Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System restore virus and google redirect

Started by notsure24 , Oct 18 2011 08:37 PM

  • This topic is locked This topic is locked

#1
notsure24
Posted 18 October 2011 - 08:37 PM

notsure24

    New Member

  • Member
  • Pip
  • 8 posts
I seem to have gotten the system restore virus a couple days ago. I actually used the real windows restore to go back a couple days and recovered my desktop and start/desktop items. However, I am still getting redirected google searches (and probably more stuff I don't even know about).

I have run malwarebytes anti malware in safe mode with networking. It removed several items the first time and finds nothing now. I have run my ESET antivirus (received this msg: "Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean"). I ran OTL as suggested before starting a topic here. I have also run that TDSS killer (or whatever it is) and it found nothing.

I look forward to any help you can give me. If I haven't explained the important parts fully, just let me know! Thanks!
  • 0

Advertisements

#2
Essexboy
Posted 19 October 2011 - 01:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see what you have shall we

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
notsure24
Posted 19 October 2011 - 05:10 PM

notsure24

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the aswMBR log. I will post the other log as soon as I finish it.

Thank you for your reply and help!

Attached Files


  • 0

#4
notsure24
Posted 19 October 2011 - 05:48 PM

notsure24

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I ran the OTL scan last night and then I just ran it again today as instructed (checking the all users box). It created an OTL.txt log for today, but the extras.txt log seems to be from last night. I have attached them both. Do I need to delete something and run the scan again for a current extras.txt log or is this enough? Thanks for your help!

OTL logfile created on: 10/19/2011 5:14:23 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Asus\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 53.32% Memory free
8.17 Gb Paging File | 6.23 Gb Available in Paging File | 76.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.15 Gb Total Space | 56.40 Gb Free Space | 25.39% Space Free | Partition Type: NTFS

Computer Name: ASUS-PC | User Name: Asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/10/19 17:11:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Asus\Downloads\OTL (1).exe
PRC - [2011/07/09 22:11:29 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/28 18:44:14 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
PRC - [2011/02/28 18:44:14 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2008/09/02 19:11:04 | 008,105,984 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2008/08/29 17:06:16 | 000,223,800 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2008/08/13 23:00:16 | 000,158,264 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/13 23:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/13 22:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/08/13 22:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 18:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/06/24 21:01:08 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/06/18 00:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2007/08/08 02:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/01/21 04:40:39 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv)
SRV:64bit: - [2007/08/08 02:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV:64bit: - [2007/08/03 14:24:54 | 000,125,496 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/31 16:51:13 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/13 22:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/12/21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/12/21 13:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/12 22:57:55 | 000,019,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/10 23:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/01/20 06:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/10/15 21:17:17 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/09/05 14:20:19 | 000,058,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/08/28 09:57:23 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/06/24 15:50:00 | 000,065,024 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/06/03 00:41:49 | 000,017,464 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/03/05 02:12:25 | 001,611,152 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\StkCMini.sys -- (StkCMini)
DRV:64bit: - [2008/01/20 20:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2007/12/18 19:57:12 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2007/12/06 04:12:55 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/08/02 22:26:47 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV:64bit: - [2007/07/27 21:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 22:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 13:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/27 07:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006/10/03 19:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2006/12/17 18:23:04 | 000,005,248 | ---- | M] (ACE CAD Enterprise Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DigimHID.SYS -- (DigimHID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=ASUS&bmod=ASUS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-232308359-316472038-1358654997-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE - HKU\S-1-5-21-232308359-316472038-1358654997-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKU\S-1-5-21-232308359-316472038-1358654997-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-232308359-316472038-1358654997-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {08FCC151-8678-4544-A9F3-45D230F4EB89}:1.9.1
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Asus\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Asus\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Asus\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2011/03/25 21:55:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{08FCC151-8678-4544-A9F3-45D230F4EB89}: C:\Users\Asus\AppData\Local\{08FCC151-8678-4544-A9F3-45D230F4EB89} [2011/02/21 17:01:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/06 02:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/16 18:36:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/01 18:52:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/17 15:13:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/03/25 21:55:04 | 000,000,000 | ---D | M]

[2011/08/11 17:07:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Extensions
[2010/06/24 11:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/11 17:07:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2009/06/02 22:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/03/22 22:56:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\a3onr9d9.default\extensions
[2010/04/28 07:23:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\a3onr9d9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/02 08:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Sunbird\Profiles\0ocvi8sf.default\extensions
[2009/11/22 11:16:51 | 000,002,172 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\a3onr9d9.default\searchplugins\bing.xml
[2011/03/23 17:28:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/14 10:55:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/02/21 17:01:56 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ASUS\APPDATA\LOCAL\{08FCC151-8678-4544-A9F3-45D230F4EB89}
[2011/10/01 18:52:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Asus\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Asus\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Asus\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Asus\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Asus\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Asus\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2011/10/18 20:04:08 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-232308359-316472038-1358654997-1000..\Run: [WorldTime2006] C:\Program Files (x86)\AnyTime Organizer Premier\WorldTime.exe /reg File not found
O4 - Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\palmOne Registration.lnk = C:\Program Files (x86)\palmOne\register.exe (palmOne/Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-232308359-316472038-1358654997-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-232308359-316472038-1358654997-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-232308359-316472038-1358654997-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-232308359-316472038-1358654997-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: vmjdciedytkjjxwuboywTaskMgr = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9954A12-2F89-46BC-B07F-CE3C633A7D1C}: DhcpNameServer = 24.116.2.50 24.116.2.34
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Asus\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Asus\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{67198d42-17fa-11de-93f4-00248c0f95c4}\Shell - "" = AutoRun
O33 - MountPoints2\{67198d42-17fa-11de-93f4-00248c0f95c4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/18 20:10:03 | 000,000,000 | ---D | C] -- C:\Users\Asus\Desktop\Virus stuff
[2011/10/18 20:04:06 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/18 20:01:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/18 20:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/10/18 20:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/10/18 19:47:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/10/17 20:38:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/17 20:34:28 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/10/17 18:11:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/17 18:10:28 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/10/16 19:19:47 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{8BC682D5-BBAB-4AAD-8ACE-1DA13078C880}
[2011/10/16 19:19:32 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{94A849E1-7EAD-4011-A778-CB8C499EBAC7}
[2011/10/16 16:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware(51)
[2011/10/16 12:28:06 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{89BE7966-638F-4C38-A1A8-260191E01B6E}
[2011/10/16 12:27:43 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{BA5E55DE-FDD9-4055-9C07-6752BF4B6DC4}
[2011/10/15 20:24:19 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{8395BE3A-53A4-41B0-AB45-2B746D6CAB9F}
[2011/10/15 20:23:56 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{FEC7E815-0706-4A82-A243-1F4163CA98D3}
[2011/10/12 20:28:33 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{D7E4BECA-C574-40F8-9741-7859825A42F1}
[2011/10/12 20:28:20 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{75B7314A-7A1B-46F2-8CBF-BB21736CB421}
[2011/10/10 07:11:24 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{7A4AC503-F8AF-413E-BCB5-E18699ED67EF}
[2011/10/10 07:10:57 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{818F5073-43B7-4859-AB5E-8C106710A6CF}
[2011/10/09 17:22:41 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{259A2397-C7BB-4CD2-B739-2D495E4B7660}
[2011/10/09 17:22:18 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{91AB0C84-BC25-4048-9C78-C8F0D8F47FE7}
[2011/10/08 09:19:54 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{9892C122-BD14-49FE-A6EF-EFDACF7D5349}
[2011/10/08 09:19:52 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{7395634D-7245-4991-A285-D9A9E5A9BB42}
[2011/10/07 11:28:56 | 000,000,000 | ---D | C] -- C:\Users\Asus\Documents\Health and Fitness
[2011/10/07 11:27:20 | 000,000,000 | ---D | C] -- C:\Users\Asus\Documents\ISCA Conferences and Info
[2011/10/06 16:44:48 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{162CB08F-761B-4952-B8C5-A4A85A4C8D12}
[2011/10/06 16:44:47 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{A29699E5-99E8-42E0-B502-CED636567E0D}
[2011/10/04 21:52:24 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{CAB68855-473D-41BB-AD83-D0B4472BA524}
[2011/10/04 21:52:02 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{A61BB1C9-F4B8-41C5-9AD3-99199F12ECD2}
[2011/10/03 22:48:20 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{842A2E9E-79BB-46AC-8DC0-7936FDDA5A1D}
[2011/10/03 22:47:57 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{D2F4D628-3E96-4956-BB78-3DC0AFEB0D1C}
[2011/10/03 22:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/10/02 11:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 Wheels of Steel American Long Haul
[2011/10/02 11:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\18 Wheels of Steel American Long Haul
[2011/10/02 10:03:05 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{C73AEB77-608D-479E-A9C0-ECC78B9CA670}
[2011/10/02 10:02:42 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{0B88B5ED-4139-4043-A342-A80A7EF271CF}
[2011/10/01 21:13:16 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/01 19:43:05 | 000,000,000 | ---D | C] -- C:\Users\Asus\Documents\18 WoS American Long Haul
[2011/10/01 19:24:42 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{C3805DC3-8ACD-49B6-86BF-1C6AE23E76A9}
[2011/10/01 19:24:19 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{F1C49FD2-931F-4807-8BB1-E7EF32ECAD0C}
[2011/09/30 22:37:18 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{4C16B993-1BB0-4843-B62F-6A0F04A6BD2F}
[2011/09/30 22:36:55 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{D03EA835-63DC-4029-938D-F15FC35BBE4A}
[2011/09/28 17:56:10 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{CAFEF3F2-E7CD-4D88-BF87-26F8FC64B9D7}
[2011/09/28 17:55:47 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{BC36DBD1-7474-4B3E-A08D-C363543C34D8}
[2011/09/27 23:00:22 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{396BD949-1672-4D91-B427-05EA8C0BA99A}
[2011/09/27 23:00:00 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{E96FEA20-CC1D-410C-AAB1-1FC5B7FA959C}
[2011/09/26 18:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HotSync
[2011/09/26 18:49:19 | 000,000,000 | ---D | C] -- C:\Users\Asus\{13ab9cba-69ae-4ab8-b2fd-31894ac6e795}
[2011/09/26 18:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\palmOne
[2011/09/26 18:46:28 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{3156FBA1-35E9-4811-8CE9-486A5B2E5A76}
[2011/09/26 18:46:04 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{21349F3F-30B4-44B9-AFB9-8925049208C7}
[2011/09/26 18:45:26 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\HotSync
[2011/09/25 17:48:27 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{E47D9BEA-81D7-433D-9D92-F1C7C3F7C519}
[2011/09/25 17:48:16 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{23E1E314-9BEE-4856-91AC-44E0A392DAA9}
[2011/09/25 15:06:05 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{6D36242F-0CFF-4F55-8CFC-F0A24D160214}
[2011/09/25 15:05:42 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{F490AD18-FBAB-4D46-B818-078A6FBB8004}
[2011/09/24 22:49:27 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{D96CA3D5-BD35-4C36-A2F8-F1B580B84F58}
[2011/09/24 22:49:04 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{E1013190-F5B8-45FF-BEC5-617F4158F85F}
[2011/09/23 22:28:10 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{EC0B5822-B29D-4550-B349-9A6119574537}
[2011/09/23 22:27:47 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{C0669106-AABA-4273-94B4-579727F13311}
[2011/09/20 12:37:53 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{CC5A8DE9-0B4F-4CA4-98E9-977036F307D7}
[2011/09/20 12:37:30 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{0D61472A-C7F0-4F40-9CFA-17ED4C461276}

========== Files - Modified Within 30 Days ==========

[2011/10/19 17:16:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232308359-316472038-1358654997-1000UA.job
[2011/10/19 16:58:39 | 000,134,408 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/19 16:58:39 | 000,134,408 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/19 16:56:31 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/10/19 16:53:40 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/19 16:53:40 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/19 16:53:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/18 21:16:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232308359-316472038-1358654997-1000Core.job
[2011/10/18 20:04:08 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/10/18 20:00:57 | 000,000,770 | ---- | M] () -- C:\Users\Asus\Desktop\NTREGOPT.lnk
[2011/10/18 20:00:57 | 000,000,751 | ---- | M] () -- C:\Users\Asus\Desktop\ERUNT.lnk
[2011/10/18 19:47:53 | 000,000,732 | ---- | M] () -- C:\Users\Asus\AppData\Local\d3d9caps64.dat
[2011/10/17 21:15:48 | 000,301,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/17 20:54:27 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2011/10/17 20:40:33 | 000,818,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/17 20:40:33 | 000,672,792 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/17 20:40:33 | 000,132,182 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/17 20:34:28 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/10/17 18:46:25 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/17 17:58:29 | 613,710,514 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/16 16:01:21 | 000,000,280 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/10/16 16:01:21 | 000,000,192 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/10/16 16:01:10 | 000,000,328 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/10/13 20:22:41 | 000,000,986 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\palmOne Registration.lnk
[2011/10/12 18:44:25 | 000,000,832 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/02 11:09:42 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\18 Wheels of Steel American Long Haul.lnk
[2011/10/01 21:14:49 | 000,002,006 | ---- | M] () -- C:\Users\Asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/26 18:49:41 | 000,001,745 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
[2011/09/26 18:48:48 | 000,001,651 | ---- | M] () -- C:\Users\Public\Desktop\Palm Desktop.lnk
[2011/09/26 18:45:26 | 000,000,094 | ---- | M] () -- C:\Windows\family.ini
[2011/09/26 16:51:57 | 000,171,008 | ---- | M] () -- C:\Users\Asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/10/18 20:00:57 | 000,000,770 | ---- | C] () -- C:\Users\Asus\Desktop\NTREGOPT.lnk
[2011/10/18 20:00:57 | 000,000,751 | ---- | C] () -- C:\Users\Asus\Desktop\ERUNT.lnk
[2011/10/17 18:46:25 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/16 17:53:36 | 000,000,732 | ---- | C] () -- C:\Users\Asus\AppData\Local\d3d9caps64.dat
[2011/10/16 16:01:21 | 000,000,280 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/10/16 16:01:21 | 000,000,192 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/10/16 16:01:10 | 000,000,328 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/10/02 11:09:42 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\18 Wheels of Steel American Long Haul.lnk
[2011/10/01 21:13:31 | 000,002,006 | ---- | C] () -- C:\Users\Asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/01 21:11:56 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232308359-316472038-1358654997-1000UA.job
[2011/10/01 21:11:56 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232308359-316472038-1358654997-1000Core.job
[2011/09/26 18:52:32 | 000,000,986 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\palmOne Registration.lnk
[2011/09/26 18:49:41 | 000,001,745 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
[2011/09/26 18:48:48 | 000,001,651 | ---- | C] () -- C:\Users\Public\Desktop\Palm Desktop.lnk
[2011/08/16 23:57:39 | 000,000,080 | RHS- | C] () -- C:\Windows\SysWow64\10C8299AD0.dll
[2011/08/11 19:15:07 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2011/05/15 15:43:44 | 000,709,456 | ---- | C] () -- C:\Windows\is-BCSAJ.exe
[2011/05/15 13:11:55 | 000,012,668 | -HS- | C] () -- C:\Users\Asus\AppData\Local\kqxjax25212syk721811b172n8n71yg66c
[2011/05/15 13:11:55 | 000,012,668 | -HS- | C] () -- C:\ProgramData\kqxjax25212syk721811b172n8n71yg66c
[2010/12/11 19:23:38 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2010/08/14 07:49:22 | 000,000,680 | ---- | C] () -- C:\Users\Asus\AppData\Local\d3d9caps.dat
[2010/03/24 19:28:42 | 000,000,599 | ---- | C] () -- C:\Windows\eReg.dat
[2010/02/15 14:25:02 | 000,024,226 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\UserTile.png
[2010/01/24 13:39:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\fsacars.ini
[2009/12/03 16:02:53 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 16:02:36 | 000,033,797 | ---- | C] () -- C:\Windows\SysWow64\hlp.dat
[2009/12/03 16:02:04 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 16:01:18 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/06 00:29:45 | 000,744,188 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/05 23:34:46 | 000,000,106 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\wklnhst.dat
[2009/11/03 17:45:22 | 000,128,884 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2009/11/02 18:28:21 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2009/09/29 19:36:08 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.dat
[2009/06/11 15:21:49 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2009/05/31 18:21:21 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2009/04/19 18:41:14 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/04/03 19:20:36 | 000,171,008 | ---- | C] () -- C:\Users\Asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/31 21:29:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/03/31 20:32:59 | 000,000,083 | ---- | C] () -- C:\Users\Asus\AppData\Local\X-Plane Installer.prf
[2009/03/23 16:55:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/03/23 14:37:37 | 000,002,039 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\install.dat
[2009/03/23 14:34:09 | 000,134,408 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/01/16 19:07:16 | 000,134,408 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/01/16 17:48:10 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/09/19 05:41:00 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2008/06/12 19:23:13 | 000,080,400 | ---- | C] () -- C:\Windows\StkUnist.exe
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2000/01/28 00:00:00 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\wrkgadm.exe
[2000/01/28 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL

========== LOP Check ==========

[2009/03/31 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\2K Sports
[2009/04/04 11:45:18 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Absolute
[2009/11/01 00:45:58 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Amazon
[2010/12/07 18:39:24 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\AVG
[2010/12/02 21:48:36 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\AVG10
[2011/05/13 19:10:57 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Digiarty
[2011/08/11 17:56:08 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Efficient Calendar Free
[2009/09/06 11:35:17 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\ESET
[2011/05/13 20:50:14 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\HandBrake
[2011/09/26 18:45:26 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\HotSync
[2011/08/16 23:59:10 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Individual Software
[2011/07/15 17:05:24 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\IrfanView
[2009/04/01 18:45:52 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Leadertech
[2010/09/28 14:32:39 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\LimeWire
[2010/12/02 20:52:55 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\MSA
[2011/03/10 21:11:45 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Octoshape
[2010/02/15 14:25:02 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\PeerNetworking
[2009/03/31 20:21:20 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Premiere
[2010/12/09 17:50:09 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Registry Mechanic
[2010/09/19 21:48:48 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\SecondLife
[2010/04/16 17:06:35 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\SystemRequirementsLab
[2011/07/13 02:44:13 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Template
[2010/06/24 11:51:28 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Thunderbird
[2009/11/02 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Trondent Development Corp
[2011/08/17 00:07:30 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Utech Computer Solutions
[2010/11/01 23:36:03 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Windows Live Writer
[2011/10/19 00:00:52 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 00:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 20:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 00:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/29 23:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 20:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 20:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 20:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 20:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 20:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 20:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

Attached Files

  • Attached File  Extras.Txt   71.31KB   156 downloads
  • Attached File  OTL.Txt   109.72KB   113 downloads

  • 0

#5
Essexboy
Posted 20 October 2011 - 11:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets get to work now - could you confirm that all your shortcuts and icons are back now

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/02/21 17:01:56 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ASUS\APPDATA\LOCAL\{08FCC151-8678-4544-A9F3-45D230F4EB89}
    O7 - HKU\S-1-5-21-232308359-316472038-1358654997-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: vmjdciedytkjjxwuboywTaskMgr = 0
    [2011/10/16 16:01:21 | 000,000,280 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
    [2011/10/16 16:01:21 | 000,000,192 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
    [2011/10/16 16:01:10 | 000,000,328 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
    [2011/05/15 13:11:55 | 000,012,668 | -HS- | C] () -- C:\Users\Asus\AppData\Local\kqxjax25212syk721811b172n8n71yg66c
    [2011/05/15 13:11:55 | 000,012,668 | -HS- | C] () -- C:\ProgramData\kqxjax25212syk721811b172n8n71yg66c

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#6
notsure24
Posted 20 October 2011 - 04:50 PM

notsure24

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Yes my desktop background, shortcuts, and icons are showing. I will get to work with the fix you posted and then post the log.
  • 0

#7
notsure24
Posted 20 October 2011 - 05:18 PM

notsure24

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I have attached the OTL file and copy/pasted the TDSS info. The startup log at OTL noted that it failed to move a file for whatever that's worth. Thanks for your continued help!

17:07:18.0269 4408 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
17:07:18.0979 4408 ============================================================
17:07:18.0979 4408 Current date / time: 2011/10/20 17:07:18.0979
17:07:18.0979 4408 SystemInfo:
17:07:18.0979 4408
17:07:18.0979 4408 OS Version: 6.0.6002 ServicePack: 2.0
17:07:18.0979 4408 Product type: Workstation
17:07:18.0979 4408 ComputerName: ASUS-PC
17:07:18.0979 4408 UserName: Asus
17:07:18.0979 4408 Windows directory: C:\Windows
17:07:18.0979 4408 System windows directory: C:\Windows
17:07:18.0979 4408 Running under WOW64
17:07:18.0979 4408 Processor architecture: Intel x64
17:07:18.0979 4408 Number of processors: 2
17:07:18.0979 4408 Page size: 0x1000
17:07:18.0979 4408 Boot type: Normal boot
17:07:18.0979 4408 ============================================================
17:07:20.0377 4408 Initialize success
17:08:02.0468 3012 ============================================================
17:08:02.0468 3012 Scan started
17:08:02.0468 3012 Mode: Manual; SigCheck; TDLFS;
17:08:02.0468 3012 ============================================================
17:08:06.0608 3012 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
17:08:06.0831 3012 ACPI - ok
17:08:07.0052 3012 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
17:08:07.0243 3012 adp94xx - ok
17:08:07.0450 3012 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
17:08:07.0534 3012 adpahci - ok
17:08:07.0566 3012 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
17:08:07.0604 3012 adpu160m - ok
17:08:07.0687 3012 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
17:08:07.0710 3012 adpu320 - ok
17:08:07.0854 3012 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
17:08:08.0313 3012 AFD - ok
17:08:08.0542 3012 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
17:08:08.0592 3012 agp440 - ok
17:08:08.0666 3012 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
17:08:08.0681 3012 aic78xx - ok
17:08:08.0738 3012 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
17:08:08.0773 3012 aliide - ok
17:08:08.0912 3012 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
17:08:08.0944 3012 amdide - ok
17:08:09.0154 3012 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
17:08:09.0347 3012 AmdK8 - ok
17:08:09.0571 3012 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
17:08:09.0605 3012 arc - ok
17:08:09.0674 3012 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
17:08:09.0706 3012 arcsas - ok
17:08:09.0802 3012 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
17:08:09.0849 3012 ASMMAP64 - ok
17:08:10.0271 3012 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
17:08:10.0411 3012 AsyncMac - ok
17:08:10.0852 3012 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
17:08:10.0884 3012 atapi - ok
17:08:11.0514 3012 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
17:08:11.0582 3012 blbdrive - ok
17:08:11.0841 3012 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
17:08:11.0909 3012 bowser - ok
17:08:12.0310 3012 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
17:08:12.0703 3012 BrFiltLo - ok
17:08:12.0859 3012 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
17:08:13.0000 3012 BrFiltUp - ok
17:08:13.0122 3012 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
17:08:13.0363 3012 Brserid - ok
17:08:13.0560 3012 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
17:08:13.0654 3012 BrSerWdm - ok
17:08:14.0228 3012 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
17:08:14.0331 3012 BrUsbMdm - ok
17:08:14.0474 3012 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
17:08:14.0556 3012 BrUsbSer - ok
17:08:14.0868 3012 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
17:08:14.0965 3012 BTHMODEM - ok
17:08:15.0116 3012 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
17:08:15.0274 3012 cdfs - ok
17:08:15.0404 3012 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
17:08:15.0535 3012 cdrom - ok
17:08:15.0676 3012 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
17:08:15.0862 3012 circlass - ok
17:08:16.0076 3012 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
17:08:16.0161 3012 CLFS - ok
17:08:16.0393 3012 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
17:08:16.0500 3012 CmBatt - ok
17:08:16.0632 3012 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
17:08:16.0677 3012 cmdide - ok
17:08:16.0745 3012 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
17:08:16.0757 3012 Compbatt - ok
17:08:17.0009 3012 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
17:08:17.0040 3012 crcdisk - ok
17:08:17.0253 3012 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
17:08:17.0367 3012 DfsC - ok
17:08:17.0524 3012 DigimHID - ok
17:08:17.0632 3012 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
17:08:17.0646 3012 disk - ok
17:08:17.0815 3012 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
17:08:17.0872 3012 Dot4 - ok
17:08:18.0039 3012 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:08:18.0121 3012 Dot4Print - ok
17:08:18.0268 3012 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
17:08:18.0359 3012 dot4usb - ok
17:08:18.0503 3012 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
17:08:18.0563 3012 drmkaud - ok
17:08:18.0781 3012 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
17:08:18.0824 3012 DXGKrnl - ok
17:08:19.0240 3012 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
17:08:19.0296 3012 E1G60 - ok
17:08:19.0651 3012 eamonm (aca3fe4f18a945b7bf2618a79f6f670b) C:\Windows\system32\DRIVERS\eamonm.sys
17:08:19.0661 3012 eamonm - ok
17:08:19.0742 3012 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
17:08:19.0774 3012 Ecache - ok
17:08:19.0867 3012 ehdrv (6672438bdcbfd87250d22112d458294d) C:\Windows\system32\DRIVERS\ehdrv.sys
17:08:19.0912 3012 ehdrv - ok
17:08:20.0170 3012 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
17:08:20.0233 3012 elxstor - ok
17:08:20.0481 3012 epfwwfpr (954fade8e59f159b0a71d0cfcc99a76e) C:\Windows\system32\DRIVERS\epfwwfpr.sys
17:08:20.0520 3012 epfwwfpr - ok
17:08:20.0566 3012 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
17:08:20.0671 3012 ErrDev - ok
17:08:20.0870 3012 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
17:08:20.0961 3012 exfat - ok
17:08:21.0377 3012 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
17:08:21.0467 3012 fastfat - ok
17:08:21.0549 3012 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
17:08:21.0606 3012 fdc - ok
17:08:21.0645 3012 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
17:08:21.0674 3012 FileInfo - ok
17:08:21.0701 3012 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
17:08:21.0762 3012 Filetrace - ok
17:08:21.0849 3012 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:08:21.0920 3012 flpydisk - ok
17:08:22.0358 3012 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
17:08:22.0422 3012 FltMgr - ok
17:08:22.0553 3012 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
17:08:22.0584 3012 fssfltr - ok
17:08:22.0666 3012 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
17:08:22.0751 3012 Fs_Rec - ok
17:08:22.0924 3012 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
17:08:22.0970 3012 gagp30kx - ok
17:08:23.0038 3012 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:08:23.0047 3012 GEARAspiWDM - ok
17:08:23.0172 3012 ghaio (7d66ebde8b7f9b4e00beefeee82670d4) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
17:08:23.0198 3012 ghaio - ok
17:08:23.0644 3012 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
17:08:23.0791 3012 HdAudAddService - ok
17:08:24.0289 3012 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:08:24.0382 3012 HDAudBus - ok
17:08:24.0715 3012 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
17:08:24.0789 3012 HidBth - ok
17:08:24.0938 3012 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
17:08:24.0965 3012 HidIr - ok
17:08:25.0137 3012 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
17:08:25.0191 3012 HidUsb - ok
17:08:25.0402 3012 hitmanpro35 (6d9d8967abaa5bec09165d97c4b784a1) C:\Windows\system32\drivers\hitmanpro35.sys
17:08:25.0428 3012 hitmanpro35 - ok
17:08:25.0651 3012 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
17:08:25.0678 3012 HpCISSs - ok
17:08:26.0453 3012 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
17:08:26.0622 3012 HTTP - ok
17:08:27.0015 3012 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
17:08:27.0027 3012 i2omp - ok
17:08:27.0089 3012 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
17:08:27.0155 3012 i8042prt - ok
17:08:27.0436 3012 iaStor (756879fa65978df948437ce3fd1eaccd) C:\Windows\system32\DRIVERS\iaStor.sys
17:08:27.0462 3012 iaStor - ok
17:08:27.0570 3012 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
17:08:27.0686 3012 iaStorV - ok
17:08:27.0867 3012 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
17:08:27.0878 3012 iirsp - ok
17:08:28.0000 3012 IntcAzAudAddService (1f587d420d62cd0d2a77cac8caa64c1e) C:\Windows\system32\drivers\RTKVHD64.sys
17:08:28.0196 3012 IntcAzAudAddService - ok
17:08:28.0370 3012 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
17:08:28.0397 3012 intelide - ok
17:08:28.0533 3012 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
17:08:28.0589 3012 intelppm - ok
17:08:28.0656 3012 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:08:28.0739 3012 IpFilterDriver - ok
17:08:28.0910 3012 IpInIp - ok
17:08:29.0010 3012 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
17:08:29.0263 3012 IPMIDRV - ok
17:08:29.0597 3012 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
17:08:29.0687 3012 IPNAT - ok
17:08:29.0903 3012 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
17:08:30.0001 3012 IRENUM - ok
17:08:30.0389 3012 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
17:08:30.0417 3012 isapnp - ok
17:08:30.0541 3012 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
17:08:30.0556 3012 iScsiPrt - ok
17:08:30.0753 3012 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
17:08:30.0764 3012 iteatapi - ok
17:08:30.0849 3012 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
17:08:30.0897 3012 itecir - ok
17:08:30.0970 3012 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
17:08:30.0982 3012 iteraid - ok
17:08:31.0336 3012 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
17:08:31.0364 3012 kbdclass - ok
17:08:31.0589 3012 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
17:08:31.0638 3012 kbdhid - ok
17:08:31.0832 3012 kbfiltr (4c9b832435061634dfbeb980ad67bfff) C:\Windows\system32\DRIVERS\kbfiltr.sys
17:08:31.0841 3012 kbfiltr - ok
17:08:32.0083 3012 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
17:08:32.0168 3012 KSecDD - ok
17:08:32.0241 3012 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
17:08:32.0299 3012 ksthunk - ok
17:08:32.0552 3012 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
17:08:32.0643 3012 lltdio - ok
17:08:32.0907 3012 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
17:08:32.0939 3012 LSI_FC - ok
17:08:32.0977 3012 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
17:08:33.0027 3012 LSI_SAS - ok
17:08:33.0079 3012 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
17:08:33.0108 3012 LSI_SCSI - ok
17:08:33.0140 3012 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
17:08:33.0192 3012 luafv - ok
17:08:33.0254 3012 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
17:08:33.0304 3012 megasas - ok
17:08:33.0385 3012 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
17:08:33.0445 3012 MegaSR - ok
17:08:33.0601 3012 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
17:08:33.0676 3012 Modem - ok
17:08:33.0820 3012 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
17:08:33.0891 3012 monitor - ok
17:08:34.0373 3012 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
17:08:34.0420 3012 mouclass - ok
17:08:34.0543 3012 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
17:08:34.0625 3012 mouhid - ok
17:08:34.0883 3012 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
17:08:34.0959 3012 MountMgr - ok
17:08:35.0050 3012 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
17:08:35.0082 3012 mpio - ok
17:08:35.0443 3012 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
17:08:35.0552 3012 mpsdrv - ok
17:08:36.0035 3012 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
17:08:36.0047 3012 Mraid35x - ok
17:08:36.0247 3012 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
17:08:36.0335 3012 MRxDAV - ok
17:08:36.0492 3012 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:08:36.0551 3012 mrxsmb - ok
17:08:36.0946 3012 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:08:36.0995 3012 mrxsmb10 - ok
17:08:37.0351 3012 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:08:37.0405 3012 mrxsmb20 - ok
17:08:37.0454 3012 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
17:08:37.0495 3012 msahci - ok
17:08:37.0567 3012 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
17:08:37.0579 3012 msdsm - ok
17:08:37.0697 3012 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
17:08:37.0789 3012 Msfs - ok
17:08:37.0950 3012 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
17:08:37.0962 3012 msisadrv - ok
17:08:38.0132 3012 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
17:08:38.0210 3012 MSKSSRV - ok
17:08:38.0441 3012 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
17:08:38.0519 3012 MSPCLOCK - ok
17:08:38.0851 3012 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
17:08:38.0915 3012 MSPQM - ok
17:08:38.0966 3012 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
17:08:38.0985 3012 MsRPC - ok
17:08:39.0020 3012 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
17:08:39.0048 3012 mssmbios - ok
17:08:39.0090 3012 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
17:08:39.0184 3012 MSTEE - ok
17:08:39.0335 3012 MTsensor (a523d9f6aeb152c4480d754df7fa9f7f) C:\Windows\system32\DRIVERS\ATK64AMD.sys
17:08:39.0432 3012 MTsensor - ok
17:08:39.0555 3012 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
17:08:39.0586 3012 Mup - ok
17:08:39.0809 3012 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
17:08:39.0878 3012 NativeWifiP - ok
17:08:40.0225 3012 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
17:08:40.0328 3012 NDIS - ok
17:08:40.0732 3012 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
17:08:40.0772 3012 NdisTapi - ok
17:08:40.0812 3012 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
17:08:40.0887 3012 Ndisuio - ok
17:08:41.0275 3012 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
17:08:41.0378 3012 NdisWan - ok
17:08:41.0604 3012 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
17:08:41.0691 3012 NDProxy - ok
17:08:41.0909 3012 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
17:08:41.0976 3012 NetBIOS - ok
17:08:42.0070 3012 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
17:08:42.0161 3012 netbt - ok
17:08:42.0586 3012 NETw5v64 (bfbd278f8c9bcec693345759ac278e14) C:\Windows\system32\DRIVERS\NETw5v64.sys
17:08:42.0833 3012 NETw5v64 - ok
17:08:43.0107 3012 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
17:08:43.0153 3012 nfrd960 - ok
17:08:43.0479 3012 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
17:08:43.0525 3012 Npfs - ok
17:08:43.0918 3012 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
17:08:44.0028 3012 nsiproxy - ok
17:08:44.0423 3012 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
17:08:44.0530 3012 Ntfs - ok
17:08:44.0756 3012 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
17:08:44.0853 3012 Null - ok
17:08:45.0114 3012 NVHDA (faf83423716ced049f9335900a64e963) C:\Windows\system32\drivers\nvhda64v.sys
17:08:45.0122 3012 NVHDA - ok
17:08:46.0246 3012 nvlddmkm (851fa41ec65e9eb5508ead5f9a2eddef) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:08:46.0574 3012 nvlddmkm - ok
17:08:46.0737 3012 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
17:08:46.0751 3012 nvraid - ok
17:08:46.0924 3012 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
17:08:46.0958 3012 nvstor - ok
17:08:47.0311 3012 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
17:08:47.0323 3012 nv_agp - ok
17:08:47.0493 3012 NwlnkFlt - ok
17:08:47.0541 3012 NwlnkFwd - ok
17:08:47.0614 3012 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
17:08:47.0669 3012 ohci1394 - ok
17:08:47.0775 3012 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
17:08:47.0874 3012 Parport - ok
17:08:48.0024 3012 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
17:08:48.0069 3012 partmgr - ok
17:08:48.0392 3012 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
17:08:48.0410 3012 pci - ok
17:08:48.0569 3012 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
17:08:48.0597 3012 pciide - ok
17:08:48.0629 3012 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
17:08:48.0693 3012 pcmcia - ok
17:08:48.0736 3012 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
17:08:48.0834 3012 PEAUTH - ok
17:08:49.0226 3012 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
17:08:49.0271 3012 PptpMiniport - ok
17:08:49.0433 3012 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
17:08:49.0511 3012 Processor - ok
17:08:49.0591 3012 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
17:08:49.0641 3012 PSched - ok
17:08:49.0732 3012 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
17:08:49.0866 3012 ql2300 - ok
17:08:49.0989 3012 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
17:08:50.0018 3012 ql40xx - ok
17:08:50.0376 3012 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
17:08:50.0451 3012 QWAVEdrv - ok
17:08:50.0829 3012 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
17:08:50.0944 3012 RasAcd - ok
17:08:51.0042 3012 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:08:51.0094 3012 Rasl2tp - ok
17:08:51.0348 3012 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
17:08:51.0428 3012 RasPppoe - ok
17:08:51.0835 3012 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
17:08:51.0884 3012 RasSstp - ok
17:08:52.0318 3012 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
17:08:52.0409 3012 rdbss - ok
17:08:52.0495 3012 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:08:52.0547 3012 RDPCDD - ok
17:08:52.0736 3012 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
17:08:52.0804 3012 rdpdr - ok
17:08:52.0906 3012 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
17:08:52.0989 3012 RDPENCDD - ok
17:08:53.0333 3012 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
17:08:53.0449 3012 RDPWD - ok
17:08:53.0573 3012 rimmptsk (528d70eabe8305a02f387fec839b9a47) C:\Windows\system32\DRIVERS\rimmpx64.sys
17:08:53.0621 3012 rimmptsk - ok
17:08:53.0668 3012 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
17:08:53.0714 3012 rimsptsk - ok
17:08:53.0758 3012 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
17:08:53.0834 3012 rismxdp - ok
17:08:53.0976 3012 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
17:08:54.0069 3012 rspndr - ok
17:08:54.0274 3012 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys
17:08:54.0346 3012 RTL8169 - ok
17:08:54.0477 3012 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
17:08:54.0524 3012 sbp2port - ok
17:08:54.0585 3012 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
17:08:54.0639 3012 sdbus - ok
17:08:54.0880 3012 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:08:54.0992 3012 secdrv - ok
17:08:55.0546 3012 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
17:08:55.0643 3012 Serenum - ok
17:08:56.0082 3012 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
17:08:56.0199 3012 Serial - ok
17:08:56.0463 3012 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
17:08:56.0560 3012 sermouse - ok
17:08:56.0854 3012 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
17:08:56.0907 3012 sffdisk - ok
17:08:56.0981 3012 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
17:08:57.0055 3012 sffp_mmc - ok
17:08:57.0176 3012 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:08:57.0252 3012 sffp_sd - ok
17:08:57.0656 3012 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
17:08:57.0751 3012 sfloppy - ok
17:08:58.0104 3012 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
17:08:58.0132 3012 SiSRaid2 - ok
17:08:58.0230 3012 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
17:08:58.0260 3012 SiSRaid4 - ok
17:08:58.0334 3012 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
17:08:58.0435 3012 Smb - ok
17:08:58.0694 3012 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
17:08:58.0722 3012 spldr - ok
17:08:59.0026 3012 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
17:08:59.0172 3012 srv - ok
17:08:59.0571 3012 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
17:08:59.0688 3012 srv2 - ok
17:08:59.0913 3012 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
17:08:59.0947 3012 srvnet - ok
17:09:00.0017 3012 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
17:09:00.0043 3012 StillCam - ok
17:09:00.0465 3012 StkCMini (b968d05707f9fe0833a899156606f100) C:\Windows\system32\Drivers\StkCMini.sys
17:09:00.0516 3012 StkCMini - ok
17:09:00.0814 3012 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
17:09:00.0824 3012 swenum - ok
17:09:01.0046 3012 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
17:09:01.0074 3012 Symc8xx - ok
17:09:01.0302 3012 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
17:09:01.0331 3012 Sym_hi - ok
17:09:01.0673 3012 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
17:09:01.0722 3012 Sym_u3 - ok
17:09:01.0814 3012 SynTP (572438150fc79e41a0348e3dc56b1dd2) C:\Windows\system32\DRIVERS\SynTP.sys
17:09:01.0826 3012 SynTP - ok
17:09:02.0351 3012 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
17:09:02.0458 3012 Tcpip - ok
17:09:02.0617 3012 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
17:09:02.0681 3012 Tcpip6 - ok
17:09:02.0737 3012 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
17:09:02.0781 3012 tcpipreg - ok
17:09:02.0837 3012 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
17:09:02.0947 3012 TDPIPE - ok
17:09:03.0207 3012 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
17:09:03.0300 3012 TDTCP - ok
17:09:03.0639 3012 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
17:09:03.0758 3012 tdx - ok
17:09:03.0877 3012 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
17:09:03.0889 3012 TermDD - ok
17:09:04.0439 3012 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:09:04.0544 3012 tssecsrv - ok
17:09:04.0770 3012 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
17:09:04.0841 3012 tunmp - ok
17:09:05.0065 3012 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
17:09:05.0078 3012 tunnel - ok
17:09:05.0524 3012 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
17:09:05.0553 3012 uagp35 - ok
17:09:05.0645 3012 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
17:09:05.0732 3012 udfs - ok
17:09:05.0873 3012 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
17:09:05.0903 3012 uliagpkx - ok
17:09:06.0030 3012 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
17:09:06.0104 3012 uliahci - ok
17:09:06.0160 3012 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
17:09:06.0192 3012 UlSata - ok
17:09:06.0442 3012 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
17:09:06.0485 3012 ulsata2 - ok
17:09:06.0624 3012 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
17:09:06.0710 3012 umbus - ok
17:09:06.0872 3012 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:09:06.0931 3012 USBAAPL64 - ok
17:09:07.0258 3012 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
17:09:07.0361 3012 usbccgp - ok
17:09:07.0601 3012 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
17:09:07.0690 3012 usbcir - ok
17:09:07.0865 3012 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
17:09:07.0913 3012 usbehci - ok
17:09:08.0188 3012 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
17:09:08.0267 3012 usbhub - ok
17:09:08.0312 3012 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
17:09:08.0401 3012 usbohci - ok
17:09:08.0739 3012 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
17:09:08.0774 3012 usbprint - ok
17:09:08.0839 3012 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
17:09:08.0865 3012 usbscan - ok
17:09:09.0117 3012 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:09:09.0172 3012 USBSTOR - ok
17:09:09.0239 3012 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
17:09:09.0300 3012 usbuhci - ok
17:09:09.0354 3012 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
17:09:09.0410 3012 usbvideo - ok
17:09:09.0567 3012 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
17:09:09.0665 3012 vga - ok
17:09:09.0962 3012 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
17:09:10.0072 3012 VgaSave - ok
17:09:10.0324 3012 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
17:09:10.0353 3012 viaide - ok
17:09:10.0689 3012 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
17:09:10.0736 3012 volmgr - ok
17:09:11.0357 3012 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
17:09:11.0430 3012 volmgrx - ok
17:09:11.0883 3012 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
17:09:11.0949 3012 volsnap - ok
17:09:12.0095 3012 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
17:09:12.0108 3012 vsmraid - ok
17:09:12.0417 3012 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
17:09:12.0489 3012 WacomPen - ok
17:09:12.0594 3012 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
17:09:12.0687 3012 Wanarp - ok
17:09:12.0727 3012 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
17:09:12.0756 3012 Wanarpv6 - ok
17:09:12.0909 3012 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
17:09:12.0940 3012 Wd - ok
17:09:13.0016 3012 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
17:09:13.0080 3012 WDC_SAM - ok
17:09:13.0237 3012 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
17:09:13.0315 3012 Wdf01000 - ok
17:09:15.0189 3012 winusb (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.SYS
17:09:15.0253 3012 winusb - ok
17:09:15.0942 3012 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:09:16.0031 3012 WmiAcpi - ok
17:09:16.0303 3012 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
17:09:16.0364 3012 WpdUsb - ok
17:09:16.0610 3012 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
17:09:16.0671 3012 ws2ifsl - ok
17:09:16.0812 3012 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:09:16.0905 3012 WUDFRd - ok
17:09:17.0089 3012 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
17:09:17.0218 3012 yukonx64 - ok
17:09:17.0264 3012 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
17:09:17.0387 3012 \Device\Harddisk0\DR0 - ok
17:09:17.0392 3012 Boot (0x1200) (00764e6267da989c841feb8bad083664) \Device\Harddisk0\DR0\Partition0
17:09:17.0393 3012 \Device\Harddisk0\DR0\Partition0 - ok
17:09:17.0399 3012 ============================================================
17:09:17.0399 3012 Scan finished
17:09:17.0399 3012 ============================================================
17:09:17.0438 3244 Detected object count: 0
17:09:17.0438 3244 Actual detected object count: 0
17:09:52.0239 3532 Deinitialize success

OTL logfile created on: 10/20/2011 4:58:36 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Asus\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 59.19% Memory free
8.17 Gb Paging File | 6.48 Gb Available in Paging File | 79.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.15 Gb Total Space | 55.79 Gb Free Space | 25.11% Space Free | Partition Type: NTFS

Computer Name: ASUS-PC | User Name: Asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/10/19 17:11:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Asus\Downloads\OTL (1).exe
PRC - [2011/07/09 22:11:29 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/28 18:44:14 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
PRC - [2011/02/28 18:44:14 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2008/09/02 19:11:04 | 008,105,984 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2008/08/29 17:06:16 | 000,223,800 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2008/08/13 23:00:16 | 000,158,264 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/13 23:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/13 22:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/08/13 22:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 18:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/06/24 21:01:08 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/06/18 00:10:34 | 000,424,504 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2008/06/18 00:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2007/08/08 02:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/30 09:12:40 | 000,412,728 | ---- | M] () -- C:\Users\Asus\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
MOD - [2011/09/30 09:12:39 | 003,696,184 | ---- | M] () -- C:\Users\Asus\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
MOD - [2011/09/30 09:11:13 | 000,142,568 | ---- | M] () -- C:\Users\Asus\AppData\Local\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MOD - [2011/09/30 09:11:12 | 000,253,320 | ---- | M] () -- C:\Users\Asus\AppData\Local\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MOD - [2011/09/30 09:11:10 | 002,403,240 | ---- | M] () -- C:\Users\Asus\AppData\Local\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MOD - [2011/09/29 14:06:57 | 008,587,936 | ---- | M] () -- C:\Users\Asus\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
MOD - [2011/09/29 14:06:57 | 008,587,936 | ---- | M] () -- C:\Users\Asus\AppData\Local\Google\Chrome\APPLIC~1\140835~1.202\gcswf32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/01/21 04:40:39 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv)
SRV:64bit: - [2007/08/08 02:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV:64bit: - [2007/08/03 14:24:54 | 000,125,496 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/31 16:51:13 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/13 22:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/12/21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/12/21 13:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/12 22:57:55 | 000,019,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/10 23:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/01/20 06:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/10/15 21:17:17 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/09/05 14:20:19 | 000,058,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/08/28 09:57:23 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/06/24 15:50:00 | 000,065,024 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/06/03 00:41:49 | 000,017,464 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/03/05 02:12:25 | 001,611,152 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\StkCMini.sys -- (StkCMini)
DRV:64bit: - [2008/01/20 20:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2007/12/18 19:57:12 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2007/12/06 04:12:55 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/08/02 22:26:47 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV:64bit: - [2007/07/27 21:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 22:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 13:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/27 07:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006/10/03 19:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2006/12/17 18:23:04 | 000,005,248 | ---- | M] (ACE CAD Enterprise Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DigimHID.SYS -- (DigimHID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=ASUS&bmod=ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {08FCC151-8678-4544-A9F3-45D230F4EB89}:1.9.1
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Asus\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Asus\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Asus\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2011/03/25 21:55:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{08FCC151-8678-4544-A9F3-45D230F4EB89}: C:\Users\Asus\AppData\Local\{08FCC151-8678-4544-A9F3-45D230F4EB89}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/06 02:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/16 18:36:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/01 18:52:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/17 15:13:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/03/25 21:55:04 | 000,000,000 | ---D | M]

[2011/08/11 17:07:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Extensions
[2010/06/24 11:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/11 17:07:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2009/06/02 22:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/03/22 22:56:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\a3onr9d9.default\extensions
[2010/04/28 07:23:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\a3onr9d9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/02 08:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Sunbird\Profiles\0ocvi8sf.default\extensions
[2009/11/22 11:16:51 | 000,002,172 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\a3onr9d9.default\searchplugins\bing.xml
[2011/03/23 17:28:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/14 10:55:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\ASUS\APPDATA\LOCAL\{08FCC151-8678-4544-A9F3-45D230F4EB89}
[2011/10/01 18:52:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Asus\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Asus\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Asus\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Asus\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Asus\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Asus\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2011/10/20 16:52:23 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [WorldTime2006] C:\Program Files (x86)\AnyTime Organizer Premier\WorldTime.exe /reg File not found
O4 - Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\palmOne Registration.lnk = C:\Program Files (x86)\palmOne\register.exe (palmOne/Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9954A12-2F89-46BC-B07F-CE3C633A7D1C}: DhcpNameServer = 24.116.2.50 24.116.2.34
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Asus\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Asus\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{67198d42-17fa-11de-93f4-00248c0f95c4}\Shell - "" = AutoRun
O33 - MountPoints2\{67198d42-17fa-11de-93f4-00248c0f95c4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/20 16:52:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/18 20:10:03 | 000,000,000 | ---D | C] -- C:\Users\Asus\Desktop\Virus stuff
[2011/10/18 20:04:06 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/18 20:01:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/18 20:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/10/18 20:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/10/18 19:47:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/10/17 20:38:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/17 20:34:28 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/10/17 18:11:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/17 18:10:28 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/10/16 19:19:47 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{8BC682D5-BBAB-4AAD-8ACE-1DA13078C880}
[2011/10/16 19:19:32 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{94A849E1-7EAD-4011-A778-CB8C499EBAC7}
[2011/10/16 16:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware(51)
[2011/10/16 12:28:06 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{89BE7966-638F-4C38-A1A8-260191E01B6E}
[2011/10/16 12:27:43 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{BA5E55DE-FDD9-4055-9C07-6752BF4B6DC4}
[2011/10/15 20:24:19 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{8395BE3A-53A4-41B0-AB45-2B746D6CAB9F}
[2011/10/15 20:23:56 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{FEC7E815-0706-4A82-A243-1F4163CA98D3}
[2011/10/12 20:28:33 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{D7E4BECA-C574-40F8-9741-7859825A42F1}
[2011/10/12 20:28:20 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{75B7314A-7A1B-46F2-8CBF-BB21736CB421}
[2011/10/10 07:11:24 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{7A4AC503-F8AF-413E-BCB5-E18699ED67EF}
[2011/10/10 07:10:57 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{818F5073-43B7-4859-AB5E-8C106710A6CF}
[2011/10/09 17:22:41 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{259A2397-C7BB-4CD2-B739-2D495E4B7660}
[2011/10/09 17:22:18 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{91AB0C84-BC25-4048-9C78-C8F0D8F47FE7}
[2011/10/08 09:19:54 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{9892C122-BD14-49FE-A6EF-EFDACF7D5349}
[2011/10/08 09:19:52 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{7395634D-7245-4991-A285-D9A9E5A9BB42}
[2011/10/07 11:28:56 | 000,000,000 | ---D | C] -- C:\Users\Asus\Documents\Health and Fitness
[2011/10/07 11:27:20 | 000,000,000 | ---D | C] -- C:\Users\Asus\Documents\ISCA Conferences and Info
[2011/10/06 16:44:48 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{162CB08F-761B-4952-B8C5-A4A85A4C8D12}
[2011/10/06 16:44:47 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{A29699E5-99E8-42E0-B502-CED636567E0D}
[2011/10/04 21:52:24 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{CAB68855-473D-41BB-AD83-D0B4472BA524}
[2011/10/04 21:52:02 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{A61BB1C9-F4B8-41C5-9AD3-99199F12ECD2}
[2011/10/03 22:48:20 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{842A2E9E-79BB-46AC-8DC0-7936FDDA5A1D}
[2011/10/03 22:47:57 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{D2F4D628-3E96-4956-BB78-3DC0AFEB0D1C}
[2011/10/03 22:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/10/02 11:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 Wheels of Steel American Long Haul
[2011/10/02 11:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\18 Wheels of Steel American Long Haul
[2011/10/02 10:03:05 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{C73AEB77-608D-479E-A9C0-ECC78B9CA670}
[2011/10/02 10:02:42 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{0B88B5ED-4139-4043-A342-A80A7EF271CF}
[2011/10/01 21:13:16 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/01 19:43:05 | 000,000,000 | ---D | C] -- C:\Users\Asus\Documents\18 WoS American Long Haul
[2011/10/01 19:24:42 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{C3805DC3-8ACD-49B6-86BF-1C6AE23E76A9}
[2011/10/01 19:24:19 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{F1C49FD2-931F-4807-8BB1-E7EF32ECAD0C}
[2011/09/30 22:37:18 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{4C16B993-1BB0-4843-B62F-6A0F04A6BD2F}
[2011/09/30 22:36:55 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{D03EA835-63DC-4029-938D-F15FC35BBE4A}
[2011/09/28 17:56:10 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{CAFEF3F2-E7CD-4D88-BF87-26F8FC64B9D7}
[2011/09/28 17:55:47 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{BC36DBD1-7474-4B3E-A08D-C363543C34D8}
[2011/09/27 23:00:22 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{396BD949-1672-4D91-B427-05EA8C0BA99A}
[2011/09/27 23:00:00 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{E96FEA20-CC1D-410C-AAB1-1FC5B7FA959C}
[2011/09/26 18:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HotSync
[2011/09/26 18:49:19 | 000,000,000 | ---D | C] -- C:\Users\Asus\{13ab9cba-69ae-4ab8-b2fd-31894ac6e795}
[2011/09/26 18:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\palmOne
[2011/09/26 18:46:28 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{3156FBA1-35E9-4811-8CE9-486A5B2E5A76}
[2011/09/26 18:46:04 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{21349F3F-30B4-44B9-AFB9-8925049208C7}
[2011/09/26 18:45:26 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\HotSync
[2011/09/25 17:48:27 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{E47D9BEA-81D7-433D-9D92-F1C7C3F7C519}
[2011/09/25 17:48:16 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{23E1E314-9BEE-4856-91AC-44E0A392DAA9}
[2011/09/25 15:06:05 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{6D36242F-0CFF-4F55-8CFC-F0A24D160214}
[2011/09/25 15:05:42 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{F490AD18-FBAB-4D46-B818-078A6FBB8004}
[2011/09/24 22:49:27 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{D96CA3D5-BD35-4C36-A2F8-F1B580B84F58}
[2011/09/24 22:49:04 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{E1013190-F5B8-45FF-BEC5-617F4158F85F}
[2011/09/23 22:28:10 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{EC0B5822-B29D-4550-B349-9A6119574537}
[2011/09/23 22:27:47 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\{C0669106-AABA-4273-94B4-579727F13311}

========== Files - Modified Within 30 Days ==========

[2011/10/20 16:55:40 | 000,134,408 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/20 16:55:40 | 000,134,408 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/20 16:55:26 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/10/20 16:55:11 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/20 16:55:10 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/20 16:55:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/20 16:52:23 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/10/20 16:48:32 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232308359-316472038-1358654997-1000UA.job
[2011/10/19 22:48:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232308359-316472038-1358654997-1000Core.job
[2011/10/18 20:00:57 | 000,000,770 | ---- | M] () -- C:\Users\Asus\Desktop\NTREGOPT.lnk
[2011/10/18 20:00:57 | 000,000,751 | ---- | M] () -- C:\Users\Asus\Desktop\ERUNT.lnk
[2011/10/18 19:47:53 | 000,000,732 | ---- | M] () -- C:\Users\Asus\AppData\Local\d3d9caps64.dat
[2011/10/17 21:15:48 | 000,301,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/17 20:54:27 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2011/10/17 20:40:33 | 000,818,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/17 20:40:33 | 000,672,792 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/17 20:40:33 | 000,132,182 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/17 20:34:28 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/10/17 18:46:25 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/17 17:58:29 | 613,710,514 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/13 20:22:41 | 000,000,986 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\palmOne Registration.lnk
[2011/10/12 18:44:25 | 000,000,832 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/02 11:09:42 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\18 Wheels of Steel American Long Haul.lnk
[2011/10/01 21:14:49 | 000,002,006 | ---- | M] () -- C:\Users\Asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/26 18:49:41 | 000,001,745 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
[2011/09/26 18:48:48 | 000,001,651 | ---- | M] () -- C:\Users\Public\Desktop\Palm Desktop.lnk
[2011/09/26 18:45:26 | 000,000,094 | ---- | M] () -- C:\Windows\family.ini
[2011/09/26 16:51:57 | 000,171,008 | ---- | M] () -- C:\Users\Asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/10/18 20:00:57 | 000,000,770 | ---- | C] () -- C:\Users\Asus\Desktop\NTREGOPT.lnk
[2011/10/18 20:00:57 | 000,000,751 | ---- | C] () -- C:\Users\Asus\Desktop\ERUNT.lnk
[2011/10/17 18:46:25 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/16 17:53:36 | 000,000,732 | ---- | C] () -- C:\Users\Asus\AppData\Local\d3d9caps64.dat
[2011/10/02 11:09:42 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\18 Wheels of Steel American Long Haul.lnk
[2011/10/01 21:13:31 | 000,002,006 | ---- | C] () -- C:\Users\Asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/01 21:11:56 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232308359-316472038-1358654997-1000UA.job
[2011/10/01 21:11:56 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232308359-316472038-1358654997-1000Core.job
[2011/09/26 18:52:32 | 000,000,986 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\palmOne Registration.lnk
[2011/09/26 18:49:41 | 000,001,745 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
[2011/09/26 18:48:48 | 000,001,651 | ---- | C] () -- C:\Users\Public\Desktop\Palm Desktop.lnk
[2011/08/16 23:57:39 | 000,000,080 | RHS- | C] () -- C:\Windows\SysWow64\10C8299AD0.dll
[2011/08/11 19:15:07 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2011/05/15 15:43:44 | 000,709,456 | ---- | C] () -- C:\Windows\is-BCSAJ.exe
[2010/12/11 19:23:38 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2010/08/14 07:49:22 | 000,000,680 | ---- | C] () -- C:\Users\Asus\AppData\Local\d3d9caps.dat
[2010/03/24 19:28:42 | 000,000,599 | ---- | C] () -- C:\Windows\eReg.dat
[2010/02/15 14:25:02 | 000,024,226 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\UserTile.png
[2010/01/24 13:39:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\fsacars.ini
[2009/12/03 16:02:53 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 16:02:36 | 000,033,797 | ---- | C] () -- C:\Windows\SysWow64\hlp.dat
[2009/12/03 16:02:04 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 16:01:18 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/06 00:29:45 | 000,744,188 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/05 23:34:46 | 000,000,106 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\wklnhst.dat
[2009/11/03 17:45:22 | 000,128,884 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2009/11/02 18:28:21 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2009/09/29 19:36:08 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.dat
[2009/06/11 15:21:49 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2009/05/31 18:21:21 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2009/04/19 18:41:14 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/04/03 19:20:36 | 000,171,008 | ---- | C] () -- C:\Users\Asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/31 21:29:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/03/31 20:32:59 | 000,000,083 | ---- | C] () -- C:\Users\Asus\AppData\Local\X-Plane Installer.prf
[2009/03/23 16:55:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/03/23 14:37:37 | 000,002,039 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\install.dat
[2009/03/23 14:34:09 | 000,134,408 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/01/16 19:07:16 | 000,134,408 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/01/16 17:48:10 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/09/19 05:41:00 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2008/06/12 19:23:13 | 000,080,400 | ---- | C] () -- C:\Windows\StkUnist.exe
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2000/01/28 00:00:00 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\wrkgadm.exe
[2000/01/28 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL

========== LOP Check ==========

[2009/03/31 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\2K Sports
[2009/04/04 11:45:18 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Absolute
[2009/11/01 00:45:58 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Amazon
[2010/12/07 18:39:24 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\AVG
[2010/12/02 21:48:36 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\AVG10
[2011/05/13 19:10:57 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Digiarty
[2011/08/11 17:56:08 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Efficient Calendar Free
[2009/09/06 11:35:17 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\ESET
[2011/05/13 20:50:14 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\HandBrake
[2011/09/26 18:45:26 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\HotSync
[2011/08/16 23:59:10 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Individual Software
[2011/07/15 17:05:24 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\IrfanView
[2009/04/01 18:45:52 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Leadertech
[2010/09/28 14:32:39 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\LimeWire
[2010/12/02 20:52:55 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\MSA
[2011/03/10 21:11:45 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Octoshape
[2010/02/15 14:25:02 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\PeerNetworking
[2009/03/31 20:21:20 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Premiere
[2010/12/09 17:50:09 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Registry Mechanic
[2010/09/19 21:48:48 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\SecondLife
[2010/04/16 17:06:35 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\SystemRequirementsLab
[2011/07/13 02:44:13 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Template
[2010/06/24 11:51:28 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Thunderbird
[2009/11/02 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Trondent Development Corp
[2011/08/17 00:07:30 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Utech Computer Solutions
[2010/11/01 23:36:03 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Windows Live Writer
[2011/10/20 16:54:10 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

Attached Files


  • 0

#8
Essexboy
Posted 21 October 2011 - 11:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm TDSSKiller did not see the TDL - what are your current problems

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#9
notsure24
Posted 21 October 2011 - 05:23 PM

notsure24

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Well I have good news and bad news. The good news is that after running combofix, I seem to be able to use google without being redirected. Every once in awhile, a box will pop up saying windows explorer is not responding and needs to reset. Not sure what that's about.

The bad news is that combofix ran, I had saved it to the desktop, but I cannot find the log anywhere on my computer. I'll run my eset virus scan and see if it finds that Win32/Olmarik.TDL4 trojan again. It found it when I started up my computer earlier today. I'll let you know what it finds this time.

Thank you again for your help.
  • 0

#10
notsure24
Posted 21 October 2011 - 05:27 PM

notsure24

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok, I re-enabled my ESET antivirus and did a quick scan of the operating memory. It is still showing the Win32/Olmarik.TDL4 trojan. I also just did a google search and got redirected again. So, what I thought was fixed, is no longer fixed. Any ideas?

Edit: Ok a little more info. I did some more google searches. It seems that some sites work through google searches and others get redirected... so I suppose the problem wasn't corrected, but I just clicked on the right links when I thought it was working?

Edited by notsure24, 21 October 2011 - 05:29 PM.

  • 0

#11
Essexboy
Posted 22 October 2011 - 04:26 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK next question do you have a Vista CD as we will need to remove the TDL from there

If not then do the following

Create a Windows 7/Vista System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.

Reboot from the CD


When you reboot you will see this. Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following

  • Bootrec.exe /FixMbr
  • Once finished type Exit


Reboot to normal windows and run aswMBR again please
  • 0

#12
notsure24
Posted 23 October 2011 - 12:07 PM

notsure24

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you for all your help!

Long story short, I was trying to learn more about the virus and wasn't real careful where I was clicking. It ended up getting to the point where the hard drive wouldn't start when I turned on the computer, and just sat at a black screen. I just ended up reinstalling windows. I would have told you sooner, but obviously I didn't have a computer! I had everything that was important backed up already, so not too big of a loss I guess.

I want to thank you again. My own stupidity/curiosity (the kind that killed the cat) ruined what we were working on. Have a great day!
  • 0

#13
Essexboy
Posted 23 October 2011 - 01:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My thoughts are, that is the best way to learn. I did it many a time when I first started , I think I was re-installing XP every six months due to playing :)
Any other problems though just shout
  • 0

#14
Essexboy
Posted 25 October 2011 - 01:10 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP