Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Threat: Win32/Olmarik.AXY.Trojan

Started by harshone , Jan 25 2012 10:28 PM

  • Please log in to reply

#1
harshone
Posted 25 January 2012 - 10:28 PM

harshone

    New Member

  • Member
  • Pip
  • 4 posts
Hello there. :cool: Was wondering If I could get some help removing Olmarik.AXY.Trojan.

First thing that happened is that my computer just randomly restarted while I was tweeting and reading some article on yahoo. After my pc restarted, I received the following error through ESET:


Eset Smart Security Found a threat:

Object: MBR sector of the 1.physical disk

Threat: Win32/Olmarik.AXY.Trojan


Next thing I did was run MBAM (Malware-bytes AntiMalware). It did not pick anything up so a google search brought me to this website. Somebody else had a similar issue: http://www.geekstogo...marikaxytrojan/

I did not want to try any of those steps since they may differ for me. I am also not the only user of this computer

Thanks buddy!

______________________________________________________________________________________________________________________________________________________________





OTL logfile created on: 1/25/2012 11:16:53 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = Z:\Users\Harsh\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 60.63% Memory free
8.00 Gb Paging File | 6.22 Gb Available in Paging File | 77.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = Z: | %SystemRoot% = Z:\Windows | %ProgramFiles% = Z:\Program Files (x86)
Drive C: | 76.69 Gb Total Space | 12.33 Gb Free Space | 16.07% Space Free | Partition Type: NTFS
Drive E: | 40.00 Gb Total Space | 39.91 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Drive F: | 74.53 Gb Total Space | 22.57 Gb Free Space | 30.29% Space Free | Partition Type: NTFS
Drive G: | 844.03 Gb Total Space | 398.04 Gb Free Space | 47.16% Space Free | Partition Type: NTFS
Drive Z: | 47.48 Gb Total Space | 2.39 Gb Free Space | 5.04% Space Free | Partition Type: NTFS

Computer Name: HARSH-PC | User Name: Harsh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/25 23:16:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- Z:\Users\Harsh\Desktop\OTL.exe
PRC - [2012/01/15 14:04:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- Z:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- Z:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/17 16:05:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- Z:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/10/04 22:50:37 | 000,075,136 | ---- | M] () -- Z:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/11/20 07:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- Z:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/08/03 09:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- Z:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010/05/05 15:56:06 | 000,251,392 | ---- | M] () -- Z:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2010/03/30 23:00:00 | 002,465,888 | ---- | M] (Lavalys, Inc.) -- Z:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
PRC - [2009/12/02 19:40:40 | 000,068,136 | ---- | M] () -- Z:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2009/09/29 12:03:46 | 000,735,960 | ---- | M] (ESET) -- Z:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- Z:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/12/19 10:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- Z:\Program Files (x86)\Razer\DeathAdder\razerofa.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/15 14:04:20 | 001,911,768 | ---- | M] () -- Z:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/12/20 20:48:21 | 008,930,976 | ---- | M] () -- Z:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_160.dll
MOD - [2010/05/05 15:56:06 | 000,251,392 | ---- | M] () -- Z:\Program Files (x86)\Razer\DeathAdder\razerhid.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/02 17:30:20 | 000,515,104 | ---- | M] (Soluto) [Auto | Running] -- Z:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- Z:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/03/21 16:19:16 | 001,845,248 | ---- | M] (Locktime Software) [On_Demand | Stopped] -- Z:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV:64bit: - [2009/09/29 12:11:14 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- Z:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/09/29 12:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- Z:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- Z:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- Z:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/17 12:10:34 | 000,008,704 | ---- | M] (Hi-Rez Studios) [On_Demand | Running] -- G:\Games\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Running] -- Z:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/20 20:48:21 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- Z:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/12/17 16:05:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- Z:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/12/14 15:43:00 | 003,316,000 | ---- | M] () [On_Demand | Running] -- z:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/10/14 13:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- Z:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011/10/04 22:50:37 | 000,075,136 | ---- | M] () [On_Demand | Running] -- Z:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/04/21 16:36:28 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- Z:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/01 17:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- Z:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- Z:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/02 19:40:40 | 000,068,136 | ---- | M] () [Auto | Running] -- Z:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- Z:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [On_Demand | Running] -- Z:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/02 17:15:26 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- Z:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
DRV:64bit: - [2011/11/20 19:28:39 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- Z:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- Z:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- Z:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/30 06:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011/03/21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT)
DRV:64bit: - [2011/03/21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- Z:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP)
DRV:64bit: - [2011/03/21 16:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- Z:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- Z:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- Z:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/04/19 16:04:44 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- Z:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2010/04/09 12:17:24 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2010/04/09 12:17:20 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2009/12/21 20:50:00 | 000,007,552 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- Z:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini)
DRV:64bit: - [2009/11/23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- Z:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- Z:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/09/29 12:06:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- Z:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/09/29 12:03:00 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- Z:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/09/29 11:56:36 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- Z:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- Z:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- Z:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- Z:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2006/11/10 08:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV - [2012/01/25 23:03:31 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- Z:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/11/20 20:19:08 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- Z:\Windows\etdrv.sys -- (etdrv)
DRV - [2011/11/20 20:13:24 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- Z:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011/10/26 17:13:42 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2010/11/27 18:01:37 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- Z:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2010/03/30 23:00:00 | 000,026,752 | ---- | M] () [Kernel | On_Demand | Running] -- Z:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 -- (EverestDriver)
DRV - [2009/12/18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- Z:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- Z:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 1B F8 D2 D0 83 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.gamespot.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: [email protected]:2.6.1
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: Z:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_160.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: Z:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: Z:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: Z:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_160.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: Z:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: Z:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: Z:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: Z:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: Z:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: Z:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: Z:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.67837: Z:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: Z:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: Z:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: Z:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: Z:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: Z:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: Z:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: Z:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: Z:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/30 13:51:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: Z:\Program Files (x86)\Mozilla Firefox\components [2012/01/15 14:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: Z:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/14 15:09:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: Z:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/11/06 18:54:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: Z:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins [2012/01/14 15:09:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: Z:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/03/26 01:56:49 | 000,000,000 | ---D | M]

[2010/09/09 21:23:13 | 000,000,000 | ---D | M] (No name found) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Extensions
[2010/09/09 21:23:13 | 000,000,000 | ---D | M] (No name found) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/01/22 20:14:12 | 000,000,000 | ---D | M] (No name found) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions
[2012/01/03 20:13:10 | 000,000,000 | ---D | M] (vshare.tv Bar Community Toolbar) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
[2011/11/03 17:12:54 | 000,000,000 | ---D | M] (WebSlingPlayer) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2012/01/21 14:22:50 | 000,000,000 | ---D | M] (Greasemonkey) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/26 20:00:57 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\[email protected]
[2011/10/01 14:04:28 | 000,000,000 | ---D | M] (CheckPlaces) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\[email protected]
[2010/11/28 15:18:15 | 000,000,000 | ---D | M] (vShare) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\vshare@toolbar
[2012/01/22 20:14:12 | 000,000,000 | ---D | M] (We-Care Reminder) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\wecarereminder@bryan
[2012/01/12 17:42:37 | 000,000,000 | ---D | M] (Widevine Media Transformer Plugin) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\widevinemediatransformer@widevine
[2011/10/31 15:44:40 | 000,000,000 | ---D | M] (No name found) -- Z:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/15 14:04:21 | 000,000,000 | ---D | M] (No name found) -- Z:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/01/15 14:04:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- Z:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- Z:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/31 05:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- Z:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011/10/26 13:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- Z:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/01/15 14:04:17 | 000,002,252 | ---- | M] () -- Z:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/15 14:04:17 | 000,002,040 | ---- | M] () -- Z:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = Z:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = Z:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_18.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = Z:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = Z:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = Z:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = Z:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = Z:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = Z:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = Z:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = Z:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = Z:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = Z:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = Z:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = Z:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = Z:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = Z:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = Z:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = Z:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: vShare.tv plug-in (Enabled) = Z:\Users\Harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = Z:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Widevine Media Transformer (Enabled) = Z:\Program Files (x86)\Google\Chrome\Application\plugins\npwidevinemediatransformer.dll
CHR - plugin: downloadUpdater (Enabled) = Z:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = Z:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Winamp Application Detector (Enabled) = Z:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = Z:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = Z:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = Z:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = Z:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = Z:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = Z:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: OnLive Games Service Detector for Firefox (Enabled) = Z:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll
CHR - plugin: Veetle TV Player (Enabled) = Z:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = Z:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = Z:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = Z:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/01/22 14:33:28 | 000,440,287 | R--- | M]) - Z:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15136 more lines...
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Z:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Z:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - Z:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Z:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - Z:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O4:64bit: - HKLM..\Run: [egui] Z:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] Z:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [DeathAdder] Z:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKCU..\Run: [PeerBlock] Z:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - Startup: Z:\Users\Harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download with pod-works-platinum - Z:\Program Files (x86)\ImTOO\PodWorks Platinum\upod_link.HTM File not found
O8 - Extra context menu item: Download with pod-works-platinum - Z:\Program Files (x86)\ImTOO\PodWorks Platinum\upod_link.HTM File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - Z:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - Z:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CF0BB43-C8A6-418D-AC51-B3170BB82810}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Z:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - Z:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (Z:\Windows\system32\userinit.exe) - Z:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (Z:\Program Files\Soluto\soluto.exe /userinit) - Z:\Program Files\Soluto\soluto.exe (Soluto)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - Z:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -Z:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -Z:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/25 15:39:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{82104484-b22e-11df-a5ce-001fd05d3274}\Shell - "" = AutoRun
O33 - MountPoints2\{82104484-b22e-11df-a5ce-001fd05d3274}\Shell\AutoRun\command - "" = J:\INSTALL.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/25 23:16:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- Z:\Users\Harsh\Desktop\OTL.exe
[2012/01/25 21:03:07 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{85F9E3A7-C1DC-44E4-9C91-70C148BACEBB}
[2012/01/25 21:02:55 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{BF41D7B9-3B56-49CF-8645-9EB3A0424D88}
[2012/01/23 21:50:20 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{377EDB52-E98B-400C-B00D-3BFB5CB34E23}
[2012/01/23 21:50:09 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{55C25430-C5C1-4723-8D4F-58FA64F066C9}
[2012/01/23 18:34:11 | 000,000,000 | ---D | C] -- Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2012/01/22 23:29:12 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\Desktop\JTypes3.asp_files
[2012/01/21 16:27:31 | 000,054,728 | ---- | C] (Soluto LTD.) -- Z:\Windows\SysNative\drivers\Soluto.sys
[2012/01/21 16:27:28 | 000,000,000 | ---D | C] -- Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2012/01/21 16:27:28 | 000,000,000 | ---D | C] -- Z:\Program Files\Soluto
[2012/01/21 16:26:39 | 000,000,000 | ---D | C] -- Z:\ProgramData\WeCareReminder
[2012/01/21 16:26:39 | 000,000,000 | ---D | C] -- Z:\ProgramData\Soluto
[2012/01/21 14:55:41 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\Desktop\computer concepts
[2012/01/21 14:52:42 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\Desktop\Internet and Info environment
[2012/01/18 01:04:46 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\Desktop\Mass Media
[2012/01/18 01:01:10 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\Desktop\Medical Anthropology
[2012/01/17 20:25:24 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{9D3B5D16-257E-4A83-A435-621D69D2F09E}
[2012/01/17 20:25:13 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{1DAA29AC-2076-49D3-82AA-3249994F8D7F}
[2012/01/17 14:52:42 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Bootvis
[2012/01/17 14:52:42 | 000,000,000 | ---D | C] -- Z:\Program Files (x86)\Microsoft Bootvis
[2012/01/16 15:27:19 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{B5D19BC4-5239-4C59-BFCB-3D5CCC3D78F4}
[2012/01/16 15:27:08 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{3A27EA5B-7A90-4517-8012-561EC20C0A4F}
[2012/01/15 17:45:15 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\Documents\ImTOO
[2012/01/15 17:45:15 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Roaming\ImTOO
[2012/01/15 17:45:06 | 000,000,000 | ---D | C] -- Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImTOO
[2012/01/15 17:44:38 | 000,000,000 | ---D | C] -- Z:\ProgramData\ImTOO
[2012/01/15 17:44:38 | 000,000,000 | ---D | C] -- Z:\Program Files (x86)\ImTOO
[2012/01/14 14:24:26 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{C15DF179-7DC3-4444-84AE-53ABBAA81041}
[2012/01/14 14:24:12 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{6BAF296E-3C63-4E99-87F3-5F769C5FA335}
[2012/01/14 01:38:44 | 000,000,000 | ---D | C] -- Z:\Windows\symbols
[2012/01/14 01:37:11 | 000,000,000 | ---D | C] -- Z:\ProgramData\VS
[2012/01/13 18:37:45 | 000,000,000 | ---D | C] -- Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012/01/13 18:37:45 | 000,000,000 | ---D | C] -- Z:\ProgramData\Hi-Rez Studios
[2012/01/13 18:35:57 | 013,209,696 | ---- | C] (Hi-Rez Studios) -- Z:\Users\Harsh\Desktop\InstallHiRezGamesEnglish.exe
[2012/01/13 15:14:42 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{7C3FD1F0-F7CA-4331-AC2C-DA17B325BBCF}
[2012/01/13 15:14:27 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{386A2AB0-5528-44BA-88FA-7343D5C34264}
[2012/01/13 14:12:48 | 000,000,000 | ---D | C] -- Z:\ProgramData\NVIDIA Corporation
[2012/01/13 14:10:54 | 000,068,928 | ---- | C] (Khronos Group) -- Z:\Windows\SysNative\OpenCL.dll
[2012/01/13 14:10:54 | 000,061,248 | ---- | C] (Khronos Group) -- Z:\Windows\SysWow64\OpenCL.dll
[2012/01/12 23:29:29 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{C0F04E07-8C8C-4017-A2F1-72D92139B51C}
[2012/01/12 23:29:18 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{2CDA6267-F057-4F3F-BB75-9F3105E55451}
[2012/01/10 13:39:00 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{1E494B82-5050-4805-A274-F3EB9EFD5A61}
[2012/01/10 13:38:47 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{F7799EA8-A853-4E25-9E4D-D7E9CD795F19}
[2012/01/08 13:58:24 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{10AE13CC-F126-450C-82CD-B6E3D3442950}
[2012/01/08 13:58:10 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{73BA81F5-BD0F-4C7F-BB76-24EEA9DDB68E}
[2012/01/07 14:47:44 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{8C64AE3E-DE54-49E5-8ECE-651056054647}
[2012/01/07 14:47:33 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{51D4F647-E8FC-49F0-BB75-63828F595ED2}
[2012/01/06 13:07:10 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{A689B594-F58C-4931-B55F-B55A4D27DE9D}
[2012/01/06 13:06:58 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{78DD7EF0-8386-4BB8-976E-6F722A4C9AF5}
[2012/01/05 13:20:55 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{96EBEEAD-643F-47C8-9CDE-8F41B46E4CB5}
[2012/01/05 13:20:43 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{41E838D1-19A9-4190-A296-3110EDC76E42}
[2012/01/04 13:59:56 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{6E8E6857-01BD-4C85-B3FD-B5864F7383C5}
[2012/01/04 13:59:44 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{716E208A-81D5-4DF7-83A9-C1C8971F3A04}
[2012/01/03 13:26:26 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{5F86E5CD-9AF5-4026-B641-8BAFA7893310}
[2012/01/03 13:26:13 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{CFBBF942-3132-4513-B840-B06998B8170B}
[2012/01/03 01:23:53 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{D5EBBEE8-DC4B-4EEB-AC77-275767B074ED}
[2012/01/03 01:23:41 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{EA0D5F06-AC6F-4C9F-8C35-2F425EAE3D5A}
[2012/01/02 18:17:56 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\Desktop\walgreens rebate finalConfirm.action_files
[2012/01/02 13:23:22 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{ACB13723-967E-4350-9D7C-26C01FD025BD}
[2012/01/02 13:23:08 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{5968A38C-B227-4BA7-8501-EC7CCF0AE3E7}
[2012/01/01 13:48:20 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{30C51424-2098-4A13-ABCE-6494136CDBE5}
[2012/01/01 13:48:09 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{494BEB85-81D8-4F22-8A13-9A90C88A7395}
[2011/12/31 13:20:07 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{50F41D85-046F-4BE7-A5C9-CB0074D3DA8E}
[2011/12/31 13:19:51 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{6539B963-6C07-4177-A328-3FD86FA20FA0}
[2011/12/30 15:00:06 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{6078DD19-B816-4E4B-BFCE-EF0DC27BD0E2}
[2011/12/30 14:59:54 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{B495EBCE-98BC-4B8E-A5E0-6C1E65F57D8F}
[2011/12/29 15:21:15 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{E8D2470C-9C1B-451B-BB12-2A6586FB2BB6}
[2011/12/29 15:21:03 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{DE6B66B7-B379-41C8-AAB7-6E7CACD54DDB}
[2011/12/28 13:31:58 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{6C2324F2-9609-401F-AECF-98C9FF530556}
[2011/12/28 13:31:46 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{BE2DB8DA-9C8B-4743-96ED-A74D8134241F}
[2011/12/27 22:10:33 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{B8BBC3C5-F879-478A-AD65-14463FCFC939}
[2011/12/27 22:10:22 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{8700ACCA-3EE7-42D5-BB99-2A12DB37B0B1}
[3 Z:\Windows\SysWow64\*.tmp files -> Z:\Windows\SysWow64\*.tmp -> ]
[3 Z:\Users\Harsh\Desktop\*.tmp files -> Z:\Users\Harsh\Desktop\*.tmp -> ]
[1 Z:\Windows\SysNative\*.tmp files -> Z:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/25 23:16:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- Z:\Users\Harsh\Desktop\OTL.exe
[2012/01/25 23:12:15 | 000,014,224 | -H-- | M] () -- Z:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 23:12:15 | 000,014,224 | -H-- | M] () -- Z:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 23:03:28 | 000,000,830 | ---- | M] () -- Z:\Windows\tasks\Adobe Flash Player Updater.job
[2012/01/25 23:03:24 | 000,067,584 | --S- | M] () -- Z:\Windows\bootstat.dat
[2012/01/25 23:03:21 | 3220,037,632 | -HS- | M] () -- Z:\hiberfil.sys
[2012/01/25 22:56:00 | 000,000,896 | ---- | M] () -- Z:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/23 20:44:36 | 000,685,810 | ---- | M] () -- Z:\Users\Harsh\Desktop\Introduction.BeginSets.Spring2011.v2.pdf
[2012/01/23 20:43:39 | 000,010,783 | ---- | M] () -- Z:\Users\Harsh\Desktop\ia-scoringKey-611.pdf
[2012/01/23 20:43:35 | 000,797,448 | ---- | M] () -- Z:\Users\Harsh\Desktop\20110126-ia-examRegents.pdf
[2012/01/23 18:18:38 | 000,000,892 | ---- | M] () -- Z:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/23 01:15:08 | 000,000,000 | ---- | M] () -- Z:\Windows\SysWow64\Access.dat
[2012/01/22 23:29:12 | 000,017,096 | ---- | M] () -- Z:\Users\Harsh\Desktop\JTypes3.asp.htm
[2012/01/22 23:14:59 | 000,368,209 | ---- | M] () -- Z:\Users\Harsh\Desktop\humanmetrics.jpg
[2012/01/22 14:33:28 | 000,440,287 | R--- | M] () -- Z:\Windows\SysNative\drivers\etc\hosts
[2012/01/21 16:29:41 | 000,000,098 | ---- | M] () -- Z:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/01/19 21:39:51 | 000,030,457 | ---- | M] () -- Z:\Users\Harsh\Desktop\BuybackLabel_660890.PDF
[2012/01/17 14:47:57 | 000,000,003 | ---- | M] () -- Z:\Windows\SysNative\HRUPPROG.DIE.NOW
[2012/01/15 17:40:27 | 000,014,208 | ---- | M] () -- Z:\Users\Harsh\Desktop\-_Demonoid.me_-ImTOO_PodWorks_Platinum_5_0_1_1205_673633.7822.torrent
[2012/01/14 00:23:44 | 000,440,137 | R--- | M] () -- Z:\Windows\SysNative\drivers\etc\hosts.20120122-143328.backup
[2012/01/13 18:36:03 | 013,209,696 | ---- | M] (Hi-Rez Studios) -- Z:\Users\Harsh\Desktop\InstallHiRezGamesEnglish.exe
[2012/01/13 18:31:00 | 000,000,880 | ---- | M] () -- Z:\Windows\tasks\Google Software Updater.job
[2012/01/13 14:10:16 | 000,783,374 | ---- | M] () -- Z:\Windows\SysNative\PerfStringBackup.INI
[2012/01/13 14:10:16 | 000,663,200 | ---- | M] () -- Z:\Windows\SysNative\perfh009.dat
[2012/01/13 14:10:16 | 000,122,068 | ---- | M] () -- Z:\Windows\SysNative\perfc009.dat
[2012/01/13 00:50:12 | 000,990,720 | ---- | M] () -- Z:\Users\Harsh\Desktop\bootvis.msi
[2012/01/06 23:57:11 | 000,002,349 | ---- | M] () -- Z:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/06 13:03:54 | 000,440,010 | R--- | M] () -- Z:\Windows\SysNative\drivers\etc\hosts.20120114-002344.backup
[2012/01/03 00:52:19 | 000,032,385 | ---- | M] () -- Z:\Users\Harsh\Desktop\error.jpg
[2012/01/02 18:17:58 | 000,009,336 | ---- | M] () -- Z:\Users\Harsh\Desktop\walgreens rebate finalConfirm.action.htm
[2012/01/02 17:15:26 | 000,054,728 | ---- | M] (Soluto LTD.) -- Z:\Windows\SysNative\drivers\Soluto.sys
[2011/12/29 13:43:30 | 000,777,098 | ---- | M] () -- Z:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/27 21:10:28 | 000,254,934 | ---- | M] () -- Z:\Users\Harsh\Desktop\Oximeter10December.pdf
[2011/12/27 16:41:28 | 000,254,556 | ---- | M] () -- Z:\Users\Harsh\Desktop\201011PSI_report_Quit.pdf
[2011/12/27 00:39:50 | 000,296,123 | ---- | M] () -- Z:\Users\Harsh\Desktop\http___www.providencecare.ca_objects_content_revision_download.cfm_revision_id.219362_workspace_id.-4_Breath Stacking handbook.pdf
[3 Z:\Windows\SysWow64\*.tmp files -> Z:\Windows\SysWow64\*.tmp -> ]
[3 Z:\Users\Harsh\Desktop\*.tmp files -> Z:\Users\Harsh\Desktop\*.tmp -> ]
[1 Z:\Windows\SysNative\*.tmp files -> Z:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/23 20:44:35 | 000,685,810 | ---- | C] () -- Z:\Users\Harsh\Desktop\Introduction.BeginSets.Spring2011.v2.pdf
[2012/01/23 20:43:38 | 000,010,783 | ---- | C] () -- Z:\Users\Harsh\Desktop\ia-scoringKey-611.pdf
[2012/01/23 20:43:35 | 000,797,448 | ---- | C] () -- Z:\Users\Harsh\Desktop\20110126-ia-examRegents.pdf
[2012/01/22 23:29:11 | 000,017,096 | ---- | C] () -- Z:\Users\Harsh\Desktop\JTypes3.asp.htm
[2012/01/22 23:14:59 | 000,368,209 | ---- | C] () -- Z:\Users\Harsh\Desktop\humanmetrics.jpg
[2012/01/21 16:29:41 | 000,000,098 | ---- | C] () -- Z:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/01/19 21:39:47 | 000,030,457 | ---- | C] () -- Z:\Users\Harsh\Desktop\BuybackLabel_660890.PDF
[2012/01/17 14:47:57 | 000,000,003 | ---- | C] () -- Z:\Windows\SysNative\HRUPPROG.DIE.NOW
[2012/01/15 17:40:25 | 000,014,208 | ---- | C] () -- Z:\Users\Harsh\Desktop\-_Demonoid.me_-ImTOO_PodWorks_Platinum_5_0_1_1205_673633.7822.torrent
[2012/01/13 14:10:54 | 000,007,653 | ---- | C] () -- Z:\Windows\SysNative\nvinfo.pb
[2012/01/13 00:50:08 | 000,990,720 | ---- | C] () -- Z:\Users\Harsh\Desktop\bootvis.msi
[2012/01/03 00:51:39 | 000,032,385 | ---- | C] () -- Z:\Users\Harsh\Desktop\error.jpg
[2012/01/02 18:17:55 | 000,009,336 | ---- | C] () -- Z:\Users\Harsh\Desktop\walgreens rebate finalConfirm.action.htm
[2011/12/27 21:10:28 | 000,254,934 | ---- | C] () -- Z:\Users\Harsh\Desktop\Oximeter10December.pdf
[2011/12/27 16:41:28 | 000,254,556 | ---- | C] () -- Z:\Users\Harsh\Desktop\201011PSI_report_Quit.pdf
[2011/12/27 00:39:50 | 000,296,123 | ---- | C] () -- Z:\Users\Harsh\Desktop\http___www.providencecare.ca_objects_content_revision_download.cfm_revision_id.219362_workspace_id.-4_Breath Stacking handbook.pdf
[2011/12/14 23:39:42 | 000,042,392 | ---- | C] () -- Z:\Windows\SysWow64\xfcodec.dll
[2011/10/24 21:19:47 | 000,000,000 | ---- | C] () -- Z:\Windows\SysWow64\Access.dat
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- Z:\Windows\SysWow64\nvStreaming.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- Z:\Windows\SysWow64\xlive.dll.cat
[2011/02/26 22:04:36 | 000,000,120 | ---- | C] () -- Z:\Users\Harsh\AppData\Roaming\FixVTS.ini
[2011/02/05 18:40:01 | 000,119,296 | ---- | C] () -- Z:\Windows\SysWow64\zlib.dll
[2011/02/05 18:40:01 | 000,057,344 | ---- | C] () -- Z:\Windows\SysWow64\ADsSecurity.dll
[2011/02/05 18:40:01 | 000,036,864 | ---- | C] () -- Z:\Windows\SysWow64\dxinputdll.dll
[2010/12/05 20:28:39 | 000,777,098 | ---- | C] () -- Z:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/27 15:52:16 | 000,030,528 | ---- | C] () -- Z:\Windows\GVTDrv64.sys
[2010/10/16 23:11:03 | 000,000,369 | ---- | C] () -- Z:\Windows\IfoEdit.INI
[2010/09/15 17:37:31 | 000,007,645 | ---- | C] () -- Z:\Users\Harsh\AppData\Local\Resmon.ResmonCfg
[2010/09/08 22:26:45 | 000,189,736 | -H-- | C] () -- Z:\Windows\SysWow64\mlfcache.dat
[2010/08/27 22:03:05 | 000,271,200 | ---- | C] () -- Z:\Windows\SysWow64\PnkBstrB.exe
[2010/08/27 22:02:10 | 000,075,136 | ---- | C] () -- Z:\Windows\SysWow64\PnkBstrA.exe
[2010/08/27 16:45:32 | 000,000,262 | ---- | C] () -- Z:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/08/27 16:11:58 | 000,819,200 | ---- | C] () -- Z:\Windows\SysWow64\xvidcore.dll
[2010/08/27 16:11:58 | 000,180,224 | ---- | C] () -- Z:\Windows\SysWow64\xvidvfw.dll
[2010/08/27 16:11:46 | 000,085,504 | ---- | C] () -- Z:\Windows\SysWow64\ff_vfw.dll
[2010/08/27 16:11:12 | 000,033,019 | ---- | C] () -- Z:\Windows\SysWow64\CoreAAC-uninstall.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- Z:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- Z:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- Z:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- Z:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- Z:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- Z:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- Z:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/08/30 00:10:19 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\acccore
[2010/12/11 21:03:54 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\Azureus
[2011/11/27 00:28:48 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\ChaosPro
[2011/12/12 00:49:29 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\ChaosPro 4.0
[2011/12/12 19:59:37 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\DAEMON Tools Lite
[2010/11/03 20:38:50 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\Digiarty
[2012/01/06 12:59:29 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\Dropbox
[2011/02/03 20:26:53 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\Elluminate
[2011/10/31 17:41:22 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\IDM
[2012/01/15 17:45:15 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\ImTOO
[2010/11/26 15:58:12 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\IObit
[2011/10/06 16:28:43 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\LolClient
[2010/11/27 00:25:58 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\OfficeRecovery
[2010/11/18 22:39:40 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\OnLive App
[2011/10/04 18:42:59 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\Origin
[2011/02/05 18:42:37 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\PowerUp Software
[2011/11/26 21:01:45 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\PyScripter
[2010/08/27 19:57:36 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\Razer
[2011/05/09 00:45:23 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\Sinvise Systems
[2011/11/03 17:13:00 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\Sling Media
[2011/10/30 12:40:55 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\StreamTorrent
[2011/10/23 18:27:42 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\SystemRequirementsLab
[2011/11/20 16:01:04 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\TeamViewer
[2012/01/02 17:24:29 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\TS3Client
[2011/10/31 21:31:27 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\TuneUpMedia
[2011/10/25 01:13:02 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\Tunngle
[2012/01/17 00:19:35 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\uTorrent
[2010/10/16 14:42:00 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\WinAVI
[2010/10/16 14:47:52 | 000,000,000 | ---D | M] -- Z:\Users\Harsh\AppData\Roaming\Xilisoft
[2011/12/10 13:15:28 | 000,032,556 | ---- | M] () -- Z:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> Z:\ProgramData\TEMP:EF6E4E62
@Alternate Data Stream - 128 bytes -> Z:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> Z:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 121 bytes -> Z:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> Z:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> Z:\ProgramData\TEMP:76650B61

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 26 January 2012 - 01:05 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (allow it to download the Avast engine)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
harshone
Posted 26 January 2012 - 08:18 PM

harshone

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I am not sure if you wanted me to copy/paste both of the OTL files but I attached them below. Thought the OTL files may be too long to copy/paste here entirely.

Thanks







TDSSKiller

18:22:00.0911 2604 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
18:22:01.0707 2604 ============================================================
18:22:01.0707 2604 Current date / time: 2012/01/26 18:22:01.0707
18:22:01.0707 2604 SystemInfo:
18:22:01.0707 2604
18:22:01.0707 2604 OS Version: 6.1.7601 ServicePack: 1.0
18:22:01.0707 2604 Product type: Workstation
18:22:01.0707 2604 ComputerName: HARSH-PC
18:22:01.0707 2604 UserName: Harsh
18:22:01.0707 2604 Windows directory: Z:\Windows
18:22:01.0707 2604 System windows directory: Z:\Windows
18:22:01.0707 2604 Running under WOW64
18:22:01.0707 2604 Processor architecture: Intel x64
18:22:01.0707 2604 Number of processors: 2
18:22:01.0707 2604 Page size: 0x1000
18:22:01.0707 2604 Boot type: Normal boot
18:22:01.0707 2604 ============================================================
18:22:03.0501 2604 Drive \Device\Harddisk2\DR2 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:22:03.0548 2604 Drive \Device\Harddisk0\DR0 - Size: 0x132C467E00 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:22:03.0626 2604 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:22:03.0844 2604 Initialize success
18:22:23.0095 1468 ============================================================
18:22:23.0095 1468 Scan started
18:22:23.0095 1468 Mode: Manual;
18:22:23.0095 1468 ============================================================
18:22:24.0327 1468 1394ohci (a87d604aea360176311474c87a63bb88) Z:\Windows\system32\drivers\1394ohci.sys
18:22:24.0389 1468 1394ohci - ok
18:22:24.0452 1468 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) Z:\Windows\system32\drivers\ACPI.sys
18:22:24.0483 1468 ACPI - ok
18:22:24.0483 1468 Scan interrupted by user!
18:22:24.0483 1468 Scan interrupted by user!
18:22:24.0483 1468 Scan interrupted by user!
18:22:24.0483 1468 ============================================================
18:22:24.0483 1468 Scan finished
18:22:24.0483 1468 ============================================================
18:22:24.0499 2336 Detected object count: 0
18:22:24.0499 2336 Actual detected object count: 0
18:22:53.0296 2944 ============================================================
18:22:53.0296 2944 Scan started
18:22:53.0296 2944 Mode: Manual; SigCheck; TDLFS;
18:22:53.0296 2944 ============================================================
18:22:53.0702 2944 1394ohci (a87d604aea360176311474c87a63bb88) Z:\Windows\system32\drivers\1394ohci.sys
18:22:53.0827 2944 1394ohci - ok
18:22:53.0842 2944 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) Z:\Windows\system32\drivers\ACPI.sys
18:22:53.0858 2944 ACPI - ok
18:22:53.0952 2944 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) Z:\Windows\system32\drivers\acpipmi.sys
18:22:54.0030 2944 AcpiPmi - ok
18:22:54.0108 2944 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) Z:\Windows\system32\DRIVERS\adp94xx.sys
18:22:54.0201 2944 adp94xx - ok
18:22:54.0217 2944 adpahci (597f78224ee9224ea1a13d6350ced962) Z:\Windows\system32\DRIVERS\adpahci.sys
18:22:54.0295 2944 adpahci - ok
18:22:54.0326 2944 adpu320 (e109549c90f62fb570b9540c4b148e54) Z:\Windows\system32\DRIVERS\adpu320.sys
18:22:54.0342 2944 adpu320 - ok
18:22:54.0404 2944 AFD (d5b031c308a409a0a576bff4cf083d30) Z:\Windows\system32\drivers\afd.sys
18:22:54.0451 2944 AFD - ok
18:22:54.0482 2944 agp440 (608c14dba7299d8cb6ed035a68a15799) Z:\Windows\system32\drivers\agp440.sys
18:22:54.0544 2944 agp440 - ok
18:22:54.0576 2944 aliide (5812713a477a3ad7363c7438ca2ee038) Z:\Windows\system32\drivers\aliide.sys
18:22:54.0622 2944 aliide - ok
18:22:54.0638 2944 amdide (1ff8b4431c353ce385c875f194924c0c) Z:\Windows\system32\drivers\amdide.sys
18:22:54.0685 2944 amdide - ok
18:22:54.0700 2944 AmdK8 (7024f087cff1833a806193ef9d22cda9) Z:\Windows\system32\DRIVERS\amdk8.sys
18:22:54.0732 2944 AmdK8 - ok
18:22:54.0747 2944 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) Z:\Windows\system32\DRIVERS\amdppm.sys
18:22:54.0794 2944 AmdPPM - ok
18:22:54.0841 2944 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) Z:\Windows\system32\drivers\amdsata.sys
18:22:54.0903 2944 amdsata - ok
18:22:54.0950 2944 amdsbs (f67f933e79241ed32ff46a4f29b5120b) Z:\Windows\system32\DRIVERS\amdsbs.sys
18:22:54.0981 2944 amdsbs - ok
18:22:54.0997 2944 amdxata (540daf1cea6094886d72126fd7c33048) Z:\Windows\system32\drivers\amdxata.sys
18:22:55.0028 2944 amdxata - ok
18:22:55.0090 2944 AppID (89a69c3f2f319b43379399547526d952) Z:\Windows\system32\drivers\appid.sys
18:22:55.0231 2944 AppID - ok
18:22:55.0262 2944 arc (c484f8ceb1717c540242531db7845c4e) Z:\Windows\system32\DRIVERS\arc.sys
18:22:55.0309 2944 arc - ok
18:22:55.0324 2944 arcsas (019af6924aefe7839f61c830227fe79c) Z:\Windows\system32\DRIVERS\arcsas.sys
18:22:55.0356 2944 arcsas - ok
18:22:55.0402 2944 AsyncMac (769765ce2cc62867468cea93969b2242) Z:\Windows\system32\DRIVERS\asyncmac.sys
18:22:55.0449 2944 AsyncMac - ok
18:22:55.0465 2944 atapi (02062c0b390b7729edc9e69c680a6f3c) Z:\Windows\system32\drivers\atapi.sys
18:22:55.0480 2944 atapi - ok
18:22:55.0512 2944 ATITool (b07e6681d303a612680223c729b021e2) Z:\Windows\system32\DRIVERS\ATITool64.sys
18:22:55.0543 2944 ATITool ( UnsignedFile.Multi.Generic ) - warning
18:22:55.0543 2944 ATITool - detected UnsignedFile.Multi.Generic (1)
18:22:55.0605 2944 b06bdrv (3e5b191307609f7514148c6832bb0842) Z:\Windows\system32\DRIVERS\bxvbda.sys
18:22:55.0652 2944 b06bdrv - ok
18:22:55.0683 2944 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) Z:\Windows\system32\DRIVERS\b57nd60a.sys
18:22:55.0730 2944 b57nd60a - ok
18:22:55.0746 2944 Beep (16a47ce2decc9b099349a5f840654746) Z:\Windows\system32\drivers\Beep.sys
18:22:55.0808 2944 Beep - ok
18:22:55.0855 2944 blbdrive (61583ee3c3a17003c4acd0475646b4d3) Z:\Windows\system32\DRIVERS\blbdrive.sys
18:22:55.0917 2944 blbdrive - ok
18:22:55.0948 2944 bowser (6c02a83164f5cc0a262f4199f0871cf5) Z:\Windows\system32\DRIVERS\bowser.sys
18:22:55.0995 2944 bowser - ok
18:22:56.0011 2944 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) Z:\Windows\system32\DRIVERS\BrFiltLo.sys
18:22:56.0058 2944 BrFiltLo - ok
18:22:56.0073 2944 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) Z:\Windows\system32\DRIVERS\BrFiltUp.sys
18:22:56.0104 2944 BrFiltUp - ok
18:22:56.0167 2944 BridgeMP (5c2f352a4e961d72518261257aae204b) Z:\Windows\system32\DRIVERS\bridge.sys
18:22:56.0245 2944 BridgeMP - ok
18:22:56.0385 2944 Brserid (43bea8d483bf1870f018e2d02e06a5bd) Z:\Windows\System32\Drivers\Brserid.sys
18:22:56.0463 2944 Brserid - ok
18:22:56.0479 2944 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) Z:\Windows\System32\Drivers\BrSerWdm.sys
18:22:56.0541 2944 BrSerWdm - ok
18:22:56.0557 2944 BrUsbMdm (b79968002c277e869cf38bd22cd61524) Z:\Windows\System32\Drivers\BrUsbMdm.sys
18:22:56.0619 2944 BrUsbMdm - ok
18:22:56.0650 2944 BrUsbSer (a87528880231c54e75ea7a44943b38bf) Z:\Windows\System32\Drivers\BrUsbSer.sys
18:22:56.0666 2944 BrUsbSer - ok
18:22:56.0682 2944 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) Z:\Windows\system32\DRIVERS\bthmodem.sys
18:22:56.0744 2944 BTHMODEM - ok
18:22:56.0775 2944 catchme - ok
18:22:56.0806 2944 cdfs (b8bd2bb284668c84865658c77574381a) Z:\Windows\system32\DRIVERS\cdfs.sys
18:22:56.0869 2944 cdfs - ok
18:22:56.0916 2944 cdrom (f036ce71586e93d94dab220d7bdf4416) Z:\Windows\system32\DRIVERS\cdrom.sys
18:22:56.0931 2944 cdrom - ok
18:22:56.0962 2944 circlass (d7cd5c4e1b71fa62050515314cfb52cf) Z:\Windows\system32\DRIVERS\circlass.sys
18:22:56.0994 2944 circlass - ok
18:22:57.0025 2944 CLFS (fe1ec06f2253f691fe36217c592a0206) Z:\Windows\system32\CLFS.sys
18:22:57.0103 2944 CLFS - ok
18:22:57.0165 2944 CmBatt (0840155d0bddf1190f84a663c284bd33) Z:\Windows\system32\DRIVERS\CmBatt.sys
18:22:57.0212 2944 CmBatt - ok
18:22:57.0228 2944 cmdide (e19d3f095812725d88f9001985b94edd) Z:\Windows\system32\drivers\cmdide.sys
18:22:57.0274 2944 cmdide - ok
18:22:57.0321 2944 CNG (c4943b6c962e4b82197542447ad599f4) Z:\Windows\system32\Drivers\cng.sys
18:22:57.0368 2944 CNG - ok
18:22:57.0384 2944 Compbatt (102de219c3f61415f964c88e9085ad14) Z:\Windows\system32\DRIVERS\compbatt.sys
18:22:57.0415 2944 Compbatt - ok
18:22:57.0446 2944 CompositeBus (03edb043586cceba243d689bdda370a8) Z:\Windows\system32\drivers\CompositeBus.sys
18:22:57.0493 2944 CompositeBus - ok
18:22:57.0540 2944 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) Z:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
18:22:57.0618 2944 cpudrv64 - ok
18:22:57.0633 2944 cpuz134 - ok
18:22:57.0664 2944 cpuz135 - ok
18:22:57.0696 2944 crcdisk (1c827878a998c18847245fe1f34ee597) Z:\Windows\system32\DRIVERS\crcdisk.sys
18:22:57.0711 2944 crcdisk - ok
18:22:57.0820 2944 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) Z:\Windows\system32\drivers\csc.sys
18:22:57.0883 2944 CSC - ok
18:22:57.0898 2944 DAdderFltr (fbcb29a76e8105d682b02c69ba9b5c22) Z:\Windows\system32\drivers\dadder.sys
18:22:57.0930 2944 DAdderFltr - ok
18:22:57.0976 2944 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) Z:\Windows\system32\Drivers\dfsc.sys
18:22:58.0039 2944 DfsC - ok
18:22:58.0086 2944 discache (13096b05847ec78f0977f2c0f79e9ab3) Z:\Windows\system32\drivers\discache.sys
18:22:58.0195 2944 discache - ok
18:22:58.0226 2944 Disk (9819eee8b5ea3784ec4af3b137a5244c) Z:\Windows\system32\DRIVERS\disk.sys
18:22:58.0273 2944 Disk - ok
18:22:58.0304 2944 drmkaud (9b19f34400d24df84c858a421c205754) Z:\Windows\system32\drivers\drmkaud.sys
18:22:58.0366 2944 drmkaud - ok
18:22:58.0429 2944 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) Z:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
18:22:58.0444 2944 DrvAgent64 - ok
18:22:58.0476 2944 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) Z:\Windows\System32\drivers\dxgkrnl.sys
18:22:58.0522 2944 DXGKrnl - ok
18:22:58.0554 2944 EagleX64 - ok
18:22:58.0585 2944 eamon (082dab566f704d258d35ba89f21239ca) Z:\Windows\system32\DRIVERS\eamon.sys
18:22:58.0632 2944 eamon - ok
18:22:58.0756 2944 ebdrv (dc5d737f51be844d8c82c695eb17372f) Z:\Windows\system32\DRIVERS\evbda.sys
18:22:58.0866 2944 ebdrv - ok
18:22:58.0912 2944 ehdrv (4ff6f92f170550e226b4595766c4d6a6) Z:\Windows\system32\DRIVERS\ehdrv.sys
18:22:58.0944 2944 ehdrv - ok
18:22:58.0990 2944 elxstor (0e5da5369a0fcaea12456dd852545184) Z:\Windows\system32\DRIVERS\elxstor.sys
18:22:59.0022 2944 elxstor - ok
18:22:59.0053 2944 epfwwfpr (71c8cbde6b18f90f19e9c7cb884f87c8) Z:\Windows\system32\DRIVERS\epfwwfpr.sys
18:22:59.0068 2944 epfwwfpr - ok
18:22:59.0100 2944 ErrDev (34a3c54752046e79a126e15c51db409b) Z:\Windows\system32\drivers\errdev.sys
18:22:59.0162 2944 ErrDev - ok
18:22:59.0193 2944 etdrv (84486624268e078255bc7aa47f0960bc) Z:\Windows\etdrv.sys
18:22:59.0240 2944 etdrv - ok
18:22:59.0256 2944 exfat (a510c654ec00c1e9bdd91eeb3a59823b) Z:\Windows\system32\drivers\exfat.sys
18:22:59.0396 2944 exfat - ok
18:22:59.0458 2944 fastfat (0adc83218b66a6db380c330836f3e36d) Z:\Windows\system32\drivers\fastfat.sys
18:22:59.0568 2944 fastfat - ok
18:22:59.0599 2944 fdc (d765d19cd8ef61f650c384f62fac00ab) Z:\Windows\system32\DRIVERS\fdc.sys
18:22:59.0677 2944 fdc - ok
18:22:59.0708 2944 FileInfo (655661be46b5f5f3fd454e2c3095b930) Z:\Windows\system32\drivers\fileinfo.sys
18:22:59.0739 2944 FileInfo - ok
18:22:59.0848 2944 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) Z:\Windows\system32\drivers\filetrace.sys
18:22:59.0942 2944 Filetrace - ok
18:22:59.0958 2944 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) Z:\Windows\system32\DRIVERS\flpydisk.sys
18:22:59.0989 2944 flpydisk - ok
18:23:00.0020 2944 FltMgr (da6b67270fd9db3697b20fce94950741) Z:\Windows\system32\drivers\fltmgr.sys
18:23:00.0067 2944 FltMgr - ok
18:23:00.0098 2944 FsDepends (d43703496149971890703b4b1b723eac) Z:\Windows\system32\drivers\FsDepends.sys
18:23:00.0145 2944 FsDepends - ok
18:23:00.0160 2944 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) Z:\Windows\system32\drivers\Fs_Rec.sys
18:23:00.0207 2944 Fs_Rec - ok
18:23:00.0270 2944 fvevol (1f7b25b858fa27015169fe95e54108ed) Z:\Windows\system32\DRIVERS\fvevol.sys
18:23:00.0348 2944 fvevol - ok
18:23:00.0363 2944 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) Z:\Windows\system32\DRIVERS\gagp30kx.sys
18:23:00.0457 2944 gagp30kx - ok
18:23:00.0519 2944 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) Z:\Windows\gdrv.sys
18:23:00.0550 2944 gdrv - ok
18:23:00.0644 2944 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) Z:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:23:00.0660 2944 GEARAspiWDM - ok
18:23:00.0722 2944 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) Z:\Windows\GVTDrv64.sys
18:23:00.0738 2944 GVTDrv64 - ok
18:23:00.0784 2944 hcw85cir (f2523ef6460fc42405b12248338ab2f0) Z:\Windows\system32\drivers\hcw85cir.sys
18:23:00.0816 2944 hcw85cir - ok
18:23:00.0862 2944 HdAudAddService (975761c778e33cd22498059b91e7373a) Z:\Windows\system32\drivers\HdAudio.sys
18:23:00.0894 2944 HdAudAddService - ok
18:23:00.0909 2944 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) Z:\Windows\system32\drivers\HDAudBus.sys
18:23:00.0940 2944 HDAudBus - ok
18:23:00.0956 2944 HidBatt (78e86380454a7b10a5eb255dc44a355f) Z:\Windows\system32\DRIVERS\HidBatt.sys
18:23:01.0034 2944 HidBatt - ok
18:23:01.0081 2944 HidBth (7fd2a313f7afe5c4dab14798c48dd104) Z:\Windows\system32\DRIVERS\hidbth.sys
18:23:01.0143 2944 HidBth - ok
18:23:01.0159 2944 HidIr (0a77d29f311b88cfae3b13f9c1a73825) Z:\Windows\system32\DRIVERS\hidir.sys
18:23:01.0206 2944 HidIr - ok
18:23:01.0237 2944 HidUsb (9592090a7e2b61cd582b612b6df70536) Z:\Windows\system32\DRIVERS\hidusb.sys
18:23:01.0284 2944 HidUsb - ok
18:23:01.0330 2944 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) Z:\Windows\system32\drivers\HpSAMD.sys
18:23:01.0346 2944 HpSAMD - ok
18:23:01.0393 2944 HTTP (0ea7de1acb728dd5a369fd742d6eee28) Z:\Windows\system32\drivers\HTTP.sys
18:23:01.0486 2944 HTTP - ok
18:23:01.0518 2944 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) Z:\Windows\system32\drivers\hwpolicy.sys
18:23:01.0564 2944 hwpolicy - ok
18:23:01.0611 2944 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) Z:\Windows\system32\drivers\i8042prt.sys
18:23:01.0658 2944 i8042prt - ok
18:23:01.0705 2944 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) Z:\Windows\system32\drivers\iaStorV.sys
18:23:01.0736 2944 iaStorV - ok
18:23:01.0783 2944 iirsp (5c18831c61933628f5bb0ea2675b9d21) Z:\Windows\system32\DRIVERS\iirsp.sys
18:23:01.0814 2944 iirsp - ok
18:23:01.0892 2944 IntcAzAudAddService (491dadcc74327fabc85e0ab80af8f204) Z:\Windows\system32\drivers\RTKVHD64.sys
18:23:01.0954 2944 IntcAzAudAddService - ok
18:23:02.0017 2944 intelide (f00f20e70c6ec3aa366910083a0518aa) Z:\Windows\system32\drivers\intelide.sys
18:23:02.0032 2944 intelide - ok
18:23:02.0064 2944 intelppm (ada036632c664caa754079041cf1f8c1) Z:\Windows\system32\DRIVERS\intelppm.sys
18:23:02.0126 2944 intelppm - ok
18:23:02.0188 2944 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) Z:\Windows\system32\DRIVERS\ipfltdrv.sys
18:23:02.0251 2944 IpFilterDriver - ok
18:23:02.0282 2944 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) Z:\Windows\system32\drivers\IPMIDrv.sys
18:23:02.0344 2944 IPMIDRV - ok
18:23:02.0376 2944 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) Z:\Windows\system32\drivers\ipnat.sys
18:23:02.0485 2944 IPNAT - ok
18:23:02.0532 2944 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) Z:\Windows\system32\drivers\irenum.sys
18:23:02.0563 2944 IRENUM - ok
18:23:02.0594 2944 isapnp (2f7b28dc3e1183e5eb418df55c204f38) Z:\Windows\system32\drivers\isapnp.sys
18:23:02.0641 2944 isapnp - ok
18:23:02.0781 2944 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) Z:\Windows\system32\drivers\msiscsi.sys
18:23:02.0828 2944 iScsiPrt - ok
18:23:02.0875 2944 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) Z:\Windows\system32\DRIVERS\kbdclass.sys
18:23:02.0890 2944 kbdclass - ok
18:23:02.0937 2944 kbdhid (0705eff5b42a9db58548eec3b26bb484) Z:\Windows\system32\DRIVERS\kbdhid.sys
18:23:02.0953 2944 kbdhid - ok
18:23:03.0000 2944 KSecDD (da1e991a61cfdd755a589e206b97644b) Z:\Windows\system32\Drivers\ksecdd.sys
18:23:03.0015 2944 KSecDD - ok
18:23:03.0124 2944 KSecPkg (7e33198d956943a4f11a5474c1e9106f) Z:\Windows\system32\Drivers\ksecpkg.sys
18:23:03.0171 2944 KSecPkg - ok
18:23:03.0202 2944 ksthunk (6869281e78cb31a43e969f06b57347c4) Z:\Windows\system32\drivers\ksthunk.sys
18:23:03.0296 2944 ksthunk - ok
18:23:03.0358 2944 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) Z:\Windows\system32\drivers\LGBusEnum.sys
18:23:03.0374 2944 LGBusEnum - ok
18:23:03.0390 2944 LGVirHid (94b29ce153765e768f004fb3440be2b0) Z:\Windows\system32\drivers\LGVirHid.sys
18:23:03.0405 2944 LGVirHid - ok
18:23:03.0452 2944 lltdio (1538831cf8ad2979a04c423779465827) Z:\Windows\system32\DRIVERS\lltdio.sys
18:23:03.0546 2944 lltdio - ok
18:23:03.0577 2944 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) Z:\Windows\system32\DRIVERS\lsi_fc.sys
18:23:03.0639 2944 LSI_FC - ok
18:23:03.0655 2944 LSI_SAS (1047184a9fdc8bdbff857175875ee810) Z:\Windows\system32\DRIVERS\lsi_sas.sys
18:23:03.0686 2944 LSI_SAS - ok
18:23:03.0702 2944 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) Z:\Windows\system32\DRIVERS\lsi_sas2.sys
18:23:03.0748 2944 LSI_SAS2 - ok
18:23:03.0764 2944 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) Z:\Windows\system32\DRIVERS\lsi_scsi.sys
18:23:03.0811 2944 LSI_SCSI - ok
18:23:03.0858 2944 luafv (43d0f98e1d56ccddb0d5254cff7b356e) Z:\Windows\system32\drivers\luafv.sys
18:23:03.0920 2944 luafv - ok
18:23:03.0951 2944 megasas (a55805f747c6edb6a9080d7c633bd0f4) Z:\Windows\system32\DRIVERS\megasas.sys
18:23:03.0967 2944 megasas - ok
18:23:04.0014 2944 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) Z:\Windows\system32\DRIVERS\MegaSR.sys
18:23:04.0076 2944 MegaSR - ok
18:23:04.0123 2944 Modem (800ba92f7010378b09f9ed9270f07137) Z:\Windows\system32\drivers\modem.sys
18:23:04.0185 2944 Modem - ok
18:23:04.0216 2944 monitor (b03d591dc7da45ece20b3b467e6aadaa) Z:\Windows\system32\DRIVERS\monitor.sys
18:23:04.0248 2944 monitor - ok
18:23:04.0279 2944 mouclass (7d27ea49f3c1f687d357e77a470aea99) Z:\Windows\system32\DRIVERS\mouclass.sys
18:23:04.0294 2944 mouclass - ok
18:23:04.0326 2944 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) Z:\Windows\system32\DRIVERS\mouhid.sys
18:23:04.0372 2944 mouhid - ok
18:23:04.0404 2944 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) Z:\Windows\system32\drivers\mountmgr.sys
18:23:04.0450 2944 mountmgr - ok
18:23:04.0482 2944 mpio (a44b420d30bd56e145d6a2bc8768ec58) Z:\Windows\system32\drivers\mpio.sys
18:23:04.0513 2944 mpio - ok
18:23:04.0528 2944 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) Z:\Windows\system32\drivers\mpsdrv.sys
18:23:04.0622 2944 mpsdrv - ok
18:23:04.0669 2944 MRxDAV (dc722758b8261e1abafd31a3c0a66380) Z:\Windows\system32\drivers\mrxdav.sys
18:23:04.0731 2944 MRxDAV - ok
18:23:04.0762 2944 mrxsmb (a5d9106a73dc88564c825d317cac68ac) Z:\Windows\system32\DRIVERS\mrxsmb.sys
18:23:04.0809 2944 mrxsmb - ok
18:23:04.0856 2944 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) Z:\Windows\system32\DRIVERS\mrxsmb10.sys
18:23:04.0934 2944 mrxsmb10 - ok
18:23:04.0965 2944 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) Z:\Windows\system32\DRIVERS\mrxsmb20.sys
18:23:05.0012 2944 mrxsmb20 - ok
18:23:05.0028 2944 msahci (c25f0bafa182cbca2dd3c851c2e75796) Z:\Windows\system32\drivers\msahci.sys
18:23:05.0074 2944 msahci - ok
18:23:05.0137 2944 msdsm (db801a638d011b9633829eb6f663c900) Z:\Windows\system32\drivers\msdsm.sys
18:23:05.0184 2944 msdsm - ok
18:23:05.0215 2944 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) Z:\Windows\system32\drivers\Msfs.sys
18:23:05.0277 2944 Msfs - ok
18:23:05.0293 2944 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) Z:\Windows\System32\drivers\mshidkmdf.sys
18:23:05.0355 2944 mshidkmdf - ok
18:23:05.0386 2944 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) Z:\Windows\system32\drivers\msisadrv.sys
18:23:05.0433 2944 msisadrv - ok
18:23:05.0496 2944 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) Z:\Windows\system32\drivers\MSKSSRV.sys
18:23:05.0542 2944 MSKSSRV - ok
18:23:05.0574 2944 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) Z:\Windows\system32\drivers\MSPCLOCK.sys
18:23:05.0652 2944 MSPCLOCK - ok
18:23:05.0667 2944 MSPQM (4ed981241db27c3383d72092b618a1d0) Z:\Windows\system32\drivers\MSPQM.sys
18:23:05.0745 2944 MSPQM - ok
18:23:05.0808 2944 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) Z:\Windows\system32\drivers\MsRPC.sys
18:23:05.0823 2944 MsRPC - ok
18:23:05.0854 2944 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) Z:\Windows\system32\drivers\mssmbios.sys
18:23:05.0870 2944 mssmbios - ok
18:23:05.0886 2944 MSTEE (2e66f9ecb30b4221a318c92ac2250779) Z:\Windows\system32\drivers\MSTEE.sys
18:23:05.0948 2944 MSTEE - ok
18:23:05.0964 2944 MTConfig (7ea404308934e675bffde8edf0757bcd) Z:\Windows\system32\DRIVERS\MTConfig.sys
18:23:06.0010 2944 MTConfig - ok
18:23:06.0042 2944 Mup (f9a18612fd3526fe473c1bda678d61c8) Z:\Windows\system32\Drivers\mup.sys
18:23:06.0088 2944 Mup - ok
18:23:06.0151 2944 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) Z:\Windows\system32\DRIVERS\nwifi.sys
18:23:06.0198 2944 NativeWifiP - ok
18:23:06.0260 2944 NDIS (79b47fd40d9a817e932f9d26fac0a81c) Z:\Windows\system32\drivers\ndis.sys
18:23:06.0307 2944 NDIS - ok
18:23:06.0322 2944 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) Z:\Windows\system32\DRIVERS\ndiscap.sys
18:23:06.0400 2944 NdisCap - ok
18:23:06.0432 2944 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) Z:\Windows\system32\DRIVERS\ndistapi.sys
18:23:06.0494 2944 NdisTapi - ok
18:23:06.0525 2944 Ndisuio (136185f9fb2cc61e573e676aa5402356) Z:\Windows\system32\DRIVERS\ndisuio.sys
18:23:06.0588 2944 Ndisuio - ok
18:23:06.0619 2944 NdisWan (53f7305169863f0a2bddc49e116c2e11) Z:\Windows\system32\DRIVERS\ndiswan.sys
18:23:06.0697 2944 NdisWan - ok
18:23:06.0728 2944 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) Z:\Windows\system32\drivers\NDProxy.sys
18:23:06.0853 2944 NDProxy - ok
18:23:06.0868 2944 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) Z:\Windows\system32\DRIVERS\netbios.sys
18:23:06.0946 2944 NetBIOS - ok
18:23:06.0962 2944 NetBT (09594d1089c523423b32a4229263f068) Z:\Windows\system32\DRIVERS\netbt.sys
18:23:07.0071 2944 NetBT - ok
18:23:07.0165 2944 nfrd960 (77889813be4d166cdab78ddba990da92) Z:\Windows\system32\DRIVERS\nfrd960.sys
18:23:07.0227 2944 nfrd960 - ok
18:23:07.0430 2944 NLNdisMP (ad42fb061166af0643806800304bd76f) Z:\Windows\system32\DRIVERS\nlndis.sys
18:23:07.0555 2944 NLNdisMP - ok
18:23:07.0633 2944 NLNdisPT (ad42fb061166af0643806800304bd76f) Z:\Windows\system32\DRIVERS\nlndis.sys
18:23:07.0648 2944 NLNdisPT - ok
18:23:07.0789 2944 nltdi (75e6581de9a0b155edab6807e668be06) Z:\Program Files\NetLimiter 3\nltdi.sys
18:23:07.0820 2944 nltdi - ok
18:23:07.0836 2944 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) Z:\Windows\system32\drivers\Npfs.sys
18:23:07.0929 2944 Npfs - ok
18:23:07.0976 2944 nsiproxy (e7f5ae18af4168178a642a9247c63001) Z:\Windows\system32\drivers\nsiproxy.sys
18:23:08.0085 2944 nsiproxy - ok
18:23:08.0148 2944 Ntfs (a2f74975097f52a00745f9637451fdd8) Z:\Windows\system32\drivers\Ntfs.sys
18:23:08.0226 2944 Ntfs - ok
18:23:08.0257 2944 Null (9899284589f75fa8724ff3d16aed75c1) Z:\Windows\system32\drivers\Null.sys
18:23:08.0304 2944 Null - ok
18:23:08.0553 2944 nvlddmkm (fd7ea1dcfbe760f04146024697329843) Z:\Windows\system32\DRIVERS\nvlddmkm.sys
18:23:08.0896 2944 nvlddmkm - ok
18:23:08.0928 2944 nvraid (0a92cb65770442ed0dc44834632f66ad) Z:\Windows\system32\drivers\nvraid.sys
18:23:08.0974 2944 nvraid - ok
18:23:09.0006 2944 nvstor (dab0e87525c10052bf65f06152f37e4a) Z:\Windows\system32\drivers\nvstor.sys
18:23:09.0052 2944 nvstor - ok
18:23:09.0099 2944 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) Z:\Windows\system32\drivers\nv_agp.sys
18:23:09.0146 2944 nv_agp - ok
18:23:09.0177 2944 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) Z:\Windows\system32\drivers\ohci1394.sys
18:23:09.0240 2944 ohci1394 - ok
18:23:09.0286 2944 Parport (0086431c29c35be1dbc43f52cc273887) Z:\Windows\system32\DRIVERS\parport.sys
18:23:09.0333 2944 Parport - ok
18:23:09.0364 2944 partmgr (871eadac56b0a4c6512bbe32753ccf79) Z:\Windows\system32\drivers\partmgr.sys
18:23:09.0411 2944 partmgr - ok
18:23:09.0505 2944 pbfilter (7c0582921913d00180ec2b8518ba135c) Z:\Program Files\PeerBlock\pbfilter.sys
18:23:09.0552 2944 pbfilter - ok
18:23:09.0583 2944 pci (94575c0571d1462a0f70bde6bd6ee6b3) Z:\Windows\system32\drivers\pci.sys
18:23:09.0661 2944 pci - ok
18:23:09.0676 2944 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) Z:\Windows\system32\drivers\pciide.sys
18:23:09.0692 2944 pciide - ok
18:23:09.0723 2944 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) Z:\Windows\system32\DRIVERS\pcmcia.sys
18:23:09.0770 2944 pcmcia - ok
18:23:09.0801 2944 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) Z:\Windows\system32\drivers\pcw.sys
18:23:09.0817 2944 pcw - ok
18:23:09.0832 2944 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) Z:\Windows\system32\drivers\peauth.sys
18:23:09.0910 2944 PEAUTH - ok
18:23:09.0973 2944 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) Z:\Windows\system32\DRIVERS\raspptp.sys
18:23:10.0004 2944 PptpMiniport - ok
18:23:10.0020 2944 Processor (0d922e23c041efb1c3fac2a6f943c9bf) Z:\Windows\system32\DRIVERS\processr.sys
18:23:10.0051 2944 Processor - ok
18:23:10.0098 2944 Psched (0557cf5a2556bd58e26384169d72438d) Z:\Windows\system32\DRIVERS\pacer.sys
18:23:10.0160 2944 Psched - ok
18:23:10.0176 2944 pwdrvio (68e7b14747e949374b1baa125bd671d2) Z:\Windows\system32\pwdrvio.sys
18:23:10.0207 2944 pwdrvio - ok
18:23:10.0222 2944 pwdspio (1ca0cf3aa069bd02af7b1406a2ed12a0) Z:\Windows\system32\pwdspio.sys
18:23:10.0238 2944 pwdspio - ok
18:23:10.0472 2944 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) Z:\Windows\system32\DRIVERS\ql2300.sys
18:23:10.0534 2944 ql2300 - ok
18:23:10.0550 2944 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) Z:\Windows\system32\DRIVERS\ql40xx.sys
18:23:10.0566 2944 ql40xx - ok
18:23:10.0597 2944 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) Z:\Windows\system32\drivers\qwavedrv.sys
18:23:10.0659 2944 QWAVEdrv - ok
18:23:10.0675 2944 RasAcd (5a0da8ad5762fa2d91678a8a01311704) Z:\Windows\system32\DRIVERS\rasacd.sys
18:23:10.0737 2944 RasAcd - ok
18:23:10.0846 2944 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) Z:\Windows\system32\DRIVERS\AgileVpn.sys
18:23:10.0909 2944 RasAgileVpn - ok
18:23:10.0940 2944 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) Z:\Windows\system32\DRIVERS\rasl2tp.sys
18:23:11.0018 2944 Rasl2tp - ok
18:23:11.0034 2944 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) Z:\Windows\system32\DRIVERS\raspppoe.sys
18:23:11.0096 2944 RasPppoe - ok
18:23:11.0112 2944 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) Z:\Windows\system32\DRIVERS\rassstp.sys
18:23:11.0174 2944 RasSstp - ok
18:23:11.0190 2944 rdbss (77f665941019a1594d887a74f301fa2f) Z:\Windows\system32\DRIVERS\rdbss.sys
18:23:11.0252 2944 rdbss - ok
18:23:11.0314 2944 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) Z:\Windows\system32\DRIVERS\rdpbus.sys
18:23:11.0346 2944 rdpbus - ok
18:23:11.0377 2944 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) Z:\Windows\system32\DRIVERS\RDPCDD.sys
18:23:11.0455 2944 RDPCDD - ok
18:23:11.0502 2944 RDPDR (1b6163c503398b23ff8b939c67747683) Z:\Windows\system32\drivers\rdpdr.sys
18:23:11.0533 2944 RDPDR - ok
18:23:11.0564 2944 RDPENCDD (bb5971a4f00659529a5c44831af22365) Z:\Windows\system32\drivers\rdpencdd.sys
18:23:11.0626 2944 RDPENCDD - ok
18:23:11.0642 2944 RDPREFMP (216f3fa57533d98e1f74ded70113177a) Z:\Windows\system32\drivers\rdprefmp.sys
18:23:11.0704 2944 RDPREFMP - ok
18:23:11.0736 2944 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) Z:\Windows\system32\drivers\rdpvideominiport.sys
18:23:11.0814 2944 RdpVideoMiniport - ok
18:23:11.0829 2944 RDPWD (15b66c206b5cb095bab980553f38ed23) Z:\Windows\system32\drivers\RDPWD.sys
18:23:11.0907 2944 RDPWD - ok
18:23:11.0938 2944 rdyboost (34ed295fa0121c241bfef24764fc4520) Z:\Windows\system32\drivers\rdyboost.sys
18:23:11.0970 2944 rdyboost - ok
18:23:12.0032 2944 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) Z:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
18:23:12.0079 2944 RivaTuner64 - ok
18:23:12.0126 2944 rspndr (ddc86e4f8e7456261e637e3552e804ff) Z:\Windows\system32\DRIVERS\rspndr.sys
18:23:12.0219 2944 rspndr - ok
18:23:12.0250 2944 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) Z:\Windows\system32\DRIVERS\Rt64win7.sys
18:23:12.0313 2944 RTL8167 - ok
18:23:12.0344 2944 s3cap (e60c0a09f997826c7627b244195ab581) Z:\Windows\system32\drivers\vms3cap.sys
18:23:12.0391 2944 s3cap - ok
18:23:12.0516 2944 SASDIFSV (3289766038db2cb14d07dc84392138d5) Z:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:23:12.0516 2944 SASDIFSV - ok
18:23:12.0547 2944 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) Z:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:23:12.0562 2944 SASKUTIL - ok
18:23:12.0594 2944 sbp2port (ac03af3329579fffb455aa2daabbe22b) Z:\Windows\system32\drivers\sbp2port.sys
18:23:12.0640 2944 sbp2port - ok
18:23:12.0687 2944 scfilter (253f38d0d7074c02ff8deb9836c97d2b) Z:\Windows\system32\DRIVERS\scfilter.sys
18:23:12.0781 2944 scfilter - ok
18:23:12.0859 2944 secdrv (3ea8a16169c26afbeb544e0e48421186) Z:\Windows\system32\drivers\secdrv.sys
18:23:12.0937 2944 secdrv - ok
18:23:12.0968 2944 Serenum (cb624c0035412af0debec78c41f5ca1b) Z:\Windows\system32\DRIVERS\serenum.sys
18:23:13.0030 2944 Serenum - ok
18:23:13.0046 2944 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) Z:\Windows\system32\DRIVERS\serial.sys
18:23:13.0155 2944 Serial - ok
18:23:13.0202 2944 sermouse (1c545a7d0691cc4a027396535691c3e3) Z:\Windows\system32\DRIVERS\sermouse.sys
18:23:13.0249 2944 sermouse - ok
18:23:13.0280 2944 sffdisk (a554811bcd09279536440c964ae35bbf) Z:\Windows\system32\drivers\sffdisk.sys
18:23:13.0311 2944 sffdisk - ok
18:23:13.0327 2944 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) Z:\Windows\system32\drivers\sffp_mmc.sys
18:23:13.0374 2944 sffp_mmc - ok
18:23:13.0436 2944 sffp_sd (dd85b78243a19b59f0637dcf284da63c) Z:\Windows\system32\drivers\sffp_sd.sys
18:23:13.0467 2944 sffp_sd - ok
18:23:13.0498 2944 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) Z:\Windows\system32\DRIVERS\sfloppy.sys
18:23:13.0561 2944 sfloppy - ok
18:23:13.0592 2944 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) Z:\Windows\system32\DRIVERS\SiSRaid2.sys
18:23:13.0670 2944 SiSRaid2 - ok
18:23:13.0686 2944 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) Z:\Windows\system32\DRIVERS\sisraid4.sys
18:23:13.0732 2944 SiSRaid4 - ok
18:23:13.0748 2944 Smb (548260a7b8654e024dc30bf8a7c5baa4) Z:\Windows\system32\DRIVERS\smb.sys
18:23:13.0826 2944 Smb - ok
18:23:13.0873 2944 Soluto (f9369327409492097b0bb7ce86bd29de) Z:\Windows\system32\DRIVERS\Soluto.sys
18:23:13.0888 2944 Soluto - ok
18:23:13.0920 2944 spldr (b9e31e5cacdfe584f34f730a677803f9) Z:\Windows\system32\drivers\spldr.sys
18:23:13.0966 2944 spldr - ok
18:23:14.0013 2944 sptd (d519ad2de7968cd2b47fea807c5b29b2) Z:\Windows\System32\Drivers\sptd.sys
18:23:14.0013 2944 Suspicious file (NoAccess): Z:\Windows\System32\Drivers\sptd.sys. md5: d519ad2de7968cd2b47fea807c5b29b2
18:23:14.0029 2944 sptd ( LockedFile.Multi.Generic ) - warning
18:23:14.0029 2944 sptd - detected LockedFile.Multi.Generic (1)
18:23:14.0060 2944 srv (441fba48bff01fdb9d5969ebc1838f0b) Z:\Windows\system32\DRIVERS\srv.sys
18:23:14.0122 2944 srv - ok
18:23:14.0154 2944 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) Z:\Windows\system32\DRIVERS\srv2.sys
18:23:14.0185 2944 srv2 - ok
18:23:14.0200 2944 srvnet (27e461f0be5bff5fc737328f749538c3) Z:\Windows\system32\DRIVERS\srvnet.sys
18:23:14.0232 2944 srvnet - ok
18:23:14.0278 2944 stexstor (f3817967ed533d08327dc73bc4d5542a) Z:\Windows\system32\DRIVERS\stexstor.sys
18:23:14.0294 2944 stexstor - ok
18:23:14.0356 2944 storflt (7785dc213270d2fc066538daf94087e7) Z:\Windows\system32\drivers\vmstorfl.sys
18:23:14.0388 2944 storflt - ok
18:23:14.0403 2944 storvsc (d34e4943d5ac096c8edeebfd80d76e23) Z:\Windows\system32\drivers\storvsc.sys
18:23:14.0450 2944 storvsc - ok
18:23:14.0528 2944 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) Z:\Windows\system32\drivers\swenum.sys
18:23:14.0575 2944 swenum - ok
18:23:14.0590 2944 Synth3dVsc - ok
18:23:14.0622 2944 tap0901t (b08740047145b9bce15bf75ca0f9718a) Z:\Windows\system32\DRIVERS\tap0901t.sys
18:23:14.0668 2944 tap0901t - ok
18:23:14.0731 2944 Tcpip (fc62769e7bff2896035aeed399108162) Z:\Windows\system32\drivers\tcpip.sys
18:23:14.0793 2944 Tcpip - ok
18:23:14.0856 2944 TCPIP6 (fc62769e7bff2896035aeed399108162) Z:\Windows\system32\DRIVERS\tcpip.sys
18:23:14.0918 2944 TCPIP6 - ok
18:23:14.0949 2944 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) Z:\Windows\system32\drivers\tcpipreg.sys
18:23:15.0012 2944 tcpipreg - ok
18:23:15.0027 2944 TDPIPE (3371d21011695b16333a3934340c4e7c) Z:\Windows\system32\drivers\tdpipe.sys
18:23:15.0121 2944 TDPIPE - ok
18:23:15.0152 2944 TDTCP (e4245bda3190a582d55ed09e137401a9) Z:\Windows\system32\drivers\tdtcp.sys
18:23:15.0230 2944 TDTCP - ok
18:23:15.0261 2944 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) Z:\Windows\system32\DRIVERS\tdx.sys
18:23:15.0339 2944 tdx - ok
18:23:15.0370 2944 teamviewervpn (f5520dbb47c60ee83024b38720abda24) Z:\Windows\system32\DRIVERS\teamviewervpn.sys
18:23:15.0386 2944 teamviewervpn - ok
18:23:15.0433 2944 TermDD (561e7e1f06895d78de991e01dd0fb6e5) Z:\Windows\system32\drivers\termdd.sys
18:23:15.0480 2944 TermDD - ok
18:23:15.0526 2944 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) Z:\Windows\system32\DRIVERS\tssecsrv.sys
18:23:15.0589 2944 tssecsrv - ok
18:23:15.0667 2944 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) Z:\Windows\system32\drivers\tsusbflt.sys
18:23:15.0698 2944 TsUsbFlt - ok
18:23:15.0714 2944 tsusbhub - ok
18:23:15.0760 2944 tunnel (3566a8daafa27af944f5d705eaa64894) Z:\Windows\system32\DRIVERS\tunnel.sys
18:23:15.0823 2944 tunnel - ok
18:23:15.0854 2944 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) Z:\Windows\system32\DRIVERS\uagp35.sys
18:23:15.0901 2944 uagp35 - ok
18:23:15.0948 2944 udfs (ff4232a1a64012baa1fd97c7b67df593) Z:\Windows\system32\DRIVERS\udfs.sys
18:23:16.0010 2944 udfs - ok
18:23:16.0041 2944 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) Z:\Windows\system32\drivers\uliagpkx.sys
18:23:16.0088 2944 uliagpkx - ok
18:23:16.0104 2944 umbus (dc54a574663a895c8763af0fa1ff7561) Z:\Windows\system32\drivers\umbus.sys
18:23:16.0166 2944 umbus - ok
18:23:16.0182 2944 UmPass (b2e8e8cb557b156da5493bbddcc1474d) Z:\Windows\system32\DRIVERS\umpass.sys
18:23:16.0244 2944 UmPass - ok
18:23:16.0275 2944 usbbus (5fcc71487888589a9244af54cfefab29) Z:\Windows\system32\DRIVERS\lgx64bus.sys
18:23:16.0306 2944 usbbus - ok
18:23:16.0322 2944 usbccgp (6f1a3157a1c89435352ceb543cdb359c) Z:\Windows\system32\DRIVERS\usbccgp.sys
18:23:16.0384 2944 usbccgp - ok
18:23:16.0416 2944 usbcir (af0892a803fdda7492f595368e3b68e7) Z:\Windows\system32\drivers\usbcir.sys
18:23:16.0447 2944 usbcir - ok
18:23:16.0478 2944 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) Z:\Windows\system32\DRIVERS\lgx64diag.sys
18:23:16.0494 2944 UsbDiag - ok
18:23:16.0525 2944 usbehci (c025055fe7b87701eb042095df1a2d7b) Z:\Windows\system32\DRIVERS\usbehci.sys
18:23:16.0540 2944 usbehci - ok
18:23:16.0572 2944 usbhub (287c6c9410b111b68b52ca298f7b8c24) Z:\Windows\system32\DRIVERS\usbhub.sys
18:23:16.0634 2944 usbhub - ok
18:23:16.0650 2944 USBModem (78d551f5b93488b4666f5fc8dd4815f3) Z:\Windows\system32\DRIVERS\lgx64modem.sys
18:23:16.0665 2944 USBModem - ok
18:23:16.0681 2944 usbohci (58e546bbaf87664fc57e0f6081e4f609) Z:\Windows\system32\DRIVERS\usbohci.sys
18:23:16.0712 2944 usbohci - ok
18:23:16.0743 2944 usbprint (73188f58fb384e75c4063d29413cee3d) Z:\Windows\system32\DRIVERS\usbprint.sys
18:23:16.0806 2944 usbprint - ok
18:23:16.0837 2944 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) Z:\Windows\system32\DRIVERS\USBSTOR.SYS
18:23:16.0868 2944 USBSTOR - ok
18:23:16.0899 2944 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) Z:\Windows\system32\DRIVERS\usbuhci.sys
18:23:16.0930 2944 usbuhci - ok
18:23:16.0962 2944 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) Z:\Windows\system32\drivers\vdrvroot.sys
18:23:17.0024 2944 vdrvroot - ok
18:23:17.0055 2944 vga (da4da3f5e02943c2dc8c6ed875de68dd) Z:\Windows\system32\DRIVERS\vgapnp.sys
18:23:17.0071 2944 vga - ok
18:23:17.0102 2944 VgaSave (53e92a310193cb3c03bea963de7d9cfc) Z:\Windows\System32\drivers\vga.sys
18:23:17.0180 2944 VgaSave - ok
18:23:17.0180 2944 VGPU - ok
18:23:17.0211 2944 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) Z:\Windows\system32\drivers\vhdmp.sys
18:23:17.0227 2944 vhdmp - ok
18:23:17.0258 2944 vhidmini (1161acff728d97f75d74d2f1465f8a46) Z:\Windows\system32\DRIVERS\vHidDev.sys
18:23:17.0289 2944 vhidmini - ok
18:23:17.0320 2944 viaide (e5689d93ffe4e5d66c0178761240dd54) Z:\Windows\system32\drivers\viaide.sys
18:23:17.0367 2944 viaide - ok
18:23:17.0383 2944 vmbus (86ea3e79ae350fea5331a1303054005f) Z:\Windows\system32\drivers\vmbus.sys
18:23:17.0492 2944 vmbus - ok
18:23:17.0539 2944 VMBusHID (7de90b48f210d29649380545db45a187) Z:\Windows\system32\drivers\VMBusHID.sys
18:23:17.0586 2944 VMBusHID - ok
18:23:17.0617 2944 volmgr (d2aafd421940f640b407aefaaebd91b0) Z:\Windows\system32\drivers\volmgr.sys
18:23:17.0679 2944 volmgr - ok
18:23:17.0726 2944 volmgrx (a255814907c89be58b79ef2f189b843b) Z:\Windows\system32\drivers\volmgrx.sys
18:23:17.0757 2944 volmgrx - ok
18:23:17.0773 2944 volsnap (0d08d2f3b3ff84e433346669b5e0f639) Z:\Windows\system32\drivers\volsnap.sys
18:23:17.0835 2944 volsnap - ok
18:23:17.0851 2944 vsmraid (5e2016ea6ebaca03c04feac5f330d997) Z:\Windows\system32\DRIVERS\vsmraid.sys
18:23:17.0866 2944 vsmraid - ok
18:23:17.0898 2944 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) Z:\Windows\System32\drivers\vwifibus.sys
18:23:17.0944 2944 vwifibus - ok
18:23:17.0976 2944 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) Z:\Windows\system32\DRIVERS\wacompen.sys
18:23:18.0022 2944 WacomPen - ok
18:23:18.0069 2944 WANARP (356afd78a6ed4457169241ac3965230c) Z:\Windows\system32\DRIVERS\wanarp.sys
18:23:18.0147 2944 WANARP - ok
18:23:18.0163 2944 Wanarpv6 (356afd78a6ed4457169241ac3965230c) Z:\Windows\system32\DRIVERS\wanarp.sys
18:23:18.0210 2944 Wanarpv6 - ok
18:23:18.0288 2944 Wd (72889e16ff12ba0f235467d6091b17dc) Z:\Windows\system32\DRIVERS\wd.sys
18:23:18.0303 2944 Wd - ok
18:23:18.0334 2944 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) Z:\Windows\system32\drivers\Wdf01000.sys
18:23:18.0366 2944 Wdf01000 - ok
18:23:18.0428 2944 WfpLwf (611b23304bf067451a9fdee01fbdd725) Z:\Windows\system32\DRIVERS\wfplwf.sys
18:23:18.0506 2944 WfpLwf - ok
18:23:18.0537 2944 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) Z:\Windows\system32\drivers\wimmount.sys
18:23:18.0584 2944 WIMMount - ok
18:23:18.0662 2944 WinUsb (fe88b288356e7b47b74b13372add906d) Z:\Windows\system32\DRIVERS\WinUsb.sys
18:23:18.0724 2944 WinUsb - ok
18:23:18.0771 2944 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) Z:\Windows\system32\drivers\wmiacpi.sys
18:23:18.0834 2944 WmiAcpi - ok
18:23:18.0865 2944 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) Z:\Windows\system32\drivers\ws2ifsl.sys
18:23:18.0958 2944 ws2ifsl - ok
18:23:18.0990 2944 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) Z:\Windows\system32\drivers\WudfPf.sys
18:23:19.0083 2944 WudfPf - ok
18:23:19.0114 2944 WUDFRd (cf8d590be3373029d57af80914190682) Z:\Windows\system32\DRIVERS\WUDFRd.sys
18:23:19.0208 2944 WUDFRd - ok
18:23:19.0255 2944 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) Z:\Windows\system32\DRIVERS\xusb21.sys
18:23:19.0286 2944 xusb21 - ok
18:23:19.0302 2944 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
18:23:19.0364 2944 \Device\Harddisk2\DR2 - ok
18:23:19.0380 2944 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:23:19.0442 2944 \Device\Harddisk0\DR0 - ok
18:23:19.0458 2944 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk1\DR1
18:23:19.0473 2944 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - infected
18:23:19.0473 2944 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Pihar.b (0)
18:23:19.0504 2944 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
18:23:19.0504 2944 \Device\Harddisk1\DR1 - detected TDSS File System (1)
18:23:19.0504 2944 Boot (0x1200) (c2526875d66db35c281ca8c9a8469ea7) \Device\Harddisk2\DR2\Partition0
18:23:19.0504 2944 \Device\Harddisk2\DR2\Partition0 - ok
18:23:19.0520 2944 Boot (0x1200) (1be0dc9e9e77282464fb0d9799adad59) \Device\Harddisk0\DR0\Partition0
18:23:19.0520 2944 \Device\Harddisk0\DR0\Partition0 - ok
18:23:19.0520 2944 Boot (0x1200) (a2cf4763bbefc911140a1663595df2f9) \Device\Harddisk1\DR1\Partition0
18:23:19.0520 2944 \Device\Harddisk1\DR1\Partition0 - ok
18:23:19.0551 2944 Boot (0x1200) (25f2c0a29737a5770a9559cd5cf2ab8a) \Device\Harddisk1\DR1\Partition1
18:23:19.0567 2944 \Device\Harddisk1\DR1\Partition1 - ok
18:23:19.0582 2944 Boot (0x1200) (310df5fccc4f8d2a0e52ed9ceb0a5f28) \Device\Harddisk1\DR1\Partition2
18:23:19.0582 2944 \Device\Harddisk1\DR1\Partition2 - ok
18:23:19.0582 2944 ============================================================
18:23:19.0582 2944 Scan finished
18:23:19.0582 2944 ============================================================
18:23:19.0598 2584 Detected object count: 4
18:23:19.0598 2584 Actual detected object count: 4
18:23:46.0272 2584 ATITool ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:46.0272 2584 ATITool ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:46.0272 2584 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:23:46.0272 2584 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:23:46.0381 2584 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:23:46.0381 2584 \Device\Harddisk1\DR1 - ok
18:23:46.0381 2584 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
18:23:46.0381 2584 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
18:23:46.0381 2584 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip
18:24:19.0531 2172 Deinitialize success

_____________________________________________________________________________________________________________________________________________________________________

ASWMBR

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-26 18:26:01
-----------------------------
18:26:01.736 OS Version: Windows x64 6.1.7601 Service Pack 1
18:26:01.736 Number of processors: 2 586 0xF0D
18:26:01.736 ComputerName: HARSH-PC UserName: Harsh
18:26:01.908 Initialize success
18:28:38.269 AVAST engine defs: 12012602
18:29:02.527 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
18:29:02.527 Disk 0 Vendor: HDS728080PLA380 PF2OA60A Size: 78532MB BusType: 3
18:29:02.527 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-4
18:29:02.543 Disk 1 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953868MB BusType: 3
18:29:02.543 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T1L0-8
18:29:02.543 Disk 2 Vendor: ST380815AS 3.AAD Size: 76318MB BusType: 3
18:29:02.574 Disk 0 MBR read successfully
18:29:02.574 Disk 0 MBR scan
18:29:02.574 Disk 0 Windows 7 default MBR code
18:29:02.590 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78528 MB offset 63
18:29:02.590 Service scanning
18:29:09.547 Service sptd Z:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:29:11.825 Modules scanning
18:29:11.965 AVAST engine scan Z:\Windows
18:29:17.222 AVAST engine scan Z:\Windows\system32
18:32:33.488 AVAST engine scan Z:\Windows\system32\drivers
18:32:53.897 AVAST engine scan Z:\Users\Harsh
18:37:06.338 AVAST engine scan Z:\ProgramData
18:38:04.744 Scan finished successfully
18:39:12.979 Disk 0 MBR has been saved successfully to "Z:\Users\Harsh\Desktop\MBR.dat"
18:39:12.994 The log file has been saved successfully to "Z:\Users\Harsh\Desktop\aswMBR.txt"

__________________________________________________________________________________________________________________________________________________________________

Malwarebytes Anti-malware


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.26.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Harsh :: HARSH-PC [administrator]

1/26/2012 6:55:39 PM
mbam-log-2012-01-26 (18-55-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202418
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
OTL logfile created on: 1/26/2012 8:59:35 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = Z:\Users\Harsh\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 63.83% Memory free
8.00 Gb Paging File | 6.43 Gb Available in Paging File | 80.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = Z: | %SystemRoot% = Z:\Windows | %ProgramFiles% = Z:\Program Files (x86)
Drive C: | 76.69 Gb Total Space | 12.33 Gb Free Space | 16.07% Space Free | Partition Type: NTFS
Drive E: | 40.00 Gb Total Space | 39.91 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Drive F: | 74.53 Gb Total Space | 22.57 Gb Free Space | 30.29% Space Free | Partition Type: NTFS
Drive G: | 844.03 Gb Total Space | 398.04 Gb Free Space | 47.16% Space Free | Partition Type: NTFS
Drive Z: | 47.48 Gb Total Space | 5.57 Gb Free Space | 11.73% Space Free | Partition Type: NTFS

Computer Name: HARSH-PC | User Name: Harsh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/25 23:16:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- Z:\Users\Harsh\Desktop\OTL.exe
PRC - [2011/12/24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- Z:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/12/17 16:05:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- Z:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2010/11/20 07:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- Z:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/05/05 15:56:06 | 000,251,392 | ---- | M] () -- Z:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2010/03/30 23:00:00 | 002,465,888 | ---- | M] (Lavalys, Inc.) -- Z:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
PRC - [2009/12/02 19:40:40 | 000,068,136 | ---- | M] () -- Z:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2009/09/29 12:03:46 | 000,735,960 | ---- | M] (ESET) -- Z:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2007/12/19 10:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- Z:\Program Files (x86)\Razer\DeathAdder\razerofa.exe


========== Modules (No Company Name) ==========

MOD - [2010/05/05 15:56:06 | 000,251,392 | ---- | M] () -- Z:\Program Files (x86)\Razer\DeathAdder\razerhid.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/02 17:30:20 | 000,515,104 | ---- | M] (Soluto) [Auto | Running] -- Z:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- Z:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/03/21 16:19:16 | 001,845,248 | ---- | M] (Locktime Software) [On_Demand | Stopped] -- Z:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV:64bit: - [2009/09/29 12:11:14 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- Z:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/09/29 12:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- Z:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- Z:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- Z:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/17 12:10:34 | 000,008,704 | ---- | M] (Hi-Rez Studios) [On_Demand | Stopped] -- G:\Games\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- Z:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/20 20:48:21 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- Z:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/12/17 16:05:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- Z:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/12/14 15:43:00 | 003,316,000 | ---- | M] () [On_Demand | Stopped] -- z:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/10/14 13:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- Z:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011/10/04 22:50:37 | 000,075,136 | ---- | M] () [On_Demand | Stopped] -- Z:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/04/21 16:36:28 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- Z:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/01 17:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- Z:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- Z:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/02 19:40:40 | 000,068,136 | ---- | M] () [Auto | Running] -- Z:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- Z:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [On_Demand | Stopped] -- Z:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/02 17:15:26 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- Z:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
DRV:64bit: - [2011/11/20 19:28:39 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- Z:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- Z:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- Z:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/30 06:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011/03/21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT)
DRV:64bit: - [2011/03/21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- Z:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP)
DRV:64bit: - [2011/03/21 16:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- Z:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- Z:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- Z:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/04/19 16:04:44 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- Z:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2010/04/09 12:17:24 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2010/04/09 12:17:20 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2009/12/21 20:50:00 | 000,007,552 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- Z:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini)
DRV:64bit: - [2009/11/23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- Z:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/09/29 12:06:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- Z:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/09/29 12:03:00 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- Z:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/09/29 11:56:36 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- Z:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- Z:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- Z:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- Z:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2006/11/10 08:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- Z:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV - [2012/01/26 18:25:25 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- Z:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/11/20 20:19:08 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- Z:\Windows\etdrv.sys -- (etdrv)
DRV - [2011/11/20 20:13:24 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- Z:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011/10/26 17:13:42 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- Z:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2010/11/27 18:01:37 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- Z:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2010/03/30 23:00:00 | 000,026,752 | ---- | M] () [Kernel | On_Demand | Running] -- Z:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 -- (EverestDriver)
DRV - [2009/12/18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- Z:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- Z:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 1B F8 D2 D0 83 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.gamespot.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: [email protected]:2.6.1
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: Z:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_160.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: Z:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: Z:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: Z:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_160.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: Z:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: Z:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: Z:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: Z:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: Z:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: Z:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: Z:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.67837: Z:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: Z:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: Z:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: Z:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: Z:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: Z:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: Z:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: Z:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: Z:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/30 13:51:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: Z:\Program Files (x86)\Mozilla Firefox\components [2012/01/15 14:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: Z:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/14 15:09:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: Z:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/11/06 18:54:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: Z:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins [2012/01/14 15:09:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: Z:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/03/26 01:56:49 | 000,000,000 | ---D | M]

[2010/09/09 21:23:13 | 000,000,000 | ---D | M] (No name found) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Extensions
[2010/09/09 21:23:13 | 000,000,000 | ---D | M] (No name found) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/01/22 20:14:12 | 000,000,000 | ---D | M] (No name found) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions
[2012/01/03 20:13:10 | 000,000,000 | ---D | M] (vshare.tv Bar Community Toolbar) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
[2011/11/03 17:12:54 | 000,000,000 | ---D | M] (WebSlingPlayer) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2012/01/21 14:22:50 | 000,000,000 | ---D | M] (Greasemonkey) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/26 20:00:57 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\[email protected]
[2011/10/01 14:04:28 | 000,000,000 | ---D | M] (CheckPlaces) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\[email protected]
[2010/11/28 15:18:15 | 000,000,000 | ---D | M] (vShare) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\vshare@toolbar
[2012/01/22 20:14:12 | 000,000,000 | ---D | M] (We-Care Reminder) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\wecarereminder@bryan
[2012/01/12 17:42:37 | 000,000,000 | ---D | M] (Widevine Media Transformer Plugin) -- Z:\Users\Harsh\AppData\Roaming\Mozilla\Firefox\Profiles\vk995pnm.default\extensions\widevinemediatransformer@widevine
[2011/10/31 15:44:40 | 000,000,000 | ---D | M] (No name found) -- Z:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/15 14:04:21 | 000,000,000 | ---D | M] (No name found) -- Z:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/01/15 14:04:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- Z:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- Z:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/31 05:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- Z:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011/10/26 13:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- Z:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/01/15 14:04:17 | 000,002,252 | ---- | M] () -- Z:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/15 14:04:17 | 000,002,040 | ---- | M] () -- Z:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = Z:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = Z:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_18.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = Z:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = Z:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = Z:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = Z:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = Z:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = Z:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = Z:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = Z:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = Z:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = Z:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = Z:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = Z:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = Z:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = Z:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = Z:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = Z:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: vShare.tv plug-in (Enabled) = Z:\Users\Harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = Z:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Widevine Media Transformer (Enabled) = Z:\Program Files (x86)\Google\Chrome\Application\plugins\npwidevinemediatransformer.dll
CHR - plugin: downloadUpdater (Enabled) = Z:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = Z:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Winamp Application Detector (Enabled) = Z:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = Z:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = Z:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = Z:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = Z:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = Z:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = Z:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: OnLive Games Service Detector for Firefox (Enabled) = Z:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll
CHR - plugin: Veetle TV Player (Enabled) = Z:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = Z:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = Z:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = Z:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/01/26 18:16:20 | 000,000,027 | ---- | M]) - Z:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Z:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Z:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - Z:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Z:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - Z:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O4:64bit: - HKLM..\Run: [egui] Z:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] Z:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [DeathAdder] Z:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKCU..\Run: [PeerBlock] Z:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - Startup: Z:\Users\Harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download with pod-works-platinum - Z:\Program Files (x86)\ImTOO\PodWorks Platinum\upod_link.HTM File not found
O8 - Extra context menu item: Download with pod-works-platinum - Z:\Program Files (x86)\ImTOO\PodWorks Platinum\upod_link.HTM File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - Z:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - Z:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CF0BB43-C8A6-418D-AC51-B3170BB82810}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Z:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Z:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (Z:\Windows\system32\userinit.exe) - Z:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (Z:\Program Files\Soluto\soluto.exe /userinit) - Z:\Program Files\Soluto\soluto.exe (Soluto)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - Z:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -Z:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (Z:\Windows\system32\userinit.exe) -Z:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/25 15:39:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/26 18:16:27 | 000,000,000 | ---D | C] -- Z:\$RECYCLE.BIN
[2012/01/26 18:14:34 | 000,000,000 | ---D | C] -- Z:\Windows\temp
[2012/01/26 18:02:01 | 000,518,144 | ---- | C] (SteelWerX) -- Z:\Windows\SWREG.exe
[2012/01/26 18:02:01 | 000,406,528 | ---- | C] (SteelWerX) -- Z:\Windows\SWSC.exe
[2012/01/26 18:01:56 | 000,000,000 | ---D | C] -- Z:\Windows\ERDNT
[2012/01/26 18:01:33 | 000,000,000 | ---D | C] -- Z:\Qoobox
[2012/01/26 17:59:58 | 004,733,440 | ---- | C] (AVAST Software) -- Z:\Users\Harsh\Desktop\aswMBR.exe
[2012/01/26 17:58:52 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- Z:\Users\Harsh\Desktop\tdsskiller.exe
[2012/01/26 17:56:07 | 004,391,143 | R--- | C] (Swearware) -- Z:\Users\Harsh\Desktop\ComboFix.exe
[2012/01/25 23:16:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- Z:\Users\Harsh\Desktop\OTL.exe
[2012/01/25 21:03:07 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{85F9E3A7-C1DC-44E4-9C91-70C148BACEBB}
[2012/01/25 21:02:55 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{BF41D7B9-3B56-49CF-8645-9EB3A0424D88}
[2012/01/23 21:50:20 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{377EDB52-E98B-400C-B00D-3BFB5CB34E23}
[2012/01/23 21:50:09 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{55C25430-C5C1-4723-8D4F-58FA64F066C9}
[2012/01/23 18:34:11 | 000,000,000 | ---D | C] -- Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2012/01/22 23:29:12 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\Desktop\JTypes3.asp_files
[2012/01/21 16:27:31 | 000,054,728 | ---- | C] (Soluto LTD.) -- Z:\Windows\SysNative\drivers\Soluto.sys
[2012/01/21 16:27:28 | 000,000,000 | ---D | C] -- Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2012/01/21 16:27:28 | 000,000,000 | ---D | C] -- Z:\Program Files\Soluto
[2012/01/21 16:26:39 | 000,000,000 | ---D | C] -- Z:\ProgramData\WeCareReminder
[2012/01/21 16:26:39 | 000,000,000 | ---D | C] -- Z:\ProgramData\Soluto
[2012/01/21 14:55:41 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\Desktop\computer concepts
[2012/01/21 14:52:42 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\Desktop\Internet and Info environment
[2012/01/18 01:04:46 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\Desktop\Mass Media
[2012/01/18 01:01:10 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\Desktop\Medical Anthropology
[2012/01/17 20:25:24 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{9D3B5D16-257E-4A83-A435-621D69D2F09E}
[2012/01/17 20:25:13 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{1DAA29AC-2076-49D3-82AA-3249994F8D7F}
[2012/01/17 14:52:42 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Bootvis
[2012/01/17 14:52:42 | 000,000,000 | ---D | C] -- Z:\Program Files (x86)\Microsoft Bootvis
[2012/01/16 15:27:19 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{B5D19BC4-5239-4C59-BFCB-3D5CCC3D78F4}
[2012/01/16 15:27:08 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{3A27EA5B-7A90-4517-8012-561EC20C0A4F}
[2012/01/15 17:45:15 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\Documents\ImTOO
[2012/01/15 17:45:15 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Roaming\ImTOO
[2012/01/15 17:45:06 | 000,000,000 | ---D | C] -- Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImTOO
[2012/01/15 17:44:38 | 000,000,000 | ---D | C] -- Z:\ProgramData\ImTOO
[2012/01/15 17:44:38 | 000,000,000 | ---D | C] -- Z:\Program Files (x86)\ImTOO
[2012/01/14 14:24:26 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{C15DF179-7DC3-4444-84AE-53ABBAA81041}
[2012/01/14 14:24:12 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{6BAF296E-3C63-4E99-87F3-5F769C5FA335}
[2012/01/14 01:38:44 | 000,000,000 | ---D | C] -- Z:\Windows\symbols
[2012/01/14 01:37:11 | 000,000,000 | ---D | C] -- Z:\ProgramData\VS
[2012/01/13 18:37:45 | 000,000,000 | ---D | C] -- Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012/01/13 18:37:45 | 000,000,000 | ---D | C] -- Z:\ProgramData\Hi-Rez Studios
[2012/01/13 18:35:57 | 013,209,696 | ---- | C] (Hi-Rez Studios) -- Z:\Users\Harsh\Desktop\InstallHiRezGamesEnglish.exe
[2012/01/13 15:14:42 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{7C3FD1F0-F7CA-4331-AC2C-DA17B325BBCF}
[2012/01/13 15:14:27 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{386A2AB0-5528-44BA-88FA-7343D5C34264}
[2012/01/13 14:13:18 | 006,004,544 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysNative\nvcpl.dll
[2012/01/13 14:13:18 | 003,028,800 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysNative\nvsvc64.dll
[2012/01/13 14:13:18 | 002,562,368 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysNative\nvsvcr.dll
[2012/01/13 14:13:18 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysNative\nvmctray.dll
[2012/01/13 14:13:18 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysNative\nvshext.dll
[2012/01/13 14:12:48 | 000,000,000 | ---D | C] -- Z:\ProgramData\NVIDIA Corporation
[2012/01/13 14:10:54 | 025,432,896 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysNative\nvoglv64.dll
[2012/01/13 14:10:54 | 025,137,472 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysNative\nvcompiler.dll
[2012/01/13 14:10:54 | 019,348,800 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysWow64\nvoglv32.dll
[2012/01/13 14:10:54 | 017,498,432 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysWow64\nvcompiler.dll
[2012/01/13 14:10:54 | 017,483,072 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysNative\nvd3dumx.dll
[2012/01/13 14:10:54 | 014,863,680 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysWow64\nvd3dum.dll
[2012/01/13 14:10:54 | 009,622,336 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysNative\nvwgf2umx.dll
[2012/01/13 14:10:54 | 007,974,208 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysNative\nvcuda.dll
[2012/01/13 14:10:54 | 007,677,248 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysWow64\nvwgf2um.dll
[2012/01/13 14:10:54 | 005,868,352 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysWow64\nvcuda.dll
[2012/01/13 14:10:54 | 002,660,160 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysNative\nvcuvid.dll
[2012/01/13 14:10:54 | 002,506,048 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysWow64\nvcuvid.dll
[2012/01/13 14:10:54 | 002,403,136 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysNative\nvapi64.dll
[2012/01/13 14:10:54 | 002,374,464 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysNative\nvcuvenc.dll
[2012/01/13 14:10:54 | 002,206,016 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysWow64\nvcuvenc.dll
[2012/01/13 14:10:54 | 002,095,424 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysWow64\nvapi.dll
[2012/01/13 14:10:54 | 001,715,008 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysNative\nvdispco64.dll
[2012/01/13 14:10:54 | 001,454,912 | ---- | C] (NVIDIA Corporation) -- Z:\Windows\SysNative\nvgenco64.dll
[2012/01/13 14:10:54 | 000,068,928 | ---- | C] (Khronos Group) -- Z:\Windows\SysNative\OpenCL.dll
[2012/01/13 14:10:54 | 000,061,248 | ---- | C] (Khronos Group) -- Z:\Windows\SysWow64\OpenCL.dll
[2012/01/12 23:29:29 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{C0F04E07-8C8C-4017-A2F1-72D92139B51C}
[2012/01/12 23:29:18 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{2CDA6267-F057-4F3F-BB75-9F3105E55451}
[2012/01/10 13:39:00 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{1E494B82-5050-4805-A274-F3EB9EFD5A61}
[2012/01/10 13:38:47 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{F7799EA8-A853-4E25-9E4D-D7E9CD795F19}
[2012/01/10 13:35:23 | 001,572,864 | ---- | C] (Microsoft Corporation) -- Z:\Windows\SysNative\quartz.dll
[2012/01/10 13:35:23 | 001,328,128 | ---- | C] (Microsoft Corporation) -- Z:\Windows\SysWow64\quartz.dll
[2012/01/10 13:35:22 | 000,514,560 | ---- | C] (Microsoft Corporation) -- Z:\Windows\SysWow64\qdvd.dll
[2012/01/10 13:35:22 | 000,366,592 | ---- | C] (Microsoft Corporation) -- Z:\Windows\SysNative\qdvd.dll
[2012/01/10 13:35:20 | 001,731,920 | ---- | C] (Microsoft Corporation) -- Z:\Windows\SysNative\ntdll.dll
[2012/01/10 13:35:19 | 000,077,312 | ---- | C] (Microsoft Corporation) -- Z:\Windows\SysNative\packager.dll
[2012/01/10 13:35:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- Z:\Windows\SysWow64\packager.dll
[2012/01/10 13:35:17 | 001,447,936 | ---- | C] (Microsoft Corporation) -- Z:\Windows\SysNative\lsasrv.dll
[2012/01/10 13:35:17 | 000,395,776 | ---- | C] (Microsoft Corporation) -- Z:\Windows\SysNative\webio.dll
[2012/01/10 13:35:17 | 000,314,880 | ---- | C] (Microsoft Corporation) -- Z:\Windows\SysWow64\webio.dll
[2012/01/10 13:35:17 | 000,136,192 | ---- | C] (Microsoft Corporation) -- Z:\Windows\SysNative\sspicli.dll
[2012/01/10 13:35:17 | 000,029,184 | ---- | C] (Microsoft Corporation) -- Z:\Windows\SysNative\sspisrv.dll
[2012/01/10 13:35:17 | 000,028,160 | ---- | C] (Microsoft Corporation) -- Z:\Windows\SysNative\secur32.dll
[2012/01/08 13:58:24 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{10AE13CC-F126-450C-82CD-B6E3D3442950}
[2012/01/08 13:58:10 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{73BA81F5-BD0F-4C7F-BB76-24EEA9DDB68E}
[2012/01/07 14:47:44 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{8C64AE3E-DE54-49E5-8ECE-651056054647}
[2012/01/07 14:47:33 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{51D4F647-E8FC-49F0-BB75-63828F595ED2}
[2012/01/06 13:07:10 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{A689B594-F58C-4931-B55F-B55A4D27DE9D}
[2012/01/06 13:06:58 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{78DD7EF0-8386-4BB8-976E-6F722A4C9AF5}
[2012/01/05 13:20:55 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{96EBEEAD-643F-47C8-9CDE-8F41B46E4CB5}
[2012/01/05 13:20:43 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{41E838D1-19A9-4190-A296-3110EDC76E42}
[2012/01/04 14:20:04 | 204,883,800 | ---- | C] (NVIDIA Corporation) -- Z:\Users\Harsh\Desktop\290.53-desktop-win7-winvista-64bit-international-beta.exe
[2012/01/04 13:59:56 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{6E8E6857-01BD-4C85-B3FD-B5864F7383C5}
[2012/01/04 13:59:44 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{716E208A-81D5-4DF7-83A9-C1C8971F3A04}
[2012/01/03 13:26:26 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{5F86E5CD-9AF5-4026-B641-8BAFA7893310}
[2012/01/03 13:26:13 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{CFBBF942-3132-4513-B840-B06998B8170B}
[2012/01/03 01:23:53 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{D5EBBEE8-DC4B-4EEB-AC77-275767B074ED}
[2012/01/03 01:23:41 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{EA0D5F06-AC6F-4C9F-8C35-2F425EAE3D5A}
[2012/01/02 18:17:56 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\Desktop\walgreens rebate finalConfirm.action_files
[2012/01/02 13:23:22 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{ACB13723-967E-4350-9D7C-26C01FD025BD}
[2012/01/02 13:23:08 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{5968A38C-B227-4BA7-8501-EC7CCF0AE3E7}
[2012/01/01 13:48:20 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{30C51424-2098-4A13-ABCE-6494136CDBE5}
[2012/01/01 13:48:09 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{494BEB85-81D8-4F22-8A13-9A90C88A7395}
[2011/12/31 13:20:07 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{50F41D85-046F-4BE7-A5C9-CB0074D3DA8E}
[2011/12/31 13:19:51 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{6539B963-6C07-4177-A328-3FD86FA20FA0}
[2011/12/30 15:00:06 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{6078DD19-B816-4E4B-BFCE-EF0DC27BD0E2}
[2011/12/30 14:59:54 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{B495EBCE-98BC-4B8E-A5E0-6C1E65F57D8F}
[2011/12/29 15:21:15 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{E8D2470C-9C1B-451B-BB12-2A6586FB2BB6}
[2011/12/29 15:21:03 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{DE6B66B7-B379-41C8-AAB7-6E7CACD54DDB}
[2011/12/28 13:31:58 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{6C2324F2-9609-401F-AECF-98C9FF530556}
[2011/12/28 13:31:46 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{BE2DB8DA-9C8B-4743-96ED-A74D8134241F}
[2011/12/27 22:10:33 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{B8BBC3C5-F879-478A-AD65-14463FCFC939}
[2011/12/27 22:10:22 | 000,000,000 | ---D | C] -- Z:\Users\Harsh\AppData\Local\{8700ACCA-3EE7-42D5-BB99-2A12DB37B0B1}
[3 Z:\Users\Harsh\Desktop\*.tmp files -> Z:\Users\Harsh\Desktop\*.tmp -> ]
[1 Z:\Windows\SysWow64\*.tmp files -> Z:\Windows\SysWow64\*.tmp -> ]
[1 Z:\Windows\SysNative\*.tmp files -> Z:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/26 20:56:00 | 000,000,896 | ---- | M] () -- Z:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/26 20:48:01 | 000,000,830 | ---- | M] () -- Z:\Windows\tasks\Adobe Flash Player Updater.job
[2012/01/26 18:39:12 | 000,000,512 | ---- | M] () -- Z:\Users\Harsh\Desktop\MBR.dat
[2012/01/26 18:32:41 | 000,014,224 | -H-- | M] () -- Z:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 18:32:41 | 000,014,224 | -H-- | M] () -- Z:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 18:25:25 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- Z:\Windows\gdrv.sys
[2012/01/26 18:25:17 | 000,067,584 | --S- | M] () -- Z:\Windows\bootstat.dat
[2012/01/26 18:25:15 | 3220,037,632 | -HS- | M] () -- Z:\hiberfil.sys
[2012/01/26 18:16:20 | 000,000,027 | ---- | M] () -- Z:\Windows\SysNative\drivers\etc\hosts
[2012/01/26 18:00:18 | 004,733,440 | ---- | M] (AVAST Software) -- Z:\Users\Harsh\Desktop\aswMBR.exe
[2012/01/26 17:59:38 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- Z:\Users\Harsh\Desktop\tdsskiller.exe
[2012/01/26 17:56:38 | 004,391,143 | R--- | M] (Swearware) -- Z:\Users\Harsh\Desktop\ComboFix.exe
[2012/01/25 23:57:17 | 000,002,349 | ---- | M] () -- Z:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/25 23:16:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- Z:\Users\Harsh\Desktop\OTL.exe
[2012/01/23 20:44:36 | 000,685,810 | ---- | M] () -- Z:\Users\Harsh\Desktop\Introduction.BeginSets.Spring2011.v2.pdf
[2012/01/23 20:43:39 | 000,010,783 | ---- | M] () -- Z:\Users\Harsh\Desktop\ia-scoringKey-611.pdf
[2012/01/23 20:43:35 | 000,797,448 | ---- | M] () -- Z:\Users\Harsh\Desktop\20110126-ia-examRegents.pdf
[2012/01/23 18:18:38 | 000,000,892 | ---- | M] () -- Z:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/23 01:15:08 | 000,000,000 | ---- | M] () -- Z:\Windows\SysWow64\Access.dat
[2012/01/22 23:29:12 | 000,017,096 | ---- | M] () -- Z:\Users\Harsh\Desktop\JTypes3.asp.htm
[2012/01/22 23:14:59 | 000,368,209 | ---- | M] () -- Z:\Users\Harsh\Desktop\humanmetrics.jpg
[2012/01/21 16:29:41 | 000,000,098 | ---- | M] () -- Z:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/01/19 21:39:51 | 000,030,457 | ---- | M] () -- Z:\Users\Harsh\Desktop\BuybackLabel_660890.PDF
[2012/01/17 14:47:57 | 000,000,003 | ---- | M] () -- Z:\Windows\SysNative\HRUPPROG.DIE.NOW
[2012/01/15 17:40:27 | 000,014,208 | ---- | M] () -- Z:\Users\Harsh\Desktop\-_Demonoid.me_-ImTOO_PodWorks_Platinum_5_0_1_1205_673633.7822.torrent
[2012/01/14 00:23:44 | 000,440,137 | R--- | M] () -- Z:\Windows\SysNative\drivers\etc\hosts.20120122-143328.backup
[2012/01/13 18:36:03 | 013,209,696 | ---- | M] (Hi-Rez Studios) -- Z:\Users\Harsh\Desktop\InstallHiRezGamesEnglish.exe
[2012/01/13 18:31:00 | 000,000,880 | ---- | M] () -- Z:\Windows\tasks\Google Software Updater.job
[2012/01/13 14:10:16 | 000,783,374 | ---- | M] () -- Z:\Windows\SysNative\PerfStringBackup.INI
[2012/01/13 14:10:16 | 000,663,200 | ---- | M] () -- Z:\Windows\SysNative\perfh009.dat
[2012/01/13 14:10:16 | 000,122,068 | ---- | M] () -- Z:\Windows\SysNative\perfc009.dat
[2012/01/13 00:50:12 | 000,990,720 | ---- | M] () -- Z:\Users\Harsh\Desktop\bootvis.msi
[2012/01/06 13:03:54 | 000,440,010 | R--- | M] () -- Z:\Windows\SysNative\drivers\etc\hosts.20120114-002344.backup
[2012/01/04 14:24:00 | 204,883,800 | ---- | M] (NVIDIA Corporation) -- Z:\Users\Harsh\Desktop\290.53-desktop-win7-winvista-64bit-international-beta.exe
[2012/01/03 00:52:19 | 000,032,385 | ---- | M] () -- Z:\Users\Harsh\Desktop\error.jpg
[2012/01/02 18:17:58 | 000,009,336 | ---- | M] () -- Z:\Users\Harsh\Desktop\walgreens rebate finalConfirm.action.htm
[2012/01/02 17:15:26 | 000,054,728 | ---- | M] (Soluto LTD.) -- Z:\Windows\SysNative\drivers\Soluto.sys
[2011/12/29 13:43:30 | 000,777,098 | ---- | M] () -- Z:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/27 21:10:28 | 000,254,934 | ---- | M] () -- Z:\Users\Harsh\Desktop\Oximeter10December.pdf
[3 Z:\Users\Harsh\Desktop\*.tmp files -> Z:\Users\Harsh\Desktop\*.tmp -> ]
[1 Z:\Windows\SysWow64\*.tmp files -> Z:\Windows\SysWow64\*.tmp -> ]
[1 Z:\Windows\SysNative\*.tmp files -> Z:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/26 18:39:12 | 000,000,512 | ---- | C] () -- Z:\Users\Harsh\Desktop\MBR.dat
[2012/01/26 18:02:01 | 000,256,000 | ---- | C] () -- Z:\Windows\PEV.exe
[2012/01/26 18:02:01 | 000,208,896 | ---- | C] () -- Z:\Windows\MBR.exe
[2012/01/26 18:02:01 | 000,098,816 | ---- | C] () -- Z:\Windows\sed.exe
[2012/01/26 18:02:01 | 000,080,412 | ---- | C] () -- Z:\Windows\grep.exe
[2012/01/26 18:02:01 | 000,068,096 | ---- | C] () -- Z:\Windows\zip.exe
[2012/01/23 20:44:35 | 000,685,810 | ---- | C] () -- Z:\Users\Harsh\Desktop\Introduction.BeginSets.Spring2011.v2.pdf
[2012/01/23 20:43:38 | 000,010,783 | ---- | C] () -- Z:\Users\Harsh\Desktop\ia-scoringKey-611.pdf
[2012/01/23 20:43:35 | 000,797,448 | ---- | C] () -- Z:\Users\Harsh\Desktop\20110126-ia-examRegents.pdf
[2012/01/22 23:29:11 | 000,017,096 | ---- | C] () -- Z:\Users\Harsh\Desktop\JTypes3.asp.htm
[2012/01/22 23:14:59 | 000,368,209 | ---- | C] () -- Z:\Users\Harsh\Desktop\humanmetrics.jpg
[2012/01/21 16:29:41 | 000,000,098 | ---- | C] () -- Z:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/01/19 21:39:47 | 000,030,457 | ---- | C] () -- Z:\Users\Harsh\Desktop\BuybackLabel_660890.PDF
[2012/01/17 14:47:57 | 000,000,003 | ---- | C] () -- Z:\Windows\SysNative\HRUPPROG.DIE.NOW
[2012/01/15 17:40:25 | 000,014,208 | ---- | C] () -- Z:\Users\Harsh\Desktop\-_Demonoid.me_-ImTOO_PodWorks_Platinum_5_0_1_1205_673633.7822.torrent
[2012/01/13 14:10:54 | 000,007,653 | ---- | C] () -- Z:\Windows\SysNative\nvinfo.pb
[2012/01/13 00:50:08 | 000,990,720 | ---- | C] () -- Z:\Users\Harsh\Desktop\bootvis.msi
[2012/01/03 00:51:39 | 000,032,385 | ---- | C] () -- Z:\Users\Harsh\Desktop\error.jpg
[2012/01/02 18:17:55 | 000,009,336 | ---- | C] () -- Z:\Users\Harsh\Desktop\walgreens rebate finalConfirm.action.htm
[2011/12/27 21:10:28 | 000,254,934 | ---- | C] () -- Z:\Users\Harsh\Desktop\Oximeter10December.pdf
[2011/12/14 23:39:42 | 000,042,392 | ---- | C] () -- Z:\Windows\SysWow64\xfcodec.dll
[2011/10/24 21:19:47 | 000,000,000 | ---- | C] () -- Z:\Windows\SysWow64\Access.dat
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- Z:\Windows\SysWow64\nvStreaming.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- Z:\Windows\SysWow64\xlive.dll.cat
[2011/02/26 22:04:36 | 000,000,120 | ---- | C] () -- Z:\Users\Harsh\AppData\Roaming\FixVTS.ini
[2011/02/05 18:40:01 | 000,119,296 | ---- | C] () -- Z:\Windows\SysWow64\zlib.dll
[2011/02/05 18:40:01 | 000,057,344 | ---- | C] () -- Z:\Windows\SysWow64\ADsSecurity.dll
[2011/02/05 18:40:01 | 000,036,864 | ---- | C] () -- Z:\Windows\SysWow64\dxinputdll.dll
[2010/12/05 20:28:39 | 000,777,098 | ---- | C] () -- Z:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/27 15:52:16 | 000,030,528 | ---- | C] () -- Z:\Windows\GVTDrv64.sys
[2010/10/16 23:11:03 | 000,000,369 | ---- | C] () -- Z:\Windows\IfoEdit.INI
[2010/09/15 17:37:31 | 000,007,645 | ---- | C] () -- Z:\Users\Harsh\AppData\Local\Resmon.ResmonCfg
[2010/09/08 22:26:45 | 000,189,736 | -H-- | C] () -- Z:\Windows\SysWow64\mlfcache.dat
[2010/08/27 22:03:05 | 000,271,200 | ---- | C] () -- Z:\Windows\SysWow64\PnkBstrB.exe
[2010/08/27 22:02:10 | 000,075,136 | ---- | C] () -- Z:\Windows\SysWow64\PnkBstrA.exe
[2010/08/27 16:45:32 | 000,000,262 | ---- | C] () -- Z:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/08/27 16:11:58 | 000,819,200 | ---- | C] () -- Z:\Windows\SysWow64\xvidcore.dll
[2010/08/27 16:11:58 | 000,180,224 | ---- | C] () -- Z:\Windows\SysWow64\xvidvfw.dll
[2010/08/27 16:11:46 | 000,085,504 | ---- | C] () -- Z:\Windows\SysWow64\ff_vfw.dll
[2010/08/27 16:11:12 | 000,033,019 | ---- | C] () -- Z:\Windows\SysWow64\CoreAAC-uninstall.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- Z:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- Z:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- Z:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- Z:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- Z:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- Z:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- Z:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> Z:\ProgramData\TEMP:EF6E4E62
@Alternate Data Stream - 128 bytes -> Z:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> Z:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 121 bytes -> Z:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> Z:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> Z:\ProgramData\TEMP:76650B61

< End of report >

Attached Files


  • 0

#4
RKinner
Posted 26 January 2012 - 08:55 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Run TDSSKiller again and let it get rid of this:

18:23:46.0381 2584 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
18:23:46.0381 2584 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip

Please post the log.
  • 0

#5
harshone
Posted 27 January 2012 - 06:59 PM

harshone

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Seems like it is cleared up. Do you think registry and other things have been compromised? Do you think it could
still be someplace else on the harddrive? I am not really sure what this trojan does, but I read it is one of the
more dangerous trojans. I honestly don't know how or where I got it from. :(

Thanks for the help!


TDSS log:

19:53:58.0961 4556 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
19:53:59.0708 4556 ============================================================
19:53:59.0708 4556 Current date / time: 2012/01/27 19:53:59.0708
19:53:59.0708 4556 SystemInfo:
19:53:59.0708 4556
19:53:59.0708 4556 OS Version: 6.1.7601 ServicePack: 1.0
19:53:59.0708 4556 Product type: Workstation
19:53:59.0708 4556 ComputerName: HARSH-PC
19:53:59.0708 4556 UserName: Harsh
19:53:59.0708 4556 Windows directory: Z:\Windows
19:53:59.0708 4556 System windows directory: Z:\Windows
19:53:59.0708 4556 Running under WOW64
19:53:59.0709 4556 Processor architecture: Intel x64
19:53:59.0709 4556 Number of processors: 2
19:53:59.0709 4556 Page size: 0x1000
19:53:59.0709 4556 Boot type: Normal boot
19:53:59.0709 4556 ============================================================
19:54:00.0613 4556 Drive \Device\Harddisk2\DR2 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:54:00.0625 4556 Drive \Device\Harddisk0\DR0 - Size: 0x132C467E00 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:54:00.0636 4556 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:54:00.0791 4556 Initialize success
19:54:06.0842 3336 ============================================================
19:54:06.0842 3336 Scan started
19:54:06.0842 3336 Mode: Manual; SigCheck; TDLFS;
19:54:06.0842 3336 ============================================================
19:54:08.0320 3336 1394ohci (a87d604aea360176311474c87a63bb88) Z:\Windows\system32\drivers\1394ohci.sys
19:54:08.0412 3336 1394ohci - ok
19:54:08.0439 3336 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) Z:\Windows\system32\drivers\ACPI.sys
19:54:08.0455 3336 ACPI - ok
19:54:08.0488 3336 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) Z:\Windows\system32\drivers\acpipmi.sys
19:54:08.0536 3336 AcpiPmi - ok
19:54:08.0593 3336 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) Z:\Windows\system32\DRIVERS\adp94xx.sys
19:54:08.0640 3336 adp94xx - ok
19:54:08.0656 3336 adpahci (597f78224ee9224ea1a13d6350ced962) Z:\Windows\system32\DRIVERS\adpahci.sys
19:54:08.0700 3336 adpahci - ok
19:54:08.0716 3336 adpu320 (e109549c90f62fb570b9540c4b148e54) Z:\Windows\system32\DRIVERS\adpu320.sys
19:54:08.0731 3336 adpu320 - ok
19:54:08.0782 3336 AFD (d5b031c308a409a0a576bff4cf083d30) Z:\Windows\system32\drivers\afd.sys
19:54:08.0829 3336 AFD - ok
19:54:08.0850 3336 agp440 (608c14dba7299d8cb6ed035a68a15799) Z:\Windows\system32\drivers\agp440.sys
19:54:08.0879 3336 agp440 - ok
19:54:08.0913 3336 aliide (5812713a477a3ad7363c7438ca2ee038) Z:\Windows\system32\drivers\aliide.sys
19:54:08.0938 3336 aliide - ok
19:54:08.0948 3336 amdide (1ff8b4431c353ce385c875f194924c0c) Z:\Windows\system32\drivers\amdide.sys
19:54:08.0973 3336 amdide - ok
19:54:08.0996 3336 AmdK8 (7024f087cff1833a806193ef9d22cda9) Z:\Windows\system32\DRIVERS\amdk8.sys
19:54:09.0026 3336 AmdK8 - ok
19:54:09.0041 3336 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) Z:\Windows\system32\DRIVERS\amdppm.sys
19:54:09.0072 3336 AmdPPM - ok
19:54:09.0103 3336 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) Z:\Windows\system32\drivers\amdsata.sys
19:54:09.0116 3336 amdsata - ok
19:54:09.0131 3336 amdsbs (f67f933e79241ed32ff46a4f29b5120b) Z:\Windows\system32\DRIVERS\amdsbs.sys
19:54:09.0145 3336 amdsbs - ok
19:54:09.0173 3336 amdxata (540daf1cea6094886d72126fd7c33048) Z:\Windows\system32\drivers\amdxata.sys
19:54:09.0184 3336 amdxata - ok
19:54:09.0220 3336 AppID (89a69c3f2f319b43379399547526d952) Z:\Windows\system32\drivers\appid.sys
19:54:09.0276 3336 AppID - ok
19:54:09.0319 3336 arc (c484f8ceb1717c540242531db7845c4e) Z:\Windows\system32\DRIVERS\arc.sys
19:54:09.0345 3336 arc - ok
19:54:09.0365 3336 arcsas (019af6924aefe7839f61c830227fe79c) Z:\Windows\system32\DRIVERS\arcsas.sys
19:54:09.0377 3336 arcsas - ok
19:54:09.0409 3336 AsyncMac (769765ce2cc62867468cea93969b2242) Z:\Windows\system32\DRIVERS\asyncmac.sys
19:54:09.0472 3336 AsyncMac - ok
19:54:09.0488 3336 atapi (02062c0b390b7729edc9e69c680a6f3c) Z:\Windows\system32\drivers\atapi.sys
19:54:09.0499 3336 atapi - ok
19:54:09.0529 3336 b06bdrv (3e5b191307609f7514148c6832bb0842) Z:\Windows\system32\DRIVERS\bxvbda.sys
19:54:09.0559 3336 b06bdrv - ok
19:54:09.0580 3336 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) Z:\Windows\system32\DRIVERS\b57nd60a.sys
19:54:09.0616 3336 b57nd60a - ok
19:54:09.0649 3336 Beep (16a47ce2decc9b099349a5f840654746) Z:\Windows\system32\drivers\Beep.sys
19:54:09.0688 3336 Beep - ok
19:54:09.0718 3336 blbdrive (61583ee3c3a17003c4acd0475646b4d3) Z:\Windows\system32\DRIVERS\blbdrive.sys
19:54:09.0760 3336 blbdrive - ok
19:54:09.0832 3336 bowser (6c02a83164f5cc0a262f4199f0871cf5) Z:\Windows\system32\DRIVERS\bowser.sys
19:54:09.0890 3336 bowser - ok
19:54:09.0904 3336 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) Z:\Windows\system32\DRIVERS\BrFiltLo.sys
19:54:09.0930 3336 BrFiltLo - ok
19:54:09.0942 3336 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) Z:\Windows\system32\DRIVERS\BrFiltUp.sys
19:54:09.0958 3336 BrFiltUp - ok
19:54:09.0998 3336 BridgeMP (5c2f352a4e961d72518261257aae204b) Z:\Windows\system32\DRIVERS\bridge.sys
19:54:10.0056 3336 BridgeMP - ok
19:54:10.0079 3336 Brserid (43bea8d483bf1870f018e2d02e06a5bd) Z:\Windows\System32\Drivers\Brserid.sys
19:54:10.0124 3336 Brserid - ok
19:54:10.0140 3336 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) Z:\Windows\System32\Drivers\BrSerWdm.sys
19:54:10.0177 3336 BrSerWdm - ok
19:54:10.0196 3336 BrUsbMdm (b79968002c277e869cf38bd22cd61524) Z:\Windows\System32\Drivers\BrUsbMdm.sys
19:54:10.0233 3336 BrUsbMdm - ok
19:54:10.0250 3336 BrUsbSer (a87528880231c54e75ea7a44943b38bf) Z:\Windows\System32\Drivers\BrUsbSer.sys
19:54:10.0274 3336 BrUsbSer - ok
19:54:10.0301 3336 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) Z:\Windows\system32\DRIVERS\bthmodem.sys
19:54:10.0331 3336 BTHMODEM - ok
19:54:10.0341 3336 catchme - ok
19:54:10.0357 3336 cdfs (b8bd2bb284668c84865658c77574381a) Z:\Windows\system32\DRIVERS\cdfs.sys
19:54:10.0395 3336 cdfs - ok
19:54:10.0433 3336 cdrom (f036ce71586e93d94dab220d7bdf4416) Z:\Windows\system32\DRIVERS\cdrom.sys
19:54:10.0479 3336 cdrom - ok
19:54:10.0496 3336 circlass (d7cd5c4e1b71fa62050515314cfb52cf) Z:\Windows\system32\DRIVERS\circlass.sys
19:54:10.0525 3336 circlass - ok
19:54:10.0559 3336 CLFS (fe1ec06f2253f691fe36217c592a0206) Z:\Windows\system32\CLFS.sys
19:54:10.0605 3336 CLFS - ok
19:54:10.0642 3336 CmBatt (0840155d0bddf1190f84a663c284bd33) Z:\Windows\system32\DRIVERS\CmBatt.sys
19:54:10.0666 3336 CmBatt - ok
19:54:10.0684 3336 cmdide (e19d3f095812725d88f9001985b94edd) Z:\Windows\system32\drivers\cmdide.sys
19:54:10.0709 3336 cmdide - ok
19:54:10.0732 3336 CNG (c4943b6c962e4b82197542447ad599f4) Z:\Windows\system32\Drivers\cng.sys
19:54:10.0756 3336 CNG - ok
19:54:10.0769 3336 Compbatt (102de219c3f61415f964c88e9085ad14) Z:\Windows\system32\DRIVERS\compbatt.sys
19:54:10.0793 3336 Compbatt - ok
19:54:10.0810 3336 CompositeBus (03edb043586cceba243d689bdda370a8) Z:\Windows\system32\drivers\CompositeBus.sys
19:54:10.0844 3336 CompositeBus - ok
19:54:10.0904 3336 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) Z:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
19:54:10.0945 3336 cpudrv64 - ok
19:54:10.0979 3336 cpuz134 - ok
19:54:11.0019 3336 cpuz135 - ok
19:54:11.0033 3336 crcdisk (1c827878a998c18847245fe1f34ee597) Z:\Windows\system32\DRIVERS\crcdisk.sys
19:54:11.0044 3336 crcdisk - ok
19:54:11.0084 3336 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) Z:\Windows\system32\drivers\csc.sys
19:54:11.0145 3336 CSC - ok
19:54:11.0179 3336 DAdderFltr (fbcb29a76e8105d682b02c69ba9b5c22) Z:\Windows\system32\drivers\dadder.sys
19:54:11.0214 3336 DAdderFltr - ok
19:54:11.0255 3336 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) Z:\Windows\system32\Drivers\dfsc.sys
19:54:11.0297 3336 DfsC - ok
19:54:11.0327 3336 discache (13096b05847ec78f0977f2c0f79e9ab3) Z:\Windows\system32\drivers\discache.sys
19:54:11.0390 3336 discache - ok
19:54:11.0411 3336 Disk (9819eee8b5ea3784ec4af3b137a5244c) Z:\Windows\system32\DRIVERS\disk.sys
19:54:11.0438 3336 Disk - ok
19:54:11.0473 3336 drmkaud (9b19f34400d24df84c858a421c205754) Z:\Windows\system32\drivers\drmkaud.sys
19:54:11.0492 3336 drmkaud - ok
19:54:11.0544 3336 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) Z:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
19:54:11.0555 3336 DrvAgent64 - ok
19:54:11.0587 3336 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) Z:\Windows\System32\drivers\dxgkrnl.sys
19:54:11.0616 3336 DXGKrnl - ok
19:54:11.0640 3336 EagleX64 - ok
19:54:11.0666 3336 eamon (082dab566f704d258d35ba89f21239ca) Z:\Windows\system32\DRIVERS\eamon.sys
19:54:11.0695 3336 eamon - ok
19:54:11.0756 3336 ebdrv (dc5d737f51be844d8c82c695eb17372f) Z:\Windows\system32\DRIVERS\evbda.sys
19:54:11.0829 3336 ebdrv - ok
19:54:11.0858 3336 ehdrv (4ff6f92f170550e226b4595766c4d6a6) Z:\Windows\system32\DRIVERS\ehdrv.sys
19:54:11.0891 3336 ehdrv - ok
19:54:11.0936 3336 elxstor (0e5da5369a0fcaea12456dd852545184) Z:\Windows\system32\DRIVERS\elxstor.sys
19:54:11.0957 3336 elxstor - ok
19:54:11.0976 3336 epfwwfpr (71c8cbde6b18f90f19e9c7cb884f87c8) Z:\Windows\system32\DRIVERS\epfwwfpr.sys
19:54:12.0001 3336 epfwwfpr - ok
19:54:12.0028 3336 ErrDev (34a3c54752046e79a126e15c51db409b) Z:\Windows\system32\drivers\errdev.sys
19:54:12.0052 3336 ErrDev - ok
19:54:12.0087 3336 etdrv (84486624268e078255bc7aa47f0960bc) Z:\Windows\etdrv.sys
19:54:12.0111 3336 etdrv - ok
19:54:12.0184 3336 EverestDriver (13a2b915f6d93e52505656773d53096f) Z:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64
19:54:12.0194 3336 EverestDriver - ok
19:54:12.0213 3336 exfat (a510c654ec00c1e9bdd91eeb3a59823b) Z:\Windows\system32\drivers\exfat.sys
19:54:12.0259 3336 exfat - ok
19:54:12.0278 3336 fastfat (0adc83218b66a6db380c330836f3e36d) Z:\Windows\system32\drivers\fastfat.sys
19:54:12.0323 3336 fastfat - ok
19:54:12.0348 3336 fdc (d765d19cd8ef61f650c384f62fac00ab) Z:\Windows\system32\DRIVERS\fdc.sys
19:54:12.0411 3336 fdc - ok
19:54:12.0439 3336 FileInfo (655661be46b5f5f3fd454e2c3095b930) Z:\Windows\system32\drivers\fileinfo.sys
19:54:12.0465 3336 FileInfo - ok
19:54:12.0479 3336 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) Z:\Windows\system32\drivers\filetrace.sys
19:54:12.0536 3336 Filetrace - ok
19:54:12.0544 3336 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) Z:\Windows\system32\DRIVERS\flpydisk.sys
19:54:12.0561 3336 flpydisk - ok
19:54:12.0590 3336 FltMgr (da6b67270fd9db3697b20fce94950741) Z:\Windows\system32\drivers\fltmgr.sys
19:54:12.0639 3336 FltMgr - ok
19:54:12.0680 3336 FsDepends (d43703496149971890703b4b1b723eac) Z:\Windows\system32\drivers\FsDepends.sys
19:54:12.0708 3336 FsDepends - ok
19:54:12.0726 3336 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) Z:\Windows\system32\drivers\Fs_Rec.sys
19:54:12.0753 3336 Fs_Rec - ok
19:54:12.0796 3336 fvevol (1f7b25b858fa27015169fe95e54108ed) Z:\Windows\system32\DRIVERS\fvevol.sys
19:54:12.0842 3336 fvevol - ok
19:54:12.0866 3336 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) Z:\Windows\system32\DRIVERS\gagp30kx.sys
19:54:12.0923 3336 gagp30kx - ok
19:54:12.0939 3336 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) Z:\Windows\gdrv.sys
19:54:12.0962 3336 gdrv - ok
19:54:12.0987 3336 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) Z:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:54:12.0996 3336 GEARAspiWDM - ok
19:54:13.0049 3336 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) Z:\Windows\GVTDrv64.sys
19:54:13.0073 3336 GVTDrv64 - ok
19:54:13.0091 3336 hcw85cir (f2523ef6460fc42405b12248338ab2f0) Z:\Windows\system32\drivers\hcw85cir.sys
19:54:13.0123 3336 hcw85cir - ok
19:54:13.0162 3336 HdAudAddService (975761c778e33cd22498059b91e7373a) Z:\Windows\system32\drivers\HdAudio.sys
19:54:13.0183 3336 HdAudAddService - ok
19:54:13.0199 3336 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) Z:\Windows\system32\drivers\HDAudBus.sys
19:54:13.0227 3336 HDAudBus - ok
19:54:13.0234 3336 HidBatt (78e86380454a7b10a5eb255dc44a355f) Z:\Windows\system32\DRIVERS\HidBatt.sys
19:54:13.0250 3336 HidBatt - ok
19:54:13.0264 3336 HidBth (7fd2a313f7afe5c4dab14798c48dd104) Z:\Windows\system32\DRIVERS\hidbth.sys
19:54:13.0301 3336 HidBth - ok
19:54:13.0321 3336 HidIr (0a77d29f311b88cfae3b13f9c1a73825) Z:\Windows\system32\DRIVERS\hidir.sys
19:54:13.0374 3336 HidIr - ok
19:54:13.0429 3336 HidUsb (9592090a7e2b61cd582b612b6df70536) Z:\Windows\system32\DRIVERS\hidusb.sys
19:54:13.0469 3336 HidUsb - ok
19:54:13.0499 3336 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) Z:\Windows\system32\drivers\HpSAMD.sys
19:54:13.0512 3336 HpSAMD - ok
19:54:13.0563 3336 HTTP (0ea7de1acb728dd5a369fd742d6eee28) Z:\Windows\system32\drivers\HTTP.sys
19:54:13.0633 3336 HTTP - ok
19:54:13.0666 3336 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) Z:\Windows\system32\drivers\hwpolicy.sys
19:54:13.0691 3336 hwpolicy - ok
19:54:13.0707 3336 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) Z:\Windows\system32\drivers\i8042prt.sys
19:54:13.0738 3336 i8042prt - ok
19:54:13.0770 3336 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) Z:\Windows\system32\drivers\iaStorV.sys
19:54:13.0804 3336 iaStorV - ok
19:54:13.0829 3336 iirsp (5c18831c61933628f5bb0ea2675b9d21) Z:\Windows\system32\DRIVERS\iirsp.sys
19:54:13.0846 3336 iirsp - ok
19:54:13.0929 3336 IntcAzAudAddService (491dadcc74327fabc85e0ab80af8f204) Z:\Windows\system32\drivers\RTKVHD64.sys
19:54:14.0011 3336 IntcAzAudAddService - ok
19:54:14.0030 3336 intelide (f00f20e70c6ec3aa366910083a0518aa) Z:\Windows\system32\drivers\intelide.sys
19:54:14.0044 3336 intelide - ok
19:54:14.0069 3336 intelppm (ada036632c664caa754079041cf1f8c1) Z:\Windows\system32\DRIVERS\intelppm.sys
19:54:14.0114 3336 intelppm - ok
19:54:14.0166 3336 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) Z:\Windows\system32\DRIVERS\ipfltdrv.sys
19:54:14.0216 3336 IpFilterDriver - ok
19:54:14.0240 3336 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) Z:\Windows\system32\drivers\IPMIDrv.sys
19:54:14.0257 3336 IPMIDRV - ok
19:54:14.0273 3336 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) Z:\Windows\system32\drivers\ipnat.sys
19:54:14.0333 3336 IPNAT - ok
19:54:14.0365 3336 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) Z:\Windows\system32\drivers\irenum.sys
19:54:14.0414 3336 IRENUM - ok
19:54:14.0441 3336 isapnp (2f7b28dc3e1183e5eb418df55c204f38) Z:\Windows\system32\drivers\isapnp.sys
19:54:14.0470 3336 isapnp - ok
19:54:14.0505 3336 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) Z:\Windows\system32\drivers\msiscsi.sys
19:54:14.0535 3336 iScsiPrt - ok
19:54:14.0566 3336 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) Z:\Windows\system32\DRIVERS\kbdclass.sys
19:54:14.0579 3336 kbdclass - ok
19:54:14.0616 3336 kbdhid (0705eff5b42a9db58548eec3b26bb484) Z:\Windows\system32\DRIVERS\kbdhid.sys
19:54:14.0641 3336 kbdhid - ok
19:54:14.0672 3336 KSecDD (da1e991a61cfdd755a589e206b97644b) Z:\Windows\system32\Drivers\ksecdd.sys
19:54:14.0684 3336 KSecDD - ok
19:54:14.0711 3336 KSecPkg (7e33198d956943a4f11a5474c1e9106f) Z:\Windows\system32\Drivers\ksecpkg.sys
19:54:14.0724 3336 KSecPkg - ok
19:54:14.0744 3336 ksthunk (6869281e78cb31a43e969f06b57347c4) Z:\Windows\system32\drivers\ksthunk.sys
19:54:14.0800 3336 ksthunk - ok
19:54:14.0854 3336 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) Z:\Windows\system32\drivers\LGBusEnum.sys
19:54:14.0865 3336 LGBusEnum - ok
19:54:14.0882 3336 LGVirHid (94b29ce153765e768f004fb3440be2b0) Z:\Windows\system32\drivers\LGVirHid.sys
19:54:14.0892 3336 LGVirHid - ok
19:54:14.0936 3336 lltdio (1538831cf8ad2979a04c423779465827) Z:\Windows\system32\DRIVERS\lltdio.sys
19:54:15.0017 3336 lltdio - ok
19:54:15.0061 3336 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) Z:\Windows\system32\DRIVERS\lsi_fc.sys
19:54:15.0092 3336 LSI_FC - ok
19:54:15.0122 3336 LSI_SAS (1047184a9fdc8bdbff857175875ee810) Z:\Windows\system32\DRIVERS\lsi_sas.sys
19:54:15.0135 3336 LSI_SAS - ok
19:54:15.0158 3336 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) Z:\Windows\system32\DRIVERS\lsi_sas2.sys
19:54:15.0171 3336 LSI_SAS2 - ok
19:54:15.0191 3336 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) Z:\Windows\system32\DRIVERS\lsi_scsi.sys
19:54:15.0220 3336 LSI_SCSI - ok
19:54:15.0249 3336 luafv (43d0f98e1d56ccddb0d5254cff7b356e) Z:\Windows\system32\drivers\luafv.sys
19:54:15.0293 3336 luafv - ok
19:54:15.0314 3336 megasas (a55805f747c6edb6a9080d7c633bd0f4) Z:\Windows\system32\DRIVERS\megasas.sys
19:54:15.0326 3336 megasas - ok
19:54:15.0345 3336 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) Z:\Windows\system32\DRIVERS\MegaSR.sys
19:54:15.0379 3336 MegaSR - ok
19:54:15.0413 3336 Modem (800ba92f7010378b09f9ed9270f07137) Z:\Windows\system32\drivers\modem.sys
19:54:15.0458 3336 Modem - ok
19:54:15.0478 3336 monitor (b03d591dc7da45ece20b3b467e6aadaa) Z:\Windows\system32\DRIVERS\monitor.sys
19:54:15.0517 3336 monitor - ok
19:54:15.0536 3336 mouclass (7d27ea49f3c1f687d357e77a470aea99) Z:\Windows\system32\DRIVERS\mouclass.sys
19:54:15.0549 3336 mouclass - ok
19:54:15.0570 3336 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) Z:\Windows\system32\DRIVERS\mouhid.sys
19:54:15.0598 3336 mouhid - ok
19:54:15.0637 3336 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) Z:\Windows\system32\drivers\mountmgr.sys
19:54:15.0649 3336 mountmgr - ok
19:54:15.0665 3336 mpio (a44b420d30bd56e145d6a2bc8768ec58) Z:\Windows\system32\drivers\mpio.sys
19:54:15.0682 3336 mpio - ok
19:54:15.0698 3336 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) Z:\Windows\system32\drivers\mpsdrv.sys
19:54:15.0747 3336 mpsdrv - ok
19:54:15.0774 3336 MRxDAV (dc722758b8261e1abafd31a3c0a66380) Z:\Windows\system32\drivers\mrxdav.sys
19:54:15.0820 3336 MRxDAV - ok
19:54:15.0849 3336 mrxsmb (a5d9106a73dc88564c825d317cac68ac) Z:\Windows\system32\DRIVERS\mrxsmb.sys
19:54:15.0873 3336 mrxsmb - ok
19:54:15.0905 3336 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) Z:\Windows\system32\DRIVERS\mrxsmb10.sys
19:54:15.0951 3336 mrxsmb10 - ok
19:54:15.0964 3336 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) Z:\Windows\system32\DRIVERS\mrxsmb20.sys
19:54:15.0994 3336 mrxsmb20 - ok
19:54:16.0028 3336 msahci (c25f0bafa182cbca2dd3c851c2e75796) Z:\Windows\system32\drivers\msahci.sys
19:54:16.0053 3336 msahci - ok
19:54:16.0070 3336 msdsm (db801a638d011b9633829eb6f663c900) Z:\Windows\system32\drivers\msdsm.sys
19:54:16.0098 3336 msdsm - ok
19:54:16.0126 3336 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) Z:\Windows\system32\drivers\Msfs.sys
19:54:16.0160 3336 Msfs - ok
19:54:16.0181 3336 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) Z:\Windows\System32\drivers\mshidkmdf.sys
19:54:16.0215 3336 mshidkmdf - ok
19:54:16.0233 3336 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) Z:\Windows\system32\drivers\msisadrv.sys
19:54:16.0244 3336 msisadrv - ok
19:54:16.0276 3336 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) Z:\Windows\system32\drivers\MSKSSRV.sys
19:54:16.0314 3336 MSKSSRV - ok
19:54:16.0332 3336 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) Z:\Windows\system32\drivers\MSPCLOCK.sys
19:54:16.0382 3336 MSPCLOCK - ok
19:54:16.0391 3336 MSPQM (4ed981241db27c3383d72092b618a1d0) Z:\Windows\system32\drivers\MSPQM.sys
19:54:16.0451 3336 MSPQM - ok
19:54:16.0483 3336 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) Z:\Windows\system32\drivers\MsRPC.sys
19:54:16.0500 3336 MsRPC - ok
19:54:16.0525 3336 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) Z:\Windows\system32\drivers\mssmbios.sys
19:54:16.0537 3336 mssmbios - ok
19:54:16.0560 3336 MSTEE (2e66f9ecb30b4221a318c92ac2250779) Z:\Windows\system32\drivers\MSTEE.sys
19:54:16.0607 3336 MSTEE - ok
19:54:16.0629 3336 MTConfig (7ea404308934e675bffde8edf0757bcd) Z:\Windows\system32\DRIVERS\MTConfig.sys
19:54:16.0654 3336 MTConfig - ok
19:54:16.0676 3336 Mup (f9a18612fd3526fe473c1bda678d61c8) Z:\Windows\system32\Drivers\mup.sys
19:54:16.0703 3336 Mup - ok
19:54:16.0735 3336 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) Z:\Windows\system32\DRIVERS\nwifi.sys
19:54:16.0797 3336 NativeWifiP - ok
19:54:16.0846 3336 NDIS (79b47fd40d9a817e932f9d26fac0a81c) Z:\Windows\system32\drivers\ndis.sys
19:54:16.0891 3336 NDIS - ok
19:54:16.0908 3336 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) Z:\Windows\system32\DRIVERS\ndiscap.sys
19:54:16.0945 3336 NdisCap - ok
19:54:16.0974 3336 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) Z:\Windows\system32\DRIVERS\ndistapi.sys
19:54:17.0018 3336 NdisTapi - ok
19:54:17.0050 3336 Ndisuio (136185f9fb2cc61e573e676aa5402356) Z:\Windows\system32\DRIVERS\ndisuio.sys
19:54:17.0086 3336 Ndisuio - ok
19:54:17.0113 3336 NdisWan (53f7305169863f0a2bddc49e116c2e11) Z:\Windows\system32\DRIVERS\ndiswan.sys
19:54:17.0170 3336 NdisWan - ok
19:54:17.0202 3336 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) Z:\Windows\system32\drivers\NDProxy.sys
19:54:17.0269 3336 NDProxy - ok
19:54:17.0288 3336 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) Z:\Windows\system32\DRIVERS\netbios.sys
19:54:17.0339 3336 NetBIOS - ok
19:54:17.0364 3336 NetBT (09594d1089c523423b32a4229263f068) Z:\Windows\system32\DRIVERS\netbt.sys
19:54:17.0438 3336 NetBT - ok
19:54:17.0494 3336 nfrd960 (77889813be4d166cdab78ddba990da92) Z:\Windows\system32\DRIVERS\nfrd960.sys
19:54:17.0533 3336 nfrd960 - ok
19:54:17.0565 3336 NLNdisMP (ad42fb061166af0643806800304bd76f) Z:\Windows\system32\DRIVERS\nlndis.sys
19:54:17.0650 3336 NLNdisMP - ok
19:54:17.0671 3336 NLNdisPT (ad42fb061166af0643806800304bd76f) Z:\Windows\system32\DRIVERS\nlndis.sys
19:54:17.0683 3336 NLNdisPT - ok
19:54:17.0747 3336 nltdi (75e6581de9a0b155edab6807e668be06) Z:\Program Files\NetLimiter 3\nltdi.sys
19:54:17.0775 3336 nltdi - ok
19:54:17.0793 3336 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) Z:\Windows\system32\drivers\Npfs.sys
19:54:17.0857 3336 Npfs - ok
19:54:17.0884 3336 nsiproxy (e7f5ae18af4168178a642a9247c63001) Z:\Windows\system32\drivers\nsiproxy.sys
19:54:17.0953 3336 nsiproxy - ok
19:54:17.0996 3336 Ntfs (a2f74975097f52a00745f9637451fdd8) Z:\Windows\system32\drivers\Ntfs.sys
19:54:18.0055 3336 Ntfs - ok
19:54:18.0072 3336 Null (9899284589f75fa8724ff3d16aed75c1) Z:\Windows\system32\drivers\Null.sys
19:54:18.0130 3336 Null - ok
19:54:18.0340 3336 nvlddmkm (fd7ea1dcfbe760f04146024697329843) Z:\Windows\system32\DRIVERS\nvlddmkm.sys
19:54:18.0633 3336 nvlddmkm - ok
19:54:18.0674 3336 nvraid (0a92cb65770442ed0dc44834632f66ad) Z:\Windows\system32\drivers\nvraid.sys
19:54:18.0707 3336 nvraid - ok
19:54:18.0740 3336 nvstor (dab0e87525c10052bf65f06152f37e4a) Z:\Windows\system32\drivers\nvstor.sys
19:54:18.0785 3336 nvstor - ok
19:54:18.0837 3336 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) Z:\Windows\system32\drivers\nv_agp.sys
19:54:18.0867 3336 nv_agp - ok
19:54:18.0900 3336 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) Z:\Windows\system32\drivers\ohci1394.sys
19:54:18.0942 3336 ohci1394 - ok
19:54:19.0008 3336 Parport (0086431c29c35be1dbc43f52cc273887) Z:\Windows\system32\DRIVERS\parport.sys
19:54:19.0054 3336 Parport - ok
19:54:19.0140 3336 partmgr (871eadac56b0a4c6512bbe32753ccf79) Z:\Windows\system32\drivers\partmgr.sys
19:54:19.0156 3336 partmgr - ok
19:54:19.0241 3336 pbfilter (7c0582921913d00180ec2b8518ba135c) Z:\Program Files\PeerBlock\pbfilter.sys
19:54:19.0270 3336 pbfilter - ok
19:54:19.0290 3336 pci (94575c0571d1462a0f70bde6bd6ee6b3) Z:\Windows\system32\drivers\pci.sys
19:54:19.0337 3336 pci - ok
19:54:19.0350 3336 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) Z:\Windows\system32\drivers\pciide.sys
19:54:19.0362 3336 pciide - ok
19:54:19.0425 3336 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) Z:\Windows\system32\DRIVERS\pcmcia.sys
19:54:19.0473 3336 pcmcia - ok
19:54:19.0562 3336 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) Z:\Windows\system32\drivers\pcw.sys
19:54:19.0588 3336 pcw - ok
19:54:19.0620 3336 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) Z:\Windows\system32\drivers\peauth.sys
19:54:19.0685 3336 PEAUTH - ok
19:54:19.0772 3336 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) Z:\Windows\system32\DRIVERS\raspptp.sys
19:54:19.0861 3336 PptpMiniport - ok
19:54:19.0879 3336 Processor (0d922e23c041efb1c3fac2a6f943c9bf) Z:\Windows\system32\DRIVERS\processr.sys
19:54:19.0900 3336 Processor - ok
19:54:19.0964 3336 Psched (0557cf5a2556bd58e26384169d72438d) Z:\Windows\system32\DRIVERS\pacer.sys
19:54:20.0010 3336 Psched - ok
19:54:20.0041 3336 pwdrvio (68e7b14747e949374b1baa125bd671d2) Z:\Windows\system32\pwdrvio.sys
19:54:20.0067 3336 pwdrvio - ok
19:54:20.0092 3336 pwdspio (1ca0cf3aa069bd02af7b1406a2ed12a0) Z:\Windows\system32\pwdspio.sys
19:54:20.0104 3336 pwdspio - ok
19:54:20.0141 3336 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) Z:\Windows\system32\DRIVERS\ql2300.sys
19:54:20.0182 3336 ql2300 - ok
19:54:20.0199 3336 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) Z:\Windows\system32\DRIVERS\ql40xx.sys
19:54:20.0214 3336 ql40xx - ok
19:54:20.0231 3336 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) Z:\Windows\system32\drivers\qwavedrv.sys
19:54:20.0281 3336 QWAVEdrv - ok
19:54:20.0294 3336 RasAcd (5a0da8ad5762fa2d91678a8a01311704) Z:\Windows\system32\DRIVERS\rasacd.sys
19:54:20.0342 3336 RasAcd - ok
19:54:20.0370 3336 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) Z:\Windows\system32\DRIVERS\AgileVpn.sys
19:54:20.0405 3336 RasAgileVpn - ok
19:54:20.0439 3336 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) Z:\Windows\system32\DRIVERS\rasl2tp.sys
19:54:20.0516 3336 Rasl2tp - ok
19:54:20.0536 3336 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) Z:\Windows\system32\DRIVERS\raspppoe.sys
19:54:20.0581 3336 RasPppoe - ok
19:54:20.0603 3336 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) Z:\Windows\system32\DRIVERS\rassstp.sys
19:54:20.0652 3336 RasSstp - ok
19:54:20.0680 3336 rdbss (77f665941019a1594d887a74f301fa2f) Z:\Windows\system32\DRIVERS\rdbss.sys
19:54:20.0719 3336 rdbss - ok
19:54:20.0737 3336 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) Z:\Windows\system32\DRIVERS\rdpbus.sys
19:54:20.0811 3336 rdpbus - ok
19:54:20.0830 3336 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) Z:\Windows\system32\DRIVERS\RDPCDD.sys
19:54:20.0869 3336 RDPCDD - ok
19:54:20.0902 3336 RDPDR (1b6163c503398b23ff8b939c67747683) Z:\Windows\system32\drivers\rdpdr.sys
19:54:20.0924 3336 RDPDR - ok
19:54:20.0946 3336 RDPENCDD (bb5971a4f00659529a5c44831af22365) Z:\Windows\system32\drivers\rdpencdd.sys
19:54:20.0994 3336 RDPENCDD - ok
19:54:21.0020 3336 RDPREFMP (216f3fa57533d98e1f74ded70113177a) Z:\Windows\system32\drivers\rdprefmp.sys
19:54:21.0067 3336 RDPREFMP - ok
19:54:21.0109 3336 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) Z:\Windows\system32\drivers\rdpvideominiport.sys
19:54:21.0154 3336 RdpVideoMiniport - ok
19:54:21.0184 3336 RDPWD (15b66c206b5cb095bab980553f38ed23) Z:\Windows\system32\drivers\RDPWD.sys
19:54:21.0248 3336 RDPWD - ok
19:54:21.0277 3336 rdyboost (34ed295fa0121c241bfef24764fc4520) Z:\Windows\system32\drivers\rdyboost.sys
19:54:21.0295 3336 rdyboost - ok
19:54:21.0366 3336 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) Z:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
19:54:21.0400 3336 RivaTuner64 - ok
19:54:21.0458 3336 rspndr (ddc86e4f8e7456261e637e3552e804ff) Z:\Windows\system32\DRIVERS\rspndr.sys
19:54:21.0530 3336 rspndr - ok
19:54:21.0582 3336 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) Z:\Windows\system32\DRIVERS\Rt64win7.sys
19:54:21.0666 3336 RTL8167 - ok
19:54:21.0691 3336 s3cap (e60c0a09f997826c7627b244195ab581) Z:\Windows\system32\drivers\vms3cap.sys
19:54:21.0724 3336 s3cap - ok
19:54:21.0809 3336 SASDIFSV (3289766038db2cb14d07dc84392138d5) Z:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:54:21.0864 3336 SASDIFSV - ok
19:54:21.0901 3336 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) Z:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:54:21.0935 3336 SASKUTIL - ok
19:54:21.0969 3336 sbp2port (ac03af3329579fffb455aa2daabbe22b) Z:\Windows\system32\drivers\sbp2port.sys
19:54:22.0016 3336 sbp2port - ok
19:54:22.0050 3336 scfilter (253f38d0d7074c02ff8deb9836c97d2b) Z:\Windows\system32\DRIVERS\scfilter.sys
19:54:22.0159 3336 scfilter - ok
19:54:22.0207 3336 secdrv (3ea8a16169c26afbeb544e0e48421186) Z:\Windows\system32\drivers\secdrv.sys
19:54:22.0292 3336 secdrv - ok
19:54:22.0321 3336 Serenum (cb624c0035412af0debec78c41f5ca1b) Z:\Windows\system32\DRIVERS\serenum.sys
19:54:22.0366 3336 Serenum - ok
19:54:22.0386 3336 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) Z:\Windows\system32\DRIVERS\serial.sys
19:54:22.0478 3336 Serial - ok
19:54:22.0498 3336 sermouse (1c545a7d0691cc4a027396535691c3e3) Z:\Windows\system32\DRIVERS\sermouse.sys
19:54:22.0542 3336 sermouse - ok
19:54:22.0679 3336 sffdisk (a554811bcd09279536440c964ae35bbf) Z:\Windows\system32\drivers\sffdisk.sys
19:54:22.0727 3336 sffdisk - ok
19:54:22.0749 3336 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) Z:\Windows\system32\drivers\sffp_mmc.sys
19:54:22.0781 3336 sffp_mmc - ok
19:54:22.0801 3336 sffp_sd (dd85b78243a19b59f0637dcf284da63c) Z:\Windows\system32\drivers\sffp_sd.sys
19:54:22.0839 3336 sffp_sd - ok
19:54:22.0879 3336 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) Z:\Windows\system32\DRIVERS\sfloppy.sys
19:54:22.0932 3336 sfloppy - ok
19:54:22.0981 3336 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) Z:\Windows\system32\DRIVERS\SiSRaid2.sys
19:54:23.0076 3336 SiSRaid2 - ok
19:54:23.0102 3336 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) Z:\Windows\system32\DRIVERS\sisraid4.sys
19:54:23.0144 3336 SiSRaid4 - ok
19:54:23.0171 3336 Smb (548260a7b8654e024dc30bf8a7c5baa4) Z:\Windows\system32\DRIVERS\smb.sys
19:54:23.0229 3336 Smb - ok
19:54:23.0294 3336 Soluto (f9369327409492097b0bb7ce86bd29de) Z:\Windows\system32\DRIVERS\Soluto.sys
19:54:23.0307 3336 Soluto - ok
19:54:23.0342 3336 spldr (b9e31e5cacdfe584f34f730a677803f9) Z:\Windows\system32\drivers\spldr.sys
19:54:23.0385 3336 spldr - ok
19:54:23.0432 3336 srv (441fba48bff01fdb9d5969ebc1838f0b) Z:\Windows\system32\DRIVERS\srv.sys
19:54:23.0503 3336 srv - ok
19:54:23.0541 3336 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) Z:\Windows\system32\DRIVERS\srv2.sys
19:54:23.0596 3336 srv2 - ok
19:54:23.0615 3336 srvnet (27e461f0be5bff5fc737328f749538c3) Z:\Windows\system32\DRIVERS\srvnet.sys
19:54:23.0635 3336 srvnet - ok
19:54:23.0683 3336 stexstor (f3817967ed533d08327dc73bc4d5542a) Z:\Windows\system32\DRIVERS\stexstor.sys
19:54:23.0698 3336 stexstor - ok
19:54:23.0730 3336 storflt (7785dc213270d2fc066538daf94087e7) Z:\Windows\system32\drivers\vmstorfl.sys
19:54:23.0746 3336 storflt - ok
19:54:23.0771 3336 storvsc (d34e4943d5ac096c8edeebfd80d76e23) Z:\Windows\system32\drivers\storvsc.sys
19:54:23.0806 3336 storvsc - ok
19:54:23.0823 3336 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) Z:\Windows\system32\drivers\swenum.sys
19:54:23.0858 3336 swenum - ok
19:54:23.0878 3336 Synth3dVsc - ok
19:54:23.0913 3336 tap0901t (b08740047145b9bce15bf75ca0f9718a) Z:\Windows\system32\DRIVERS\tap0901t.sys
19:54:23.0942 3336 tap0901t - ok
19:54:23.0999 3336 Tcpip (fc62769e7bff2896035aeed399108162) Z:\Windows\system32\drivers\tcpip.sys
19:54:24.0065 3336 Tcpip - ok
19:54:24.0126 3336 TCPIP6 (fc62769e7bff2896035aeed399108162) Z:\Windows\system32\DRIVERS\tcpip.sys
19:54:24.0193 3336 TCPIP6 - ok
19:54:24.0226 3336 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) Z:\Windows\system32\drivers\tcpipreg.sys
19:54:24.0302 3336 tcpipreg - ok
19:54:24.0340 3336 TDPIPE (3371d21011695b16333a3934340c4e7c) Z:\Windows\system32\drivers\tdpipe.sys
19:54:24.0563 3336 TDPIPE - ok
19:54:24.0618 3336 TDTCP (e4245bda3190a582d55ed09e137401a9) Z:\Windows\system32\drivers\tdtcp.sys
19:54:24.0707 3336 TDTCP - ok
19:54:24.0771 3336 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) Z:\Windows\system32\DRIVERS\tdx.sys
19:54:24.0835 3336 tdx - ok
19:54:24.0864 3336 teamviewervpn (f5520dbb47c60ee83024b38720abda24) Z:\Windows\system32\DRIVERS\teamviewervpn.sys
19:54:24.0876 3336 teamviewervpn - ok
19:54:24.0896 3336 TermDD (561e7e1f06895d78de991e01dd0fb6e5) Z:\Windows\system32\drivers\termdd.sys
19:54:24.0932 3336 TermDD - ok
19:54:24.0984 3336 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) Z:\Windows\system32\DRIVERS\tssecsrv.sys
19:54:25.0030 3336 tssecsrv - ok
19:54:25.0063 3336 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) Z:\Windows\system32\drivers\tsusbflt.sys
19:54:25.0128 3336 TsUsbFlt - ok
19:54:25.0139 3336 tsusbhub - ok
19:54:25.0179 3336 tunnel (3566a8daafa27af944f5d705eaa64894) Z:\Windows\system32\DRIVERS\tunnel.sys
19:54:25.0249 3336 tunnel - ok
19:54:25.0286 3336 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) Z:\Windows\system32\DRIVERS\uagp35.sys
19:54:25.0321 3336 uagp35 - ok
19:54:25.0358 3336 udfs (ff4232a1a64012baa1fd97c7b67df593) Z:\Windows\system32\DRIVERS\udfs.sys
19:54:25.0409 3336 udfs - ok
19:54:25.0456 3336 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) Z:\Windows\system32\drivers\uliagpkx.sys
19:54:25.0491 3336 uliagpkx - ok
19:54:25.0509 3336 umbus (dc54a574663a895c8763af0fa1ff7561) Z:\Windows\system32\drivers\umbus.sys
19:54:25.0558 3336 umbus - ok
19:54:25.0580 3336 UmPass (b2e8e8cb557b156da5493bbddcc1474d) Z:\Windows\system32\DRIVERS\umpass.sys
19:54:25.0617 3336 UmPass - ok
19:54:25.0667 3336 usbbus (5fcc71487888589a9244af54cfefab29) Z:\Windows\system32\DRIVERS\lgx64bus.sys
19:54:25.0682 3336 usbbus - ok
19:54:25.0705 3336 usbccgp (6f1a3157a1c89435352ceb543cdb359c) Z:\Windows\system32\DRIVERS\usbccgp.sys
19:54:25.0769 3336 usbccgp - ok
19:54:25.0807 3336 usbcir (af0892a803fdda7492f595368e3b68e7) Z:\Windows\system32\drivers\usbcir.sys
19:54:25.0830 3336 usbcir - ok
19:54:25.0866 3336 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) Z:\Windows\system32\DRIVERS\lgx64diag.sys
19:54:25.0885 3336 UsbDiag - ok
19:54:25.0934 3336 usbehci (c025055fe7b87701eb042095df1a2d7b) Z:\Windows\system32\DRIVERS\usbehci.sys
19:54:25.0975 3336 usbehci - ok
19:54:26.0013 3336 usbhub (287c6c9410b111b68b52ca298f7b8c24) Z:\Windows\system32\DRIVERS\usbhub.sys
19:54:26.0060 3336 usbhub - ok
19:54:26.0078 3336 USBModem (78d551f5b93488b4666f5fc8dd4815f3) Z:\Windows\system32\DRIVERS\lgx64modem.sys
19:54:26.0092 3336 USBModem - ok
19:54:26.0113 3336 usbohci (58e546bbaf87664fc57e0f6081e4f609) Z:\Windows\system32\DRIVERS\usbohci.sys
19:54:26.0151 3336 usbohci - ok
19:54:26.0184 3336 usbprint (73188f58fb384e75c4063d29413cee3d) Z:\Windows\system32\DRIVERS\usbprint.sys
19:54:26.0232 3336 usbprint - ok
19:54:26.0262 3336 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) Z:\Windows\system32\DRIVERS\USBSTOR.SYS
19:54:26.0285 3336 USBSTOR - ok
19:54:26.0298 3336 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) Z:\Windows\system32\DRIVERS\usbuhci.sys
19:54:26.0321 3336 usbuhci - ok
19:54:26.0355 3336 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) Z:\Windows\system32\drivers\vdrvroot.sys
19:54:26.0410 3336 vdrvroot - ok
19:54:26.0438 3336 vga (da4da3f5e02943c2dc8c6ed875de68dd) Z:\Windows\system32\DRIVERS\vgapnp.sys
19:54:26.0463 3336 vga - ok
19:54:26.0487 3336 VgaSave (53e92a310193cb3c03bea963de7d9cfc) Z:\Windows\System32\drivers\vga.sys
19:54:26.0552 3336 VgaSave - ok
19:54:26.0561 3336 VGPU - ok
19:54:26.0587 3336 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) Z:\Windows\system32\drivers\vhdmp.sys
19:54:26.0625 3336 vhdmp - ok
19:54:26.0650 3336 vhidmini (1161acff728d97f75d74d2f1465f8a46) Z:\Windows\system32\DRIVERS\vHidDev.sys
19:54:26.0671 3336 vhidmini - ok
19:54:26.0688 3336 viaide (e5689d93ffe4e5d66c0178761240dd54) Z:\Windows\system32\drivers\viaide.sys
19:54:26.0722 3336 viaide - ok
19:54:26.0740 3336 vmbus (86ea3e79ae350fea5331a1303054005f) Z:\Windows\system32\drivers\vmbus.sys
19:54:26.0828 3336 vmbus - ok
19:54:26.0849 3336 VMBusHID (7de90b48f210d29649380545db45a187) Z:\Windows\system32\drivers\VMBusHID.sys
19:54:26.0895 3336 VMBusHID - ok
19:54:26.0920 3336 volmgr (d2aafd421940f640b407aefaaebd91b0) Z:\Windows\system32\drivers\volmgr.sys
19:54:26.0973 3336 volmgr - ok
19:54:27.0007 3336 volmgrx (a255814907c89be58b79ef2f189b843b) Z:\Windows\system32\drivers\volmgrx.sys
19:54:27.0031 3336 volmgrx - ok
19:54:27.0047 3336 volsnap (0d08d2f3b3ff84e433346669b5e0f639) Z:\Windows\system32\drivers\volsnap.sys
19:54:27.0095 3336 volsnap - ok
19:54:27.0117 3336 vsmraid (5e2016ea6ebaca03c04feac5f330d997) Z:\Windows\system32\DRIVERS\vsmraid.sys
19:54:27.0155 3336 vsmraid - ok
19:54:27.0180 3336 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) Z:\Windows\System32\drivers\vwifibus.sys
19:54:27.0228 3336 vwifibus - ok
19:54:27.0254 3336 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) Z:\Windows\system32\DRIVERS\wacompen.sys
19:54:27.0276 3336 WacomPen - ok
19:54:27.0297 3336 WANARP (356afd78a6ed4457169241ac3965230c) Z:\Windows\system32\DRIVERS\wanarp.sys
19:54:27.0367 3336 WANARP - ok
19:54:27.0372 3336 Wanarpv6 (356afd78a6ed4457169241ac3965230c) Z:\Windows\system32\DRIVERS\wanarp.sys
19:54:27.0421 3336 Wanarpv6 - ok
19:54:27.0492 3336 Wd (72889e16ff12ba0f235467d6091b17dc) Z:\Windows\system32\DRIVERS\wd.sys
19:54:27.0518 3336 Wd - ok
19:54:27.0547 3336 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) Z:\Windows\system32\drivers\Wdf01000.sys
19:54:27.0583 3336 Wdf01000 - ok
19:54:27.0631 3336 WfpLwf (611b23304bf067451a9fdee01fbdd725) Z:\Windows\system32\DRIVERS\wfplwf.sys
19:54:27.0695 3336 WfpLwf - ok
19:54:27.0711 3336 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) Z:\Windows\system32\drivers\wimmount.sys
19:54:27.0746 3336 WIMMount - ok
19:54:27.0818 3336 WinUsb (fe88b288356e7b47b74b13372add906d) Z:\Windows\system32\DRIVERS\WinUsb.sys
19:54:27.0846 3336 WinUsb - ok
19:54:27.0882 3336 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) Z:\Windows\system32\drivers\wmiacpi.sys
19:54:27.0919 3336 WmiAcpi - ok
19:54:27.0959 3336 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) Z:\Windows\system32\drivers\ws2ifsl.sys
19:54:28.0037 3336 ws2ifsl - ok
19:54:28.0083 3336 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) Z:\Windows\system32\drivers\WudfPf.sys
19:54:28.0158 3336 WudfPf - ok
19:54:28.0173 3336 WUDFRd (cf8d590be3373029d57af80914190682) Z:\Windows\system32\DRIVERS\WUDFRd.sys
19:54:28.0320 3336 WUDFRd - ok
19:54:28.0524 3336 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) Z:\Windows\system32\DRIVERS\xusb21.sys
19:54:28.0583 3336 xusb21 - ok
19:54:28.0611 3336 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
19:54:28.0667 3336 \Device\Harddisk2\DR2 - ok
19:54:28.0691 3336 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:54:28.0738 3336 \Device\Harddisk0\DR0 - ok
19:54:28.0753 3336 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:54:28.0799 3336 \Device\Harddisk1\DR1 - ok
19:54:28.0804 3336 Boot (0x1200) (c2526875d66db35c281ca8c9a8469ea7) \Device\Harddisk2\DR2\Partition0
19:54:28.0805 3336 \Device\Harddisk2\DR2\Partition0 - ok
19:54:28.0813 3336 Boot (0x1200) (1be0dc9e9e77282464fb0d9799adad59) \Device\Harddisk0\DR0\Partition0
19:54:28.0814 3336 \Device\Harddisk0\DR0\Partition0 - ok
19:54:28.0822 3336 Boot (0x1200) (a2cf4763bbefc911140a1663595df2f9) \Device\Harddisk1\DR1\Partition0
19:54:28.0823 3336 \Device\Harddisk1\DR1\Partition0 - ok
19:54:28.0853 3336 Boot (0x1200) (25f2c0a29737a5770a9559cd5cf2ab8a) \Device\Harddisk1\DR1\Partition1
19:54:28.0854 3336 \Device\Harddisk1\DR1\Partition1 - ok
19:54:28.0865 3336 Boot (0x1200) (310df5fccc4f8d2a0e52ed9ceb0a5f28) \Device\Harddisk1\DR1\Partition2
19:54:28.0866 3336 \Device\Harddisk1\DR1\Partition2 - ok
19:54:28.0866 3336 ============================================================
19:54:28.0868 3336 Scan finished
19:54:28.0868 3336 ============================================================
19:54:28.0889 1524 Detected object count: 0
19:54:28.0890 1524 Actual detected object count: 0
  • 0

#6
RKinner
Posted 27 January 2012 - 07:30 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
That was probably all of it. There is probably some of it still hiding in the Java Cache so best to clear it:

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

We think the main way it spreads is via outdated Java and Adobe programs so it is critical to have the latest versions and not to have any older versions. You have:
Java™ 6 Update 24
Adobe Reader 9.4.6

Both should be removed.

Got to walk the dog now. More later.
  • 0

#7
RKinner
Posted 27 January 2012 - 08:22 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and then close Firefox. Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


Let's check for damages:


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#8
harshone
Posted 01 February 2012 - 05:33 PM

harshone

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Nothing from sfc. As for sigverif, a bunch of things appeared but all of them were in mid December - long before the
win32/olmarik infection.

Both in "Event Viewer Tool by Vino Rosso" end up empty so I am guessing it didn't impact any other files.



Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 01/02/2012 6:29:50 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~











Thanks!
  • 0

#9
RKinner
Posted 01 February 2012 - 05:46 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
We need to cleanup System Restore:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.


Unless you have other problems then it's time to cleanup:
You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP