Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Random Windows 7 Rebooting


  • This topic is locked This topic is locked

#1
Virlomi

Virlomi

    New Member

  • Member
  • Pip
  • 7 posts
I was redirected to the Malware after posting in the hardwaresection, thinking that was my possible problem. Here is the OTL report:

OTL logfile created on: 11/8/2011 3:24:39 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Patrick\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.55 Gb Available Physical Memory | 69.43% Memory free
15.99 Gb Paging File | 13.46 Gb Available in Paging File | 84.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 102.05 Gb Free Space | 10.96% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 904.82 Gb Free Space | 97.13% Space Free | Partition Type: NTFS

Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 02:54:01 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\Patrick\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
PRC - [2011/11/07 05:17:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Downloads\OTL.exe
PRC - [2011/11/01 23:11:51 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
PRC - [2011/09/29 00:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/28 17:44:14 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
PRC - [2011/02/28 17:44:14 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/14 22:52:05 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/01/01 16:52:49 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2009/08/20 20:31:56 | 007,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2009/08/19 19:12:08 | 001,043,968 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2009/08/19 05:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/07/17 13:48:18 | 006,038,016 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2009/02/23 06:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/03 11:48:32 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2009/01/12 21:01:38 | 000,681,256 | ---- | M] (CyberLink Corporation.) -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
PRC - [2008/12/02 21:29:45 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/17 10:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/08/12 11:26:42 | 001,233,199 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\InstallShield Installation Information\{EC6D5F08-1694-431F-8200-3B0A8A61AC5A}\AMBSPISyncService.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/08 02:54:50 | 000,592,896 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0006\~de6248.tmp
MOD - [2011/11/08 02:54:01 | 000,697,884 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0006\~df394b.tmp
MOD - [2011/11/05 05:06:28 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/26 02:10:46 | 000,420,920 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll
MOD - [2011/10/26 02:10:45 | 003,702,840 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
MOD - [2011/10/26 02:09:24 | 000,518,712 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\15.0.874.106\libglesv2.dll
MOD - [2011/10/26 02:09:23 | 000,112,696 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\15.0.874.106\libegl.dll
MOD - [2011/10/26 02:09:09 | 000,122,952 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\15.0.874.106\avutil-51.dll
MOD - [2011/10/26 02:09:07 | 000,222,280 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\15.0.874.106\avformat-53.dll
MOD - [2011/10/26 02:09:06 | 001,745,992 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\15.0.874.106\avcodec-53.dll
MOD - [2011/10/25 23:14:43 | 008,587,936 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
MOD - [2011/09/29 00:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/07/30 14:54:04 | 000,170,496 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/07/17 13:48:18 | 006,038,016 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
MOD - [2009/05/22 14:16:58 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
MOD - [2009/04/22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\AsusService.dll
MOD - [2009/04/20 13:55:34 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\pngio.dll
MOD - [2009/04/20 13:55:32 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\AsSpindownTimeout.dll
MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2008/12/10 20:04:54 | 000,253,952 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\pngio.dll
MOD - [2008/12/05 21:32:44 | 007,331,840 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2008/12/05 21:32:44 | 002,023,424 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2008/12/05 21:32:34 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/04/10 15:01:02 | 008,357,424 | ---- | M] () -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\Res.dll
MOD - [2006/01/10 02:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/26 12:56:49 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/11/05 05:43:11 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/11/01 23:11:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/03 14:59:52 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files (x86)\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/14 22:52:05 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/01/01 16:52:49 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/12/29 02:51:17 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/12/29 02:50:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/19 05:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 06:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/10 15:40:58 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 17:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/26 12:58:16 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/02/26 12:57:15 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/02/26 12:57:07 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/01/01 16:52:48 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/04/22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/30 21:40:34 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMfilt64.sys -- (VMfilt)
DRV:64bit: - [2009/07/28 00:07:58 | 001,225,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/17 23:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/15 21:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 08:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/31 18:08:06 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor)
DRV:64bit: - [2008/12/31 18:08:04 | 000,371,696 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/11/21 21:37:24 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2005/01/07 17:34:54 | 000,486,766 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\CLBUDF.tbl -- (CLBUDF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC AE 06 95 14 24 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.1.400
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.1.400
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.5
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.148
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.00


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\c75984ha.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Patrick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/11 21:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/05 05:46:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2011/01/01 15:16:55 | 000,000,000 | ---D | M]

[2011/01/01 18:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Extensions
[2011/10/15 15:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\c75984ha.default\extensions
[2011/02/13 18:16:09 | 000,000,000 | ---D | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\c75984ha.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2011/06/24 02:11:38 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\c75984ha.default\extensions\[email protected]
[2011/06/24 02:11:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\pj8rjuoe.default\extensions
[2011/01/01 09:12:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\pj8rjuoe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/01 09:12:48 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\pj8rjuoe.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2011/06/24 02:11:38 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\pj8rjuoe.default\extensions\[email protected]
[2002/01/01 09:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/02 03:57:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/01 19:29:09 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/01/01 19:29:08 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
() (No name found) -- C:\USERS\PATRICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C75984HA.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011/09/29 00:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/06/06 00:42:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\Application\15.0.874.106\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Patrick\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Yontoo Layers = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.0_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{EC6D5F08-1694-431F-8200-3B0A8A61AC5A}\AMBSPISyncService.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [InstantBurn] C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (GameStop Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B440B44-42CD-46CC-B9AC-FD03B56BC7DA}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAB07FEC-4700-4AD4-B394-63A158296A62}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) -C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 13:47:33 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Malwarebytes
[2011/11/07 13:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/07 13:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/07 13:47:21 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/07 13:47:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/07 05:37:39 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{16FCFD9C-1427-4265-9FAB-598F85C2C0E1}
[2011/11/07 05:37:29 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{59A7EFFD-1597-4296-9228-69248A96EC6B}
[2011/11/07 04:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test
[2011/11/07 04:22:03 | 000,000,000 | ---D | C] -- C:\Users\Patrick\PTR Installer 4.0.0.12824 enUS
[2011/11/07 00:40:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{9BAA0677-E9A1-47BC-AF8F-1747F47A06E1}
[2011/11/07 00:39:50 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{1D969F72-B381-4618-9BBC-D228817D4FD4}
[2011/11/06 03:31:54 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{40C1A4B7-BEF9-4805-BD12-1C152349A531}
[2011/11/06 03:30:47 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{7F2326EE-8011-4592-906B-1FC418BCB76B}
[2011/11/05 16:19:43 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{C51419A3-44B2-4849-BF31-C1ECD49AF5E8}
[2011/11/05 13:47:18 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{873B15D4-2829-4E9B-AE11-547FCAE10013}
[2011/11/05 06:42:28 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Unity
[2011/11/05 06:37:54 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Unity
[2011/11/05 05:46:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/01 23:47:53 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2011/11/01 23:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2011/11/01 23:13:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2011/11/01 23:13:25 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2011/11/01 23:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2011/11/01 23:08:57 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2011/10/31 14:55:58 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Documents\Achron
[2011/10/29 06:26:16 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Achron
[2011/10/29 06:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Achron
[2011/10/28 05:35:59 | 000,000,000 | ---D | C] -- C:\Users\Patrick\.MinecraftStructurePlanner
[2011/10/28 03:05:58 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Stardock
[2011/10/23 02:36:25 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\.minecraft
[2011/10/23 02:29:13 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\.minecraft - Copy
[2011/10/21 14:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2011/10/21 14:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2011/10/21 14:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/10/21 14:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/10/21 14:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/10/21 14:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/10/21 14:19:27 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{3C358970-A24B-4CCF-B19B-7F7AA146F615}
[2011/10/21 14:19:04 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{DD1A3DC2-37EF-43FA-BC28-C09BA6523917}
[2011/10/19 10:48:00 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{EAFF92B9-E4A1-402E-B1A3-CB257630F824}
[2011/10/19 10:47:36 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{DD67BA11-A81A-4C32-8666-AB4F47CD0271}
[2011/10/15 20:31:23 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{FB94686C-9CCB-42DD-AE6E-426CDC52C9BC}
[2011/10/15 20:31:04 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{17E049FD-4C8D-4221-BA34-97EC809EBFE4}
[2011/10/14 21:30:51 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\.minecraft - Equal and Twilight
[2011/10/14 20:20:57 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\.minecraft Arrrg
[2011/10/13 18:58:51 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Documents\Gaslamp Games
[2011/10/13 12:15:46 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{EB4AF54F-472E-4E9D-B644-CE31921BD71E}
[2011/10/13 12:15:25 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{A51A4B96-F4DF-4A26-ADB4-D1572CE67C88}
[2011/10/13 10:20:44 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{E390EE9B-2C48-4519-899E-D208FE8873B4}
[2011/10/13 09:36:43 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{8E0F45A7-23EF-4EA9-BBB1-C7ADB7CD8D9E}
[2011/10/13 09:36:20 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{131C4223-8265-417F-860C-BFF3EC21CF55}
[2011/10/13 09:05:48 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{42BD344F-F98B-4DF5-B49B-03A727D42D8B}
[2011/10/13 09:05:18 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{E115DB76-B102-4498-9E56-F7276344F67E}
[2011/10/12 00:33:52 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\New folder (2)
[2011/10/11 21:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/11 21:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/11 21:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/11 21:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/11 21:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/11 21:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/11 21:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/11 21:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/10/11 21:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/08 03:23:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/08 03:22:39 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 03:22:39 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 02:59:19 | 000,809,454 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/08 02:59:19 | 000,681,430 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/08 02:59:19 | 000,129,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/08 02:53:18 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/08 02:53:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/08 02:53:04 | 2145,165,311 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/08 02:41:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-555839234-3641689752-1571196992-1000UA.job
[2011/11/08 02:16:09 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-555839234-3641689752-1571196992-1000Core.job
[2011/11/07 17:14:56 | 000,000,000 | ---- | M] () -- C:\Users\Patrick\AppData\Local\{44C62CE5-8E28-458D-91BA-4747BD0E559E}
[2011/11/07 13:47:25 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/07 13:42:21 | 000,183,112 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/07 05:39:30 | 000,374,344 | ---- | M] () -- C:\Users\Patrick\Desktop\Asus_Maximus_III_Formula_01.jpg
[2011/11/01 23:47:53 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/10/29 06:25:02 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/10/29 06:25:02 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/10/22 01:46:48 | 000,281,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/21 14:36:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2011/10/21 14:29:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2011/10/21 14:24:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/10/16 02:14:43 | 000,786,274 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/11 22:12:58 | 000,002,515 | ---- | M] () -- C:\Users\Patrick\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/11 21:39:42 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2011/10/11 19:09:01 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/10/11 19:09:00 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 17:14:56 | 000,000,000 | ---- | C] () -- C:\Users\Patrick\AppData\Local\{44C62CE5-8E28-458D-91BA-4747BD0E559E}
[2011/11/07 13:47:25 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/07 05:37:07 | 000,374,344 | ---- | C] () -- C:\Users\Patrick\Desktop\Asus_Maximus_III_Formula_01.jpg
[2011/11/01 23:47:49 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/11/01 23:13:35 | 000,001,324 | ---- | C] () -- C:\Windows\FF08_not_Spk_Hp.ini
[2011/10/21 14:36:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2011/10/21 14:29:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2011/10/21 14:24:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/10/13 09:00:24 | 000,001,287 | ---- | C] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk
[2011/06/24 16:14:21 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/06/24 16:14:21 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/18 21:01:36 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/26 13:53:38 | 000,088,576 | R--- | C] () -- C:\Windows\rauninst.exe
[2011/02/26 12:56:27 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/14 16:54:52 | 000,116,312 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/01/25 21:16:15 | 000,000,281 | ---- | C] () -- C:\Windows\EReg072.dat
[2011/01/17 04:50:52 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/08 01:54:58 | 000,000,095 | ---- | C] () -- C:\Users\Patrick\AppData\Local\fusioncache.dat
[2011/01/07 02:05:36 | 000,786,274 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/07 02:04:05 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/01/07 02:04:04 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/01/07 02:04:04 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/01/02 19:33:49 | 000,007,602 | ---- | C] () -- C:\Users\Patrick\AppData\Local\Resmon.ResmonCfg
[2010/12/29 02:53:25 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/12/29 02:53:25 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/12/29 02:53:23 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/12/29 02:53:22 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/12/29 02:51:35 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010/12/29 02:51:35 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010/12/29 02:51:35 | 000,001,269 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010/12/29 02:51:34 | 000,170,496 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/29 02:51:34 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/12/29 02:46:24 | 000,037,458 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/12/29 02:44:37 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/12/29 02:44:31 | 000,024,638 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/12/29 01:03:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 06:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2005/10/15 14:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\myodbc3i.exe
[2005/10/15 14:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\myodbc3m.exe
[2002/01/01 06:41:01 | 000,000,000 | ---- | C] () -- C:\Users\Patrick\AppData\Local\{910D9BEB-14AE-4960-9275-8FCCD31E4B7C}

========== LOP Check ==========

[2011/11/08 02:16:25 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.minecraft
[2011/10/23 02:29:21 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.minecraft - Copy
[2011/10/14 21:30:53 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.minecraft - Equal and Twilight
[2011/10/14 21:50:29 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.minecraft Arrrg
[2011/02/17 19:09:36 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\acccore
[2011/01/21 19:41:37 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\APOX
[2011/01/09 04:56:05 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Beat Hazard
[2011/01/02 20:49:12 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\bizarre creations
[2011/05/26 15:26:00 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Cobra Mobile
[2011/01/27 14:01:27 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Code Force Limited
[2011/03/10 22:19:21 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2011/02/26 12:53:16 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/02/19 17:21:04 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Command and Conquer 4
[2011/04/03 13:44:12 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DarksporeData
[2011/05/05 18:18:33 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Dwarfs
[2011/06/26 12:42:35 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Fortix
[2011/06/18 13:59:27 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\fotw
[2011/07/10 10:06:39 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Ice-pick Lodge
[2011/02/19 15:14:30 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Kalypso Media
[2011/07/10 21:11:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\MayhemIntergalactic
[2011/01/11 06:15:56 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\MinerWars
[2011/05/10 17:16:22 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\MinMaxGames
[2011/03/16 22:42:06 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Pollux Gamelabs
[2011/02/27 23:27:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RIFT
[2011/02/13 12:44:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\runic games
[2011/03/09 04:41:18 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\SaintXi
[2011/07/23 15:30:03 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\SecondLife
[2011/02/06 11:10:54 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\SEGA Corporation
[2011/01/11 01:17:47 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Stardock
[2011/04/30 03:15:39 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\System
[2011/01/08 06:24:40 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\SystemRequirementsLab
[2011/03/19 20:01:00 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\The Creative Assembly
[2011/03/10 14:38:49 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Ubisoft
[2011/11/05 06:42:28 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Unity
[2011/06/12 12:39:33 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\VertexDispenser
[2011/05/25 23:16:32 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Windows Live Writer
[2011/04/30 03:41:48 | 000,000,000 | -HSD | M] -- C:\Users\Patrick\AppData\Roaming\wyUpdate AU
[2009/07/13 23:08:49 | 000,027,014 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 55920 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

< End of report >
  • 0

Advertisements


#2
Blottedisk

Blottedisk

    Trusted Helper

  • Malware Removal
  • 124 posts
Hi Virlomi,

Have you ruled out a temperature cause? PCs are set up to reboot when they reach high temperatures (Which protects the hardware from damage caused by overheating). I noticed you have some heavy games that consume lots of resources (therefore they could cause overheating), that's why I ask.

Do these reboots happen on a random manner, or just when you do one specific activity (like gaming or browsing the Internet)?

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror - This version will download a randomly named file (Recommended)
Zipped Mirror - This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

--------------------------------------------------------------------

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Right-click on the randomly named GMER file (i.e. n7gmo46c.exe) and choose "Run as administrator" to run it. Allow the gmer.sys driver to load if asked.

Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then right-click on gmer.exe and choose "Run as administrator".

Posted Image

  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Make sure these options are all checked:
  • Services
  • Registry
  • Files
  • Systemdrive drive/partition, which is typically C:\
  • ADS

Posted Image
Click the image to enlarge it

  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
  • 0

#3
Virlomi

Virlomi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Yes, I've ruled out temperature at this point (averaging around 25-35c). It doesn't seem to happen with any particular activity. I could be playing WoW, only browsing the internet, or playing Mahjong with nothing else open. It's even restarted within a few minutes of booting up after being shut off over night.

I'll get the GMER thing later tonight and post the results for that.
  • 0

#4
Blottedisk

Blottedisk

    Trusted Helper

  • Malware Removal
  • 124 posts
Thanks Virlomi, I shall await for the GMER log. I would also like to ask you for a new fresh OTL log. The one you posted is from the 8th of November; a lot of things could have changed since then and I'm gonna need to work with an updated log to give you precise instructions :)
  • 0

#5
Blottedisk

Blottedisk

    Trusted Helper

  • Malware Removal
  • 124 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP