/05/31 19:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt Leung\AppData\Roaming\Mozilla\Firefox\Profiles\vcgu8hiz.default\extensions
[2011/06/09 00:08:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matt Leung\AppData\Roaming\Mozilla\Firefox\Profiles\vcgu8hiz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/09 00:08:42 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\Matt Leung\AppData\Roaming\Mozilla\Firefox\Profiles\vcgu8hiz.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2011/06/09 00:08:42 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Matt Leung\AppData\Roaming\Mozilla\Firefox\Profiles\vcgu8hiz.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/06/09 00:08:42 | 000,000,000 | ---D | M] (MushroomKingdom) -- C:\Users\Matt Leung\AppData\Roaming\Mozilla\Firefox\Profiles\vcgu8hiz.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2010/11/03 15:54:28 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Matt Leung\AppData\Roaming\Mozilla\Firefox\Profiles\vcgu8hiz.default\extensions\[email protected]
[2011/06/09 00:08:42 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Matt Leung\AppData\Roaming\Mozilla\Firefox\Profiles\vcgu8hiz.default\extensions\[email protected]
[2011/06/09 00:08:42 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Users\Matt Leung\AppData\Roaming\Mozilla\Firefox\Profiles\vcgu8hiz.default\extensions\[email protected]
[2011/06/09 00:08:42 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Users\Matt Leung\AppData\Roaming\Mozilla\Firefox\Profiles\vcgu8hiz.default\extensions\[email protected]
[2011/05/03 22:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/01 11:55:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/03/03 12:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
File not found (No name found) --
() (No name found) -- C:\USERS\MATT LEUNG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VCGU8HIZ.DEFAULT\EXTENSIONS\{02450954-CDD9-410F-B1DA-DB804E18C671}.XPI
() (No name found) -- C:\USERS\MATT LEUNG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VCGU8HIZ.DEFAULT\EXTENSIONS\{36B72FDA-9A37-456C-8CC8-CDDD4A3FE312}.XPI
() (No name found) -- C:\USERS\MATT LEUNG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VCGU8HIZ.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
() (No name found) -- C:\USERS\MATT LEUNG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VCGU8HIZ.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
() (No name found) -- C:\USERS\MATT LEUNG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VCGU8HIZ.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\MATT LEUNG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VCGU8HIZ.DEFAULT\EXTENSIONS\{D618933B-9EB4-1C04-949D-0F9B1A39EBB9}.XPI
() (No name found) -- C:\USERS\MATT LEUNG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VCGU8HIZ.DEFAULT\EXTENSIONS\[email protected]
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/02/07 21:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/02/07 21:46:20 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/02/07 21:46:16 | 000,021,824 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2007/03/16 17:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2007/03/16 17:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2007/03/16 17:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2008/06/17 23:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/01 11:55:14 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/02/07 21:48:26 | 000,419,136 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2008/11/02 00:20:54 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
[2008/02/07 21:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Live Search Club Toolbar) - {719D74AB-1AF9-43A1-8C62-D8750628D93E} - C:\Program Files\Live Search Club Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Live Search Club Toolbar) - {719D74AB-1AF9-43A1-8C62-D8750628D93E} - C:\Program Files\Live Search Club Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [cleanddm] File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WildTangent CDA] C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe (WildTangent, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [GameShadow] File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10k_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtualEcho.lnk = File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/01 06:57:03 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0cba5206-6451-11dd-86d6-001d72684f8b}\Shell\AutoRun\command - "" = F:\Launch.exe
O33 - MountPoints2\{3dce7f5c-c59a-11de-8dde-001d72684f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{3dce7f5c-c59a-11de-8dde-001d72684f8b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{9eeeedca-bbd7-11dd-ace8-001d72684f8b}\Shell\Auto\command - "" = F:\Setup.exe
O33 - MountPoints2\{9eeeedca-bbd7-11dd-ace8-001d72684f8b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Setup.exe
O33 - MountPoints2\{a85aaca1-92f5-11e0-8af6-001d72684f8b}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe
O33 - MountPoints2\{c0b3c010-6c00-11dd-964a-001d72684f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{c0b3c010-6c00-11dd-964a-001d72684f8b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/06/13 21:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/13 21:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/13 21:49:45 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/06/13 20:16:38 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/06/13 19:30:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/13 19:23:36 | 011,419,392 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Matt Leung\Desktop\SUPERAntiSpywarePro.exe
[2011/06/13 19:23:03 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/06/09 22:25:01 | 000,000,000 | ---D | C] -- C:\Users\Matt Leung\AppData\Roaming\AVG10
[2011/06/09 22:22:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/06/09 22:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/06/09 22:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/06/09 16:56:14 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/06/09 16:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/06/09 16:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/06/08 21:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/06/08 21:25:05 | 000,000,000 | ---D | C] -- C:\Users\Matt Leung\Desktop\RK_Quarantine
[2011/05/31 20:20:19 | 000,000,000 | ---D | C] -- C:\Users\Matt Leung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
[2011/05/19 14:29:53 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\Windows\System32\drivers\BVRPMPR5.SYS
[2011/05/19 14:29:06 | 000,000,000 | ---D | C] -- C:\Netgear
[2011/05/19 13:26:11 | 000,884,736 | ---- | C] (www.chmaas.handshake.de) -- C:\Users\Matt Leung\Desktop\XVI32.exe
[2011/05/18 19:10:57 | 000,000,000 | ---D | C] -- C:\Users\Matt Leung\Desktop\dir615_revE1_FW_501NA
[2 C:\Users\Matt Leung\Documents\*.tmp files -> C:\Users\Matt Leung\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/15 17:13:19 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/15 17:13:14 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/06/15 17:13:14 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HP WEP.job
[2011/06/15 16:51:43 | 000,000,000 | ---- | M] () -- C:\Users\Matt Leung\defogger_reenable
[2011/06/15 16:50:12 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{77B5D549-256D-43DA-B957-C1A83D416054}.job
[2011/06/15 16:49:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/15 16:49:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/15 16:49:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/15 16:49:16 | 3211,108,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/14 16:36:11 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2185205771-1825530132-2407171191-1000UA.job
[2011/06/14 16:36:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/14 07:36:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2185205771-1825530132-2407171191-1000Core.job
[2011/06/13 21:55:43 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011/06/13 20:16:36 | 000,000,680 | ---- | M] () -- C:\Users\Matt Leung\AppData\Local\d3d9caps.dat
[2011/06/13 19:33:52 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/13 19:23:08 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/06/13 19:23:08 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/06/13 19:23:03 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/06/13 19:07:28 | 000,302,592 | ---- | M] () -- C:\Users\Matt Leung\Desktop\xydjetpo.exe
[2011/06/13 18:56:56 | 011,419,392 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Matt Leung\Desktop\SUPERAntiSpywarePro.exe
[2011/06/09 21:18:05 | 000,157,696 | ---- | M] () -- C:\Users\Matt Leung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/09 19:12:16 | 000,000,903 | ---- | M] () -- C:\Users\Matt Leung\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/09 17:38:39 | 000,002,067 | ---- | M] () -- C:\Users\Matt Leung\Desktop\Google Chrome.lnk
[2011/06/09 17:38:39 | 000,002,029 | ---- | M] () -- C:\Users\Matt Leung\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/09 17:07:07 | 000,117,244 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/09 17:07:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/09 16:56:16 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/05/31 20:20:42 | 000,138,056 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/05/31 20:20:42 | 000,138,056 | ---- | M] () -- C:\Users\Matt Leung\AppData\Roaming\PnkBstrK.sys
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/25 02:00:36 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/05/23 22:30:17 | 000,002,587 | ---- | M] () -- C:\Users\Matt Leung\Desktop\Microsoft Office Word 2007.lnk
[2011/05/19 14:34:04 | 000,005,918 | ---- | M] () -- C:\Users\Matt Leung\Desktop\Router_Setup.html
[2011/05/19 13:28:30 | 000,000,835 | ---- | M] () -- C:\Users\Matt Leung\Desktop\XVI32.ini
[2 C:\Users\Matt Leung\Documents\*.tmp files -> C:\Users\Matt Leung\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/15 16:59:54 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\HP WEP.job
[2011/06/15 16:51:43 | 000,000,000 | ---- | C] () -- C:\Users\Matt Leung\defogger_reenable
[2011/06/14 06:32:44 | 3211,108,352 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/13 21:55:43 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011/06/13 19:24:03 | 000,302,592 | ---- | C] () -- C:\Users\Matt Leung\Desktop\xydjetpo.exe
[2011/06/13 19:23:08 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/06/13 19:23:08 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/06/09 16:56:16 | 000,000,897 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/05/19 14:34:04 | 000,000,172 | R--- | C] () -- C:\Users\Matt Leung\Desktop\Router Login.url
[2011/05/19 14:34:00 | 000,005,918 | ---- | C] () -- C:\Users\Matt Leung\Desktop\Router_Setup.html
[2011/05/19 13:28:11 | 000,000,835 | ---- | C] () -- C:\Users\Matt Leung\Desktop\XVI32.ini
[2011/05/19 13:26:11 | 000,075,183 | ---- | C] () -- C:\Users\Matt Leung\Desktop\XVI32U.chm
[2011/05/19 13:26:11 | 000,001,246 | -H-- | C] () -- C:\Users\Matt Leung\Desktop\WINEBCDE.XCT
[2011/05/19 13:26:11 | 000,001,246 | -H-- | C] () -- C:\Users\Matt Leung\Desktop\EBCDEWIN.XCT
[2011/05/19 13:26:11 | 000,001,232 | -H-- | C] () -- C:\Users\Matt Leung\Desktop\WINEBCUS.XCT
[2011/05/19 13:26:11 | 000,001,232 | -H-- | C] () -- C:\Users\Matt Leung\Desktop\EBCUSWIN.XCT
[2011/05/19 13:26:11 | 000,000,896 | -H-- | C] () -- C:\Users\Matt Leung\Desktop\WINDOS.XCT
[2011/05/19 13:26:11 | 000,000,896 | -H-- | C] () -- C:\Users\Matt Leung\Desktop\DOSWIN.XCT
[2011/05/01 23:22:49 | 000,002,642 | -HS- | C] () -- C:\Users\Matt Leung\AppData\Local\e6cj5tlvi1v865yfa8f352520352u236
[2011/05/01 23:22:49 | 000,002,642 | -HS- | C] () -- C:\ProgramData\e6cj5tlvi1v865yfa8f352520352u236
[2011/04/25 01:00:39 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2010/07/31 21:45:32 | 000,000,680 | ---- | C] () -- C:\Users\Matt Leung\AppData\Local\d3d9caps.dat
[2010/03/11 19:37:07 | 000,000,315 | ---- | C] () -- C:\Windows\hegames.ini
[2009/12/07 11:46:22 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2009/11/13 14:31:46 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/09/13 01:22:13 | 000,138,056 | ---- | C] () -- C:\Users\Matt Leung\AppData\Roaming\PnkBstrK.sys
[2009/09/13 01:21:58 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/09/09 16:01:06 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/09/09 16:01:06 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/09/09 16:01:06 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/09/09 16:01:06 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat
[2009/07/08 18:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/03/25 23:13:53 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/02/08 23:13:49 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\DVDConverter_sysquict.dat
[2009/02/06 15:26:26 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/06 15:26:26 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/02/04 21:13:30 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2009/02/04 21:13:29 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2009/02/04 21:13:29 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2009/02/04 21:13:29 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2009/02/04 21:13:29 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2009/02/04 21:13:29 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2009/02/04 21:13:29 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2009/02/04 21:13:29 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2009/02/04 21:13:29 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2009/02/04 21:13:29 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2009/02/04 21:13:29 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2009/02/04 21:13:29 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2009/02/04 21:13:29 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2009/02/04 21:13:29 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2009/02/04 21:13:29 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2009/02/04 21:13:29 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2009/02/04 21:13:29 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2008/10/28 08:35:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll
[2008/10/28 08:28:36 | 001,498,700 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2008/09/26 16:52:18 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/09/26 16:52:11 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008/09/26 16:52:01 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008/08/23 12:32:04 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/06 18:15:28 | 000,157,696 | ---- | C] () -- C:\Users\Matt Leung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/06 17:50:56 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/08/06 17:50:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/16 00:23:25 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/07/16 00:23:25 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008/07/16 00:23:25 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/07/01 07:11:20 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/01/20 19:23:21 | 000,227,896 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2007/08/23 10:34:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2007/07/26 12:01:50 | 000,114,688 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,306,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,117,244 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:33:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/04/16 10:14:42 | 000,338,944 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[2002/04/16 10:14:00 | 001,683,456 | ---- | C] () -- C:\Windows\System32\LTCLR13n.dll
[2002/04/16 10:14:00 | 000,118,784 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[1997/06/13 17:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/07/28 15:31:41 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\2K Sports
[2008/08/13 23:45:31 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\acccore
[2008/08/06 19:03:27 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\Aim
[2008/09/20 23:24:53 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\Amazon
[2009/08/13 17:35:02 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\Anthropics
[2011/06/09 22:25:01 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\AVG10
[2011/05/03 18:37:13 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\Braid
[2008/10/07 15:37:59 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\Broken Sword 2.5
[2008/08/14 23:05:19 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\Canon
[2008/08/20 16:05:42 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\CiscoCAA
[2009/09/28 16:02:48 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\com.fox.dollhouse.VirtualEcho.8DB2FB41E3AF9617470F9C3E78FDAAA51EF66383.1
[2010/01/20 20:15:59 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\FileOpen
[2011/06/09 22:04:20 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\GetRightToGo
[2011/06/09 00:08:36 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\gtk-2.0
[2011/06/09 00:08:36 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\ICAClient
[2009/01/28 00:17:35 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\iWin
[2008/08/12 00:12:27 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\Leadertech
[2010/08/22 01:19:31 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\LimeWire
[2009/09/19 02:06:49 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\LucasArts
[2009/03/25 23:10:51 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\MPEG Streamclip
[2008/08/11 23:43:16 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\muvee Technologies
[2011/04/17 16:54:14 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\NCH Swift Sound
[2009/02/12 14:31:26 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\Nexon
[2008/10/24 16:01:39 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\ooVoo Details
[2011/06/09 00:08:42 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\oovooToolbar
[2010/11/15 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\PKWARE
[2010/11/17 21:02:23 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\Roaming
[2011/06/09 00:08:42 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\SystemRequirementsLab
[2010/02/19 15:26:18 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\Unity
[2011/06/09 00:08:42 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\uTorrent
[2009/03/26 09:59:12 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\WinFF
[2011/06/09 00:08:42 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\Xcelsius
[2010/06/25 15:43:14 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\XcelsiuscustomThemes
[2010/06/25 15:43:14 | 000,000,000 | ---D | M] -- C:\Users\Matt Leung\AppData\Roaming\XcelsiuscustomThemesAutoInfo
[2011/06/15 17:12:10 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/15 16:50:12 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{77B5D549-256D-43DA-B957-C1A83D416054}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 19:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 19:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 19:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 19:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 19:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 19:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 19:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Matt Leung\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/05 22:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Matt Leung\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/05 22:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Matt Leung\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/05 22:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Matt Leung\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/06/05 22:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 19:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 19:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 19:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/07/18 14:39:09 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Matt Leung\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/05 22:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Matt Leung\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/05 22:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Matt Leung\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/05 22:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Matt Leung\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/06/05 22:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 19:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 19:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 19:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/07/18 14:39:09 | 000,634,648 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:39ECA677

< End of report >
  • 0

#9
reallydumb4real

reallydumb4real

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
And the Extras.txt:

OTL Extras logfile created on: 6/15/2011 5:09:00 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Matt Leung\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 35.56% Memory free
6.18 Gb Paging File | 4.30 Gb Available in Paging File | 69.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.20 Gb Total Space | 19.62 Gb Free Space | 8.87% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 1.99 Gb Free Space | 17.07% Space Free | Partition Type: NTFS

Computer Name: FREEPIZZA | User Name: Matt Leung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0332508E-4E87-47D0-AB94-D7DB4AD4CDA1}" = lport=445 | protocol=6 | dir=in | app=system |
"{060A518F-6C51-40D9-A03E-6CF38DACDB93}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{49506340-C155-4ED4-97CA-A754C8180EB2}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |
"{8175D761-0285-4AEA-AEF0-50591F32894F}" = lport=50400 | protocol=6 | dir=in | name=akamai netsession interface |
"{916A51D7-CF13-439E-96B6-6ABDF151F603}" = rport=137 | protocol=17 | dir=out | app=system |
"{97D653EA-23BB-47F1-8D3C-6E0D3A06FBC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B1209996-7E04-4671-AB20-83C745A41A59}" = lport=137 | protocol=17 | dir=in | app=system |
"{BE70E8A6-CD44-4EF2-9FD4-726DB14BE642}" = rport=138 | protocol=17 | dir=out | app=system |
"{DE471FBC-C558-4E44-BF38-85B6A698A3F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E14F1B29-702E-4A00-8F97-ACF7D24EF53C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E412072A-62D8-4FD7-8B9D-11D5741D3BB9}" = rport=445 | protocol=6 | dir=out | app=system |
"{EC7C289E-D2A3-43FE-826D-C819675B3BB7}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{F10EA1A4-4B8A-40E2-8272-D21D16516923}" = lport=138 | protocol=17 | dir=in | app=system |
"{FB9A2B23-F96D-478F-84DF-F82AA94A8327}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FC9E77C6-FC3C-4B0F-9BF4-54A17BB6A5F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{FE2975F3-3E43-434B-A9CD-BA05198D20DA}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002F7F91-EC22-4E08-B3D2-29DBD8C7A6F2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{08C65075-BF17-4F11-8D11-8DACB9B8C56B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{0CE0A5E1-BBDD-4AB6-BAE4-A6545A07E186}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{1987A635-D7DF-4727-9944-4E0FF23CC78E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1A3936E5-E2EA-494D-B840-03641FCD4902}" = protocol=58 | dir=in | [email protected],-28545 |
"{1C3CE802-4DDE-477A-A2AF-62A3C6A67A90}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{2068CB7E-F352-4121-8C01-A9E4F7F05F3D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{26DBE8A1-3F3E-4C71-8049-DDB32952D853}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{2938E717-7706-4945-AB01-051D8E5AC244}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2A7E5052-5924-479D-B821-0CF99E3DBC0F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3321C666-0124-47D4-960C-72508BDEB63D}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{37F23E0B-F4B1-41DB-B23A-403E7762A81F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{384C4849-5BEC-4C9C-8F93-6C387EB82AAA}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{398472D5-B52F-42C5-B522-DF353D13A1E9}" = protocol=1 | dir=out | [email protected],-28544 |
"{3F08D5A9-9F22-4055-ADF7-F78D63818AC2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{40175AC1-57A6-438F-BC01-D272A50BD755}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4449E161-EB80-4E24-A0F5-274657E5EE3F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4CC7A76B-D888-4EF9-80EC-D512C3A57EC6}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{4E7D6E3F-46D8-40B9-831E-B10E5907D838}" = protocol=58 | dir=out | [email protected],-28546 |
"{57318024-B981-4554-9B67-00D4DCF1439A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5F9EDD39-37C4-4DF2-824C-56E9B20FA555}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{649A2D17-3B8D-46DB-AA55-F4FC81A1C132}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6F313253-F99E-4A65-B6E3-745D4CDFB05D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7055EFAE-7D22-4F87-B68C-BE56204F0117}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{72E3A167-1F2E-4A41-B0B7-258971667233}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{74747802-9351-49C8-B6E8-15E2C50CD6F9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{75F32546-6BF5-4A05-B30E-0B0DC77F174F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\swkotor\swkotor.exe |
"{775DD391-F5FA-438D-9187-80F009EF848A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7A92A37F-9A08-412E-AE5D-64231A5BAC18}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{7E22167B-7495-41DF-A10E-1631FA73DC52}" = protocol=1 | dir=in | [email protected],-28543 |
"{816B845A-B217-40FD-A362-016C20AA1462}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{875DC722-9D15-43C5-978F-5D8EE6680B7D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{8FF51267-188C-4E67-9EA7-B8ED02CAA117}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9688871D-E528-4A29-8B30-D478FE336B44}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\swkotor\swkotor.exe |
"{96A457DE-2787-447B-BDFE-B00152CF6EB7}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{99BD09F9-5969-4A0F-BE13-54B5EF045A8A}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{9CFEE5A2-954E-4C01-9A9C-99DED685A804}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{9F2F67EE-C576-499F-AE52-B2FF707FEB7A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9F497C0E-C6D3-4DC4-BD8C-A248C8AA684D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A3CC2007-71D9-46E5-9DDF-066CD6C3D271}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A7AFEC5B-BBD7-4727-AD50-E942802DAF82}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{AB3ACE23-A3DF-405A-A1EB-13673A49D325}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{AF33B839-2BB4-4E18-8EC0-2828950AA52D}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{B55BE246-05F3-4FF6-A85A-CDDDA42FA7A4}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B651D92C-1CDF-4F56-92A3-F07C6C260C9D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BB2DEB6F-2D34-491B-AD67-3AB6408C2659}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C3E83B49-E3F0-49DF-BDFB-7C047A76ED9D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C4A3B73E-6AEA-4517-93E5-DA33E07520CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA82CEC2-179E-4A3F-BD85-4686E4A0622A}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{D0C75348-51F7-4B98-97CB-23FCF5370DCD}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{DF201EF3-5BBE-412F-ADFA-BBA98D52639D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF5AD10B-A750-4671-8C8D-2E81392AFF56}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E3B4F8CD-FAB9-4E2A-B116-BA3929D89837}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{EB2F1290-5D76-4540-96F1-B3401AADB188}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{EDA3BB6F-2ACB-4ACE-8618-0CB32333F8B7}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{EE420013-964F-4FB3-812F-C69D7FB4746F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FFE5DF3F-CA2B-4DF8-A306-66672B6850BF}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{04063BDC-C937-4D26-9D8C-EC50AFAD96AC}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{322C6A8D-B5E5-46CD-B804-DEBB625EE35A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{59C5AD81-EF5C-4F08-AFCE-133C734D5CBB}C:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"TCP Query User{72A85D4D-DACF-4A72-A8F2-472E8432DCAC}C:\program files\ea games\mohaa\mohaa.exe" = protocol=6 | dir=in | app=c:\program files\ea games\mohaa\mohaa.exe |
"TCP Query User{7A528DB3-14E4-41D8-82F7-7DE4E62BD477}C:\program files\java\jre1.6.0_02\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_02\bin\javaw.exe |
"TCP Query User{992EE680-7256-4FDD-9313-2641FAF14A7C}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{9AC1C625-1C5F-4D1B-A7E3-53207601DEAC}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{A86ECA21-C7A9-4537-8C49-8F1850604F3C}C:\program files\tams11\games\farkle\farkle.exe" = protocol=6 | dir=in | app=c:\program files\tams11\games\farkle\farkle.exe |
"TCP Query User{B2FAFB58-0F26-4F71-92D0-01DD9CEDDF79}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"TCP Query User{B630786B-C014-444E-B879-567CFBA1A272}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{BEBA2459-65C0-48EC-A93B-D0E5DD59D242}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{C07A2E1E-1A5C-4445-8C80-E3CC823A5B31}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{C0B5A43C-5294-4F59-A8D2-974960E0335E}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{C9F59897-40F2-4323-9FE5-696D3188EC78}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{D035A53F-FC19-45A0-8073-1B984F343B75}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{D1D9BBE4-9B27-4341-9AA9-B9F06EEE07DB}C:\users\matt leung\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\matt leung\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{E0A054B3-1642-4DAD-B7AF-7546DC10B3BB}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{EF91BA00-F12D-4074-8266-5DFF9A8A1BBE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F63867D6-C794-469A-952B-771595907820}C:\program files\aim5.9\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim5.9\aim.exe |
"UDP Query User{1C8DBD03-18F8-4131-8867-645889E947F9}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{216FBABA-8152-4D9B-BF32-5EC2872E3605}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"UDP Query User{26730124-D354-491A-B623-6A094FD37057}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{267DC21A-9A25-4189-A7C7-B93BB7DDA8DC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2E4130ED-1564-4654-B4CF-B1FDEB2AE1D5}C:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"UDP Query User{35200CF5-148C-422F-843D-03F64E43759C}C:\program files\tams11\games\farkle\farkle.exe" = protocol=17 | dir=in | app=c:\program files\tams11\games\farkle\farkle.exe |
"UDP Query User{56B698C5-DD3B-4969-8B3B-4422CB8F0ECF}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{5ADDA41C-1028-4702-B25A-08DEEC182033}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{5CA3979D-2750-4F97-AAC7-686247EB3E7A}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{611B19CE-15BC-4AEC-BF2B-2ACC1531907A}C:\program files\ea games\mohaa\mohaa.exe" = protocol=17 | dir=in | app=c:\program files\ea games\mohaa\mohaa.exe |
"UDP Query User{8E250B38-D5A4-4399-B073-D7C96E7DEB19}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{933EB8E7-3ADC-47CF-A2BA-EBEA1EE98B9F}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{9745C891-A521-4ED9-A266-E8CC8FD36592}C:\program files\aim5.9\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim5.9\aim.exe |
"UDP Query User{9B6F4BDC-60C5-418C-A2A7-AE8B65F0810E}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{9CA33E72-DCD0-44FE-964E-94C76DA43FF8}C:\program files\java\jre1.6.0_02\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_02\bin\javaw.exe |
"UDP Query User{A1B4761F-A1BF-43ED-A08C-0395F20DC748}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{C18D489D-B303-4CCB-84B7-01782A1A3323}C:\users\matt leung\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\matt leung\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{EBE7FFDB-4840-4D57-A62E-1E8C99DA2D9C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{EEFB3EE3-B850-4999-8C04-16BC6B56B8AA}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}" = Citrix Presentation Server Client
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41C18715-AFF0-49E9-B940-287A50532D33}" = Cisco Clean Access Agent
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{685DEA21-3622-455A-A41B-89557A168DFD}" = Ad-Aware
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{878D0EC5-9426-4CE7-9298-855D32CCE955}" = Live Search Club Toolbar
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C5F81D-0779-4932-BE83-32AAF814F4B9}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9E887DDE-2882-43E3-8AAF-127F8198030D}_is1" = Leawo Youtube Downloader Version: 3.1.2.0
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}" = HP User Guides 0090
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C042AFD4-32D3-4287-BBE8-845EE4D78C3E}" = Xcelsius 2008
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6BA4000-C659-4C49-98E1-1D2E9D57C808}" = DecisionTools Suite 5.0, Industrial Edition
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"023782E7-308A-4278-9762-947348D4DF34" = Polar Bowler from WildGames (remove only)
"169E7C03-35E3-4E8A-855F-225246CE3E5E" = Polar Golfer from WildGames (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Braid_is1" = Braid (Version 1.015)
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Google Updater" = Google Updater
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"iSkysoft DVD to iPhone Converter_is1" = iSkysoft DVD to iPhone Converter(Build 2.3.3.0)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Basic)
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad Audio Mixer
"MobileVideo For iPod_is1" = MobileVideo For iPod 3.6
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (4.0b1)" = Mozilla Firefox (4.0b1)
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"oovooToolbar" = ooVoo Toolbar
"PhotoStitch" = Canon Utilities PhotoStitch
"PopCap Browser Plugin" = PopCap Browser Plugin
"Portrait Professional 6_is1" = Portrait Professional 6.6
"PS3 Media Server" = PS3 Media Server
"PSpice Student" = PSpice Student 9.1
"PunkBusterSvc" = PunkBuster Services
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SEGAGenesisClassics" = SEGA Genesis Classics
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 400" = Portal
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"Vindictus" = Vindictus
"WavePad" = WavePad Sound Editor
"WildTangent CDA" = WildTangent Web Driver
"WinFF_is1" = WinFF 1.0
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Shoddy Battle" = Shoddy Battle
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#10
reallydumb4real

reallydumb4real

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the TDSSKiller log:

2011/06/15 17:25:16.0367 9956 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/15 17:25:16.0922 9956 ================================================================================
2011/06/15 17:25:16.0922 9956 SystemInfo:
2011/06/15 17:25:16.0922 9956
2011/06/15 17:25:16.0922 9956 OS Version: 6.0.6001 ServicePack: 1.0
2011/06/15 17:25:16.0922 9956 Product type: Workstation
2011/06/15 17:25:16.0922 9956 ComputerName: FREEPIZZA
2011/06/15 17:25:16.0923 9956 UserName: Matt Leung
2011/06/15 17:25:16.0923 9956 Windows directory: C:\Windows
2011/06/15 17:25:16.0923 9956 System windows directory: C:\Windows
2011/06/15 17:25:16.0923 9956 Processor architecture: Intel x86
2011/06/15 17:25:16.0923 9956 Number of processors: 2
2011/06/15 17:25:16.0923 9956 Page size: 0x1000
2011/06/15 17:25:16.0923 9956 Boot type: Normal boot
2011/06/15 17:25:16.0923 9956 ================================================================================
2011/06/15 17:25:17.0717 9956 Initialize success
2011/06/15 17:25:29.0290 5136 ================================================================================
2011/06/15 17:25:29.0290 5136 Scan started
2011/06/15 17:25:29.0290 5136 Mode: Manual;
2011/06/15 17:25:29.0290 5136 ================================================================================
2011/06/15 17:25:31.0869 5136 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/06/15 17:25:32.0030 5136 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/06/15 17:25:32.0188 5136 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/06/15 17:25:32.0349 5136 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/06/15 17:25:32.0485 5136 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/06/15 17:25:32.0666 5136 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/06/15 17:25:32.0811 5136 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/06/15 17:25:32.0946 5136 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/15 17:25:33.0120 5136 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/06/15 17:25:33.0195 5136 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/06/15 17:25:33.0331 5136 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/06/15 17:25:33.0548 5136 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/06/15 17:25:33.0682 5136 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/15 17:25:33.0909 5136 ApfiltrService (b49a709f65bf3beaa2b03f8ec139d568) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/06/15 17:25:34.0132 5136 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/06/15 17:25:34.0280 5136 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/06/15 17:25:34.0572 5136 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/15 17:25:35.0112 5136 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/06/15 17:25:35.0305 5136 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/06/15 17:25:35.0451 5136 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/15 17:25:35.0586 5136 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/06/15 17:25:35.0728 5136 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/15 17:25:35.0869 5136 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/15 17:25:35.0983 5136 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/15 17:25:36.0119 5136 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/15 17:25:36.0143 5136 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/15 17:25:36.0187 5136 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/15 17:25:36.0229 5136 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/15 17:25:36.0364 5136 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/15 17:25:36.0539 5136 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
2011/06/15 17:25:36.0659 5136 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/15 17:25:36.0804 5136 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/15 17:25:36.0968 5136 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/06/15 17:25:37.0059 5136 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/06/15 17:25:37.0212 5136 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/15 17:25:37.0372 5136 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/06/15 17:25:37.0537 5136 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2011/06/15 17:25:37.0682 5136 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/15 17:25:37.0817 5136 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/06/15 17:25:37.0953 5136 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/06/15 17:25:38.0087 5136 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/06/15 17:25:38.0158 5136 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/06/15 17:25:38.0337 5136 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/15 17:25:38.0507 5136 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/15 17:25:38.0640 5136 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/15 17:25:38.0963 5136 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/06/15 17:25:39.0119 5136 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/06/15 17:25:39.0214 5136 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/06/15 17:25:39.0422 5136 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/06/15 17:25:39.0565 5136 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/06/15 17:25:39.0714 5136 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/15 17:25:39.0864 5136 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/15 17:25:39.0989 5136 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/15 17:25:40.0204 5136 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/15 17:25:40.0235 5136 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/06/15 17:25:40.0359 5136 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/15 17:25:40.0482 5136 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/15 17:25:40.0608 5136 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/06/15 17:25:40.0816 5136 HdAudAddService (4487da7bd384caafa0c620b19fea540a) C:\Windows\system32\drivers\CHDART.sys
2011/06/15 17:25:40.0956 5136 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/15 17:25:41.0106 5136 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/15 17:25:41.0259 5136 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/15 17:25:41.0385 5136 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/15 17:25:41.0536 5136 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/06/15 17:25:41.0656 5136 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/06/15 17:25:41.0802 5136 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
2011/06/15 17:25:41.0999 5136 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/06/15 17:25:42.0274 5136 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/06/15 17:25:42.0428 5136 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/06/15 17:25:42.0591 5136 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2011/06/15 17:25:42.0727 5136 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/06/15 17:25:42.0905 5136 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/15 17:25:43.0044 5136 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/15 17:25:43.0229 5136 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/15 17:25:43.0455 5136 igfx (0391268713612372e4e0eceaadad41d5) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/15 17:25:43.0595 5136 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/15 17:25:43.0740 5136 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/15 17:25:43.0870 5136 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/15 17:25:44.0327 5136 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/15 17:25:44.0473 5136 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/15 17:25:44.0606 5136 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/15 17:25:44.0727 5136 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/06/15 17:25:44.0872 5136 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/15 17:25:45.0059 5136 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/15 17:25:45.0200 5136 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/15 17:25:45.0333 5136 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/15 17:25:45.0477 5136 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/15 17:25:45.0632 5136 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/15 17:25:45.0763 5136 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/06/15 17:25:45.0912 5136 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
2011/06/15 17:25:46.0114 5136 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\Windows\system32\drivers\libusb0.sys
2011/06/15 17:25:46.0243 5136 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/15 17:25:46.0407 5136 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/15 17:25:46.0570 5136 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/15 17:25:46.0804 5136 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/15 17:25:46.0934 5136 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/15 17:25:47.0110 5136 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/06/15 17:25:47.0267 5136 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/15 17:25:47.0418 5136 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/06/15 17:25:47.0583 5136 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/06/15 17:25:47.0723 5136 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/15 17:25:47.0875 5136 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/15 17:25:48.0015 5136 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/15 17:25:48.0182 5136 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/15 17:25:48.0310 5136 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/15 17:25:48.0451 5136 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/06/15 17:25:48.0582 5136 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/15 17:25:48.0733 5136 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/15 17:25:48.0858 5136 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/06/15 17:25:49.0020 5136 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/15 17:25:49.0179 5136 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/15 17:25:49.0315 5136 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/15 17:25:49.0478 5136 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/06/15 17:25:49.0613 5136 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/06/15 17:25:49.0757 5136 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/15 17:25:49.0877 5136 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/15 17:25:50.0058 5136 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/15 17:25:50.0206 5136 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/15 17:25:50.0335 5136 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/15 17:25:50.0483 5136 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/06/15 17:25:50.0611 5136 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/15 17:25:50.0739 5136 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/15 17:25:50.0887 5136 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/06/15 17:25:51.0080 5136 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/15 17:25:51.0235 5136 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/06/15 17:25:51.0366 5136 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/15 17:25:51.0492 5136 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/15 17:25:51.0646 5136 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/15 17:25:51.0809 5136 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/15 17:25:51.0950 5136 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/15 17:25:52.0201 5136 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/15 17:25:52.0424 5136 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/06/15 17:25:52.0577 5136 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/15 17:25:52.0707 5136 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/06/15 17:25:52.0863 5136 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/15 17:25:53.0087 5136 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/06/15 17:25:53.0231 5136 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/15 17:25:53.0424 5136 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/06/15 17:25:53.0572 5136 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/15 17:25:53.0750 5136 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2011/06/15 17:25:53.0892 5136 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/06/15 17:25:54.0025 5136 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/06/15 17:25:54.0109 5136 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/06/15 17:25:54.0223 5136 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/15 17:25:54.0325 5136 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/15 17:25:54.0485 5136 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/06/15 17:25:54.0608 5136 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/15 17:25:54.0749 5136 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/06/15 17:25:54.0870 5136 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/06/15 17:25:55.0007 5136 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/15 17:25:55.0224 5136 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/15 17:25:55.0478 5136 Point32 (437827d69040c0c2565d47b024ed5372) C:\Windows\system32\DRIVERS\point32k.sys
2011/06/15 17:25:55.0621 5136 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/15 17:25:55.0748 5136 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/06/15 17:25:55.0950 5136 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/15 17:25:56.0136 5136 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/06/15 17:25:56.0286 5136 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/15 17:25:56.0416 5136 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/15 17:25:56.0567 5136 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/15 17:25:56.0720 5136 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/15 17:25:56.0867 5136 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/15 17:25:56.0998 5136 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/15 17:25:57.0124 5136 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/15 17:25:57.0285 5136 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/15 17:25:57.0454 5136 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/06/15 17:25:57.0574 5136 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/15 17:25:57.0739 5136 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/06/15 17:25:57.0889 5136 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/06/15 17:25:58.0042 5136 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/06/15 17:25:58.0166 5136 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/06/15 17:25:58.0342 5136 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/15 17:25:58.0423 5136 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/15 17:25:58.0465 5136 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/15 17:25:58.0600 5136 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/15 17:25:58.0758 5136 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/15 17:25:58.0934 5136 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/15 17:25:59.0122 5136 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/15 17:25:59.0271 5136 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/15 17:25:59.0416 5136 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/15 17:25:59.0577 5136 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/15 17:25:59.0711 5136 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/15 17:25:59.0842 5136 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/15 17:25:59.0997 5136 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/15 17:26:00.0135 5136 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/06/15 17:26:00.0192 5136 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/06/15 17:26:00.0263 5136 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/06/15 17:26:00.0434 5136 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/06/15 17:26:00.0579 5136 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/15 17:26:00.0710 5136 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
2011/06/15 17:26:00.0840 5136 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/15 17:26:00.0992 5136 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/15 17:26:01.0189 5136 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/15 17:26:01.0361 5136 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/15 17:26:01.0530 5136 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/15 17:26:01.0668 5136 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/15 17:26:01.0866 5136 Tcpip (8a7ad2a214233f684242f289ed83ebc3) C:\Windows\system32\drivers\tcpip.sys
2011/06/15 17:26:02.0032 5136 Tcpip6 (8a7ad2a214233f684242f289ed83ebc3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/15 17:26:02.0142 5136 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/15 17:26:02.0321 5136 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/15 17:26:02.0466 5136 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/15 17:26:02.0618 5136 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/15 17:26:02.0792 5136 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/15 17:26:02.0981 5136 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/15 17:26:03.0119 5136 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/15 17:26:03.0167 5136 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/15 17:26:03.0218 5136 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/15 17:26:03.0351 5136 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/15 17:26:03.0529 5136 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/15 17:26:03.0707 5136 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/15 17:26:03.0846 5136 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/15 17:26:03.0977 5136 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/15 17:26:04.0017 5136 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/15 17:26:04.0130 5136 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/15 17:26:04.0264 5136 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/15 17:26:04.0398 5136 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/15 17:26:04.0541 5136 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/15 17:26:04.0672 5136 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/15 17:26:04.0809 5136 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/15 17:26:04.0968 5136 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/15 17:26:05.0130 5136 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/15 17:26:05.0289 5136 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/15 17:26:05.0453 5136 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/15 17:26:05.0594 5136 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/15 17:26:05.0759 5136 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/15 17:26:05.0889 5136 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/15 17:26:06.0027 5136 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/15 17:26:06.0207 5136 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/15 17:26:06.0344 5136 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/15 17:26:06.0439 5136 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/15 17:26:06.0510 5136 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/06/15 17:26:06.0579 5136 volsnap (0b91f93264b06ee3fceba84ef4676995) C:\Windows\system32\drivers\volsnap.sys
2011/06/15 17:26:06.0589 5136 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/06/15 17:26:06.0668 5136 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/15 17:26:06.0739 5136 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/15 17:26:06.0812 5136 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/15 17:26:06.0836 5136 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/15 17:26:07.0006 5136 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/15 17:26:07.0146 5136 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/15 17:26:07.0311 5136 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/15 17:26:07.0525 5136 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/15 17:26:07.0801 5136 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/15 17:26:07.0885 5136 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/15 17:26:08.0098 5136 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/15 17:26:08.0280 5136 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/15 17:26:08.0486 5136 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/06/15 17:26:08.0556 5136 MBR (0x1B8) (0f3b3ca2a559b59f5dab39e15f4346ed) \Device\Harddisk0\DR0
2011/06/15 17:26:08.0578 5136 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/15 17:26:08.0588 5136 ================================================================================
2011/06/15 17:26:08.0588 5136 Scan finished
2011/06/15 17:26:08.0588 5136 ================================================================================
2011/06/15 17:26:08.0612 11252 Detected object count: 2
2011/06/15 17:26:08.0612 11252 Actual detected object count: 2
2011/06/15 17:27:14.0609 11252 volsnap (0b91f93264b06ee3fceba84ef4676995) C:\Windows\system32\drivers\volsnap.sys
2011/06/15 17:27:14.0997 11252 Backup copy found, using it..
2011/06/15 17:27:15.0013 11252 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot
2011/06/15 17:27:15.0013 11252 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2011/06/15 17:27:15.0113 11252 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/15 17:27:15.0113 11252 \Device\Harddisk0\DR0 - ok
2011/06/15 17:27:15.0114 11252 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/15 17:27:31.0918 4904 Deinitialize success
  • 0

#11
reallydumb4real

reallydumb4real

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
And here is the aswMBR log. Thanks for your help!

aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-15 17:31:56
-----------------------------
17:31:56.065 OS Version: Windows 6.0.6001 Service Pack 1
17:31:56.065 Number of processors: 2 586 0xF0D
17:31:56.065 ComputerName: FREEPIZZA UserName:
17:32:17.515 Initialize success
17:32:25.440 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:32:25.440 Disk 0 Vendor: Hitachi_ BBFO Size: 238475MB BusType: 3
17:32:25.456 Disk 0 MBR read successfully
17:32:25.456 Disk 0 MBR scan
17:32:25.456 Disk 0 unknown MBR code
17:32:25.471 Disk 0 scanning sectors +488392065
17:32:25.503 Disk 0 scanning C:\Windows\system32\drivers
17:32:32.507 Service scanning
17:32:33.849 Disk 0 trace - called modules:
17:32:33.849 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
17:32:33.864 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86170ac8]
17:32:33.864 3 CLASSPNP.SYS[8a59f745] -> nt!IofCallDriver -> [0x85130798]
17:32:33.864 5 acpi.sys[806a06a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8511f030]
17:32:33.880 Scan finished successfully
17:32:50.182 Disk 0 MBR has been saved successfully to "C:\Users\Matt Leung\Desktop\MBR.dat"
17:32:50.197 The log file has been saved successfully to "C:\Users\Matt Leung\Desktop\aswMBR.txt"
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi reallydumb4real

Test your system after this step and let me know do you still get redirected/view adds.

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [cleanddm] File not found
    O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O33 - MountPoints2\{0cba5206-6451-11dd-86d6-001d72684f8b}\Shell\AutoRun\command - "" = F:\Launch.exe
    O33 - MountPoints2\{3dce7f5c-c59a-11de-8dde-001d72684f8b}\Shell - "" = AutoRun
    O33 - MountPoints2\{3dce7f5c-c59a-11de-8dde-001d72684f8b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{9eeeedca-bbd7-11dd-ace8-001d72684f8b}\Shell\Auto\command - "" = F:\Setup.exe
    O33 - MountPoints2\{9eeeedca-bbd7-11dd-ace8-001d72684f8b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Setup.exe
    O33 - MountPoints2\{a85aaca1-92f5-11e0-8af6-001d72684f8b}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe
    O33 - MountPoints2\{c0b3c010-6c00-11dd-964a-001d72684f8b}\Shell - "" = AutoRun
    O33 - MountPoints2\{c0b3c010-6c00-11dd-964a-001d72684f8b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    [2011/05/01 23:22:49 | 000,002,642 | -HS- | C] () -- C:\Users\Matt Leung\AppData\Local\e6cj5tlvi1v865yfa8f352520352u236
    [2011/05/01 23:22:49 | 000,002,642 | -HS- | C] () -- C:\ProgramData\e6cj5tlvi1v865yfa8f352520352u236

    :Files
    ipconfig /flushdns /c
    C:\Users\Matt Leung\AppData\Local\e6cj5tlvi1v865yfa8f352520352u236
    C:\ProgramData\e6cj5tlvi1v865yfa8f352520352u236

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [resethosts]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP