Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

blue screen of death, google redirects, computer slowed dramatically [

Started by xarmorivsleepx , Mar 02 2012 11:49 AM

  • This topic is locked This topic is locked

#1
xarmorivsleepx
Posted 02 March 2012 - 11:49 AM

xarmorivsleepx

    New Member

  • Member
  • Pip
  • 8 posts
I don't even know where to start, I think downloading torrents and the occasional browsing of porn on my computer has infected it pretty badly. I'm not sure what to do, and I don't even know where to start. I get the blue screen of death 2 - 3 times a day, google search results redirects me to wierd advertising websites, and occasionally i can't even get windows to start, and to top it all off my computer has slowed down to a snails pace. I recently started using Panda Cloud antivirus, Malwarebytes anti malware and adaware. I also tried using Combo Fix to fix the google redirect, however I'm not sure if any of those things have helped a whole lot. I really, really don't want to wipe it and start over because of all the music and pictures I have on this laptop. How can i fix this? Any and all help would be greatly appreciated. HELP ME SAVE MY COMPUTER, PLEASE! Lastly, what is a good combination of free adware / spyware / malware / antivirus programs I should use to prevent this from happening again. Thank you.

OTL logfile created on: 3/2/2012 11:00:03 AM - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\armor\My Backup Files\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 45.75% Memory free
7.60 Gb Paging File | 5.23 Gb Available in Paging File | 68.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 23.25 Gb Free Space | 10.66% Space Free | Partition Type: NTFS

Computer Name: ARMOR-PC | User Name: armor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/02 10:59:20 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\armor\My Backup Files\Downloads\OTL.exe
PRC - [2012/02/22 17:01:13 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012/02/22 17:01:12 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012/02/14 22:03:37 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/12/20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/11/14 16:15:16 | 000,197,288 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/04/27 10:06:12 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2009/09/17 12:05:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/22 15:24:32 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
MOD - [2012/02/22 15:22:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/22 15:22:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/22 15:22:35 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/14 22:03:36 | 000,429,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll
MOD - [2012/02/14 22:03:34 | 003,772,912 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll
MOD - [2012/02/14 22:02:10 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\avutil-51.dll
MOD - [2012/02/14 22:02:08 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\avformat-53.dll
MOD - [2012/02/14 22:02:07 | 001,747,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
MOD - [2012/02/14 19:00:24 | 008,593,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\gcswf32.dll
MOD - [2011/12/20 13:32:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011/12/20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/12/20 13:32:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011/12/20 13:32:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/12/20 13:32:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/12/20 13:32:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/12/20 13:32:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/12/20 13:32:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2011/12/20 13:32:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/13 08:50:11 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/16 18:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/03/30 23:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2012/02/22 17:01:12 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/09/17 12:05:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/06/23 15:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/23 07:12:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/01/21 02:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010/01/21 02:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/01/21 02:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/12 10:26:00 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/10/12 04:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/07 17:37:50 | 007,749,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/25 16:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/03 03:15:26 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/20 00:34:38 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/07/23 11:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/07/16 20:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/16 18:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 18:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/02/22 17:01:28 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{80BC95C2-9E53-4658-9C7E-A8DCE7A26316}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{3ea5cc93-e372-4e4d-83b9-793689516a65}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8D0C28BC-D3CD-4D41-AC34-7187F39147AA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/?rlz=1V1IPYX
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {3E5F8888-BBC0-42DC-86D5-681707B5DDC3}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{3E5F8888-BBC0-42DC-86D5-681707B5DDC3}: "URL" = http://www.google.co...1I7GZGN_enUS458
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\armor\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\armor\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)


[2011/02/11 22:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\armor\AppData\Roaming\Mozilla\Extensions
[2012/03/01 18:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\armor\AppData\Roaming\Mozilla\Firefox\Profiles\pazg7csr.default\extensions
[2012/03/01 18:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\armor\AppData\Roaming\Mozilla\Firefox\Profiles\pazg7csr.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/03/01 18:34:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/27 18:52:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/11 07:45:42 | 000,002,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\armor\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\armor\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/03/02 10:35:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [loadmsh] C:\ProgramData\loadmsh.exe File not found
O4 - HKLM..\Run: [xmlc] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\xmlc.exe ()
O4 - HKCU..\Run: [Big Brother Keylogger] "C:\Program Files (x86)\Big Brother Keylogger\BBK.exe" File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Corel Photo Downloader] "c:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\armor\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [loadmsh] C:\ProgramData\loadmsh.exe File not found
O4 - HKCU..\Run: [xmlc] C:\Users\armor\AppData\Roaming\xmlc.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.1)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Mahjong%20Escape%20-%20Ancient%20China/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinn...ly/monopoly.cab (Monopoly Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Mahjong%20Escape%20-%20Ancient%20China/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC723C50-F06C-4930-9B0F-35958215C59C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/02 10:39:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/02 10:28:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/02 10:14:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/02 10:14:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/02 10:14:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/02 10:13:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/02 10:13:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/02 10:09:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/02 10:06:41 | 004,424,615 | R--- | C] (Swearware) -- C:\Users\armor\Desktop\ComboFix.exe
[2012/02/24 20:25:31 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/02/24 20:18:23 | 000,000,000 | ---D | C] -- C:\Users\armor\AppData\Roaming\Roxio Log Files
[2012/02/22 23:17:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenXML-ODF Translator
[2012/02/22 23:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ODF Add-in for Microsoft Office
[2012/02/22 23:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Menu for Office
[2012/02/22 23:15:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Classic Menu for Office
[2012/02/22 23:05:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012/02/22 23:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
[2012/02/22 23:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/02/22 16:59:01 | 000,000,000 | ---D | C] -- C:\Users\armor\AppData\Local\adaware
[2012/02/22 16:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/02/22 16:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/02/22 16:58:27 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/02/22 16:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/02/22 16:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012/02/22 16:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/20 22:08:03 | 000,000,000 | ---D | C] -- C:\Users\armor\AppData\Roaming\Vyof
[2012/02/19 01:20:42 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/02/18 10:05:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012/02/18 10:04:50 | 000,000,000 | -H-D | C] -- C:\Users\armor\AppData\Local\panda2_0dn
[2012/02/18 10:04:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Panda Security URL Filtering
[2012/02/18 09:59:51 | 000,000,000 | ---D | C] -- C:\temp
[2012/02/11 23:03:37 | 000,000,000 | -H-D | C] -- C:\Users\armor\AppData\Local\Collectorz.com
[2012/02/11 23:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Collectorz.com
[2012/02/11 23:03:28 | 000,000,000 | ---D | C] -- C:\Users\armor\Documents\Comic Collector
[2012/02/11 23:03:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Collectorz.com
[2012/02/11 20:29:24 | 000,000,000 | ---D | C] -- C:\Users\armor\AppData\Roaming\Template
[2012/02/09 16:53:44 | 000,000,000 | ---D | C] -- C:\Users\armor\Desktop\HTC Rezound
[2012/02/09 15:08:32 | 000,000,000 | ---D | C] -- C:\Users\armor\.android
[2012/02/09 15:06:58 | 000,000,000 | ---D | C] -- C:\droid
[2012/02/09 14:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
[2012/02/09 14:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Android
[2012/02/09 14:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/02/09 14:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2012/02/09 14:22:22 | 000,000,000 | -H-D | C] -- C:\Users\armor\AppData\Local\Htc
[2012/02/09 14:21:42 | 000,000,000 | ---D | C] -- C:\Users\armor\AppData\Roaming\HTC
[2012/02/09 14:20:22 | 000,000,000 | ---D | C] -- C:\Users\armor\AppData\Local\Downloaded Installations
[2012/02/09 14:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012/02/09 14:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012/02/09 14:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012/02/09 14:19:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/04/01 08:21:59 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\armor\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/03/02 10:47:02 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 10:47:02 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 10:45:31 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/02 10:45:31 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/02 10:45:31 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/02 10:39:51 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/02 10:39:31 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/03/02 10:39:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/02 10:39:09 | 3061,190,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/02 10:35:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/02 10:25:21 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/02 10:06:47 | 004,424,615 | R--- | M] (Swearware) -- C:\Users\armor\Desktop\ComboFix.exe
[2012/03/01 18:40:09 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1849465098-2621327732-3741888540-1000UA.job
[2012/03/01 18:27:17 | 000,000,076 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2012/03/01 18:00:01 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/02/29 09:01:53 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/02/29 09:01:53 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/02/25 21:40:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1849465098-2621327732-3741888540-1000Core.job
[2012/02/23 17:45:21 | 000,426,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/22 17:01:28 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/02/22 16:58:31 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/02/22 16:49:46 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/22 03:07:12 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/02/18 13:03:19 | 000,000,000 | ---- | M] () -- C:\0x0304A000.sfl
[2012/02/15 17:01:53 | 000,002,306 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/11 23:03:32 | 000,001,229 | ---- | M] () -- C:\Users\Public\Desktop\Comic Collector.lnk
[2012/02/11 20:29:27 | 000,000,100 | ---- | M] () -- C:\Users\armor\AppData\Roaming\wklnhst.dat
[2012/02/09 14:28:58 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk

========== Files Created - No Company Name ==========

[2012/03/02 10:14:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/02 10:14:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/02 10:14:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/02 10:14:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/02 10:14:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/25 17:02:57 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/02/25 17:02:57 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/02/22 23:15:24 | 000,528,744 | ---- | C] () -- C:\Windows\SysWow64\OGAVerify.exe
[2012/02/22 23:15:23 | 000,691,592 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2012/02/22 16:58:31 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/02/22 16:49:46 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/22 03:07:12 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/02/18 13:03:19 | 000,000,000 | ---- | C] () -- C:\0x0304A000.sfl
[2012/02/11 23:03:32 | 000,001,229 | ---- | C] () -- C:\Users\Public\Desktop\Comic Collector.lnk
[2012/02/11 20:29:19 | 000,000,100 | ---- | C] () -- C:\Users\armor\AppData\Roaming\wklnhst.dat
[2012/02/09 14:28:58 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2011/08/10 00:09:55 | 000,000,088 | RHS- | C] () -- C:\ProgramData\A8CB972F41.sys
[2011/08/10 00:09:54 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/31 18:43:44 | 000,161,728 | ---- | C] () -- C:\Program Files (x86)\4ares.dll
[2011/04/09 10:00:30 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/08 22:20:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/15 17:37:34 | 000,000,031 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/10/04 10:37:15 | 000,014,848 | ---- | C] () -- C:\Users\armor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/18 20:14:26 | 000,000,076 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/05/24 09:36:08 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/26 17:10:35 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2010/03/26 17:10:35 | 000,002,410 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini

========== LOP Check ==========

[2010/10/15 16:12:39 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\.minecraft
[2011/05/18 14:02:48 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\AnvSoft
[2012/03/02 11:04:44 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\BitTorrent
[2011/08/02 15:04:51 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\FKRMonitor
[2011/07/06 23:11:59 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\FK_Monitor
[2011/03/02 13:48:53 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\gtk-2.0
[2012/02/09 14:29:00 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\HTC
[2010/03/13 13:16:38 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\iWin
[2011/08/10 08:27:17 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\JPEGsnoop
[2011/08/07 15:45:09 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\Kernel for Windows Data Recovery
[2010/03/22 20:53:20 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\Ludia
[2010/11/04 17:38:21 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\Oberon Media
[2011/02/23 12:49:33 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\Panda Security
[2010/03/24 15:14:27 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\PlayFirst
[2011/04/09 22:00:15 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\SoftGrid Client
[2010/05/23 23:08:26 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\SpinTop
[2012/02/11 20:29:24 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\Template
[2011/04/09 10:01:54 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\TP
[2010/09/16 10:28:22 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\Uniblue
[2012/02/20 22:08:03 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\Vyof
[2011/05/18 13:05:33 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\WeatherBug
[2011/06/07 11:50:46 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\Windows Live Writer
[2011/05/18 13:09:24 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\Winff
[2012/02/25 21:40:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1849465098-2621327732-3741888540-1000Core.job
[2012/03/01 18:40:09 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1849465098-2621327732-3741888540-1000UA.job
[2012/03/01 18:00:01 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011/04/19 11:23:23 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:40E5AD89
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:C46995DA
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:4A9220C3
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A3E39C6A

< End of report >

OTL Extras logfile created on: 3/2/2012 11:00:03 AM - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\armor\My Backup Files\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 45.75% Memory free
7.60 Gb Paging File | 5.23 Gb Available in Paging File | 68.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 23.25 Gb Free Space | 10.66% Space Free | Partition Type: NTFS

Computer Name: ARMOR-PC | User Name: armor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java™ 7 Update 2 (64-bit)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java™ SE Development Kit 7 Update 2 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 26
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3ACF7A26-1743-4A84-85F1-2450B35925E4}" = Classic Menu for Office
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C44DC2C-4DE3-4120-865F-F770C53972DE}_is1" = Comic Collector
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54178A9B-7B4B-4B24-B863-7B44EBF28318}" = ODF Add-in for Microsoft Office
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A3FFA58-876F-489C-B6CF-0503916224DF}" = HTC Sync
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326}" = TWC Customer Controls
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Android SDK Tools" = Android SDK Tools
"BitTorrent" = BitTorrent
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MiniTool Power Data Recovery_is1" = MiniTool Power Data Recovery
"Picasa 3" = Picasa 3
"Search Toolbar" = Search Toolbar
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/6/2011 9:03:52 PM | Computer Name = armor-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 567812

Error - 10/6/2011 9:03:53 PM | Computer Name = armor-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/6/2011 9:03:53 PM | Computer Name = armor-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 568811

Error - 10/6/2011 9:03:53 PM | Computer Name = armor-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 568811

Error - 10/6/2011 9:03:54 PM | Computer Name = armor-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/6/2011 9:03:54 PM | Computer Name = armor-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 569809

Error - 10/6/2011 9:03:54 PM | Computer Name = armor-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 569809

Error - 10/6/2011 9:03:55 PM | Computer Name = armor-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/6/2011 9:03:55 PM | Computer Name = armor-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 570823

Error - 10/6/2011 9:03:55 PM | Computer Name = armor-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 570823

[ Broadcom Wireless LAN Events ]
Error - 2/21/2012 11:26:43 PM | Computer Name = armor-PC | Source = WLAN-Tray | ID = 0
Description = 20:26:43, Tue, Feb 21, 12 Error - Unable to gain access to user store


Error - 2/23/2012 12:30:27 PM | Computer Name = armor-PC | Source = WLAN-Tray | ID = 0
Description = 09:30:27, Thu, Feb 23, 12 Error - Unable to gain access to user store


Error - 2/26/2012 5:56:49 PM | Computer Name = armor-PC | Source = WLAN-Tray | ID = 0
Description = 14:56:48, Sun, Feb 26, 12 Error - Unable to gain access to user store


Error - 3/1/2012 1:12:56 PM | Computer Name = armor-PC | Source = WLAN-Tray | ID = 0
Description = 10:12:54, Thu, Mar 01, 12 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 6/24/2010 4:32:10 AM | Computer Name = armor-PC | Source = MCUpdate | ID = 0
Description = 1:31:49 AM - Failed to retrieve SportsSchedule (Error: Unable to connect
to the remote server)

Error - 6/24/2010 4:32:52 AM | Computer Name = armor-PC | Source = MCUpdate | ID = 0
Description = 1:32:31 AM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 6/24/2010 4:33:18 AM | Computer Name = armor-PC | Source = MCUpdate | ID = 0
Description = 1:33:13 AM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 11/23/2010 4:02:52 PM | Computer Name = armor-PC | Source = MCUpdate | ID = 0
Description = 12:02:52 PM - Error connecting to the internet. 12:02:52 PM - Unable
to contact server..

Error - 11/23/2010 4:03:22 PM | Computer Name = armor-PC | Source = MCUpdate | ID = 0
Description = 12:03:21 PM - Error connecting to the internet. 12:03:21 PM - Unable
to contact server..

Error - 3/25/2011 4:56:10 PM | Computer Name = armor-PC | Source = MCUpdate | ID = 0
Description = 1:56:09 PM - Error connecting to the internet. 1:56:09 PM - Unable
to contact server..

Error - 3/25/2011 4:56:44 PM | Computer Name = armor-PC | Source = MCUpdate | ID = 0
Description = 1:56:39 PM - Error connecting to the internet. 1:56:39 PM - Unable
to contact server..

Error - 3/27/2011 12:57:22 AM | Computer Name = armor-PC | Source = MCUpdate | ID = 0
Description = 9:57:22 PM - Error connecting to the internet. 9:57:22 PM - Unable
to contact server..

Error - 3/27/2011 12:57:56 AM | Computer Name = armor-PC | Source = MCUpdate | ID = 0
Description = 9:57:51 PM - Error connecting to the internet. 9:57:51 PM - Unable
to contact server..

Error - 4/4/2011 1:06:39 AM | Computer Name = armor-PC | Source = MCUpdate | ID = 0
Description = 10:06:30 PM - Error connecting to the internet. 10:06:30 PM - Unable
to contact server..

[ System Events ]
Error - 3/1/2012 1:26:09 PM | Computer Name = armor-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 3/2/2012 12:58:16 PM | Computer Name = armor-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:37:11 PM on ?3/?1/?2012 was unexpected.

Error - 3/2/2012 12:58:17 PM | Computer Name = ARMOR-PC | Source = BugCheck | ID = 1001
Description =

Error - 3/2/2012 1:03:51 PM | Computer Name = armor-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 3/2/2012 1:22:55 PM | Computer Name = armor-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/2/2012 1:27:38 PM | Computer Name = armor-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 3/2/2012 1:28:56 PM | Computer Name = armor-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/2/2012 1:30:10 PM | Computer Name = armor-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 3/2/2012 1:30:24 PM | Computer Name = armor-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 3/2/2012 1:39:25 PM | Computer Name = armor-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126


< End of report >

Edited by xarmorivsleepx, 02 March 2012 - 12:15 PM.

  • 0

Advertisements

#2
Essexboy
Posted 02 March 2012 - 03:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I see you have run combofix - could you post the log please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}: "URL" = http://search.mywebs...r={searchTerms}
    IE - HKLM\..\SearchScopes\{3ea5cc93-e372-4e4d-83b9-793689516a65}: "URL" = http://search.mywebs...r={searchTerms}
    IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
    O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [loadmsh] C:\ProgramData\loadmsh.exe File not found
    O4 - HKLM..\Run: [xmlc] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\xmlc.exe ()
    O4 - HKCU..\Run: [loadmsh] C:\ProgramData\loadmsh.exe File not found
    O4 - HKCU..\Run: [xmlc] C:\Users\armor\AppData\Roaming\xmlc.exe File not found

    :Files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 1

#3
xarmorivsleepx
Posted 02 March 2012 - 07:05 PM

xarmorivsleepx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you for your quick response.
When I ran ComboFix, it ran fine then windows couldn't start and it rebooted into Startup Repair, Startup Repair asked if I wanted to restore I clicked yes. When it finally rebooted, this is the log I got:

ComboFix 12-03-02.01 - armor 03/02/2012 15:30:01.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2655 [GMT -7:00]
Running from: c:\users\armor\Desktop\anti\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
c:\windows\system32\config\systemprofile\AppData\Roaming\xmlc.exe
.
---- Previous Run -------
.
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\887E.tmp
c:\programdata\B7E8586B000435DB000A86F3B4EB2367\B7E8586B000435DB000A86F3B4EB2367.exe
c:\programdata\jF28269KfBaH28269\jF28269KfBaH28269.exe
c:\programdata\loadmsh.exe
c:\programdata\TorrentEasy\extensions.exe
c:\programdata\TorrentEasy\fdmbtsupp.dll
c:\users\armor\AppData\Roaming\Ejor\uhmal.oqt
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\armor\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\armor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome.manifest
c:\users\armor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome\gvtextlinks.jar
c:\users\armor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\gvtlf.dll
c:\users\armor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\gvtlf.dll.manifest
c:\users\armor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\gvtlf.exp
c:\users\armor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\gvtlf.lib
c:\users\armor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\gvtlf.xpt
c:\users\armor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\install.rdf
c:\users\armor\AppData\Roaming\xmlc.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\svchost.exe
c:\windows\system32\config\systemprofile\AppData\Roaming\xmlc.exe
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
c:\windows\SysWow64\ijl11.dll
c:\windows\SysWow64\Memman.vxd
c:\windows\SysWow64\skinboxer43.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-03-02 22:39 . 2012-03-02 22:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 17:09 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15D13CB9-EDB1-4F94-BED6-1100655BDEFC}\mpengine.dll
2012-02-25 03:18 . 2012-02-25 03:18 -------- d-----w- c:\users\armor\AppData\Roaming\Roxio Log Files
2012-02-23 06:17 . 2012-02-23 06:17 -------- d-----w- c:\program files (x86)\OpenXML-ODF Translator
2012-02-23 06:15 . 2012-02-23 23:43 -------- d-----w- c:\program files (x86)\Classic Menu for Office
2012-02-23 06:15 . 2009-01-01 05:34 528744 ----a-w- c:\windows\SysWow64\OGAVerify.exe
2012-02-23 06:15 . 2009-01-01 05:34 502120 ----a-w- c:\windows\SysWow64\OGAAddin.dll
2012-02-23 06:15 . 2009-02-21 15:25 691592 ----a-w- c:\windows\SysWow64\OGACheckControl.DLL
2012-02-23 06:02 . 2012-02-23 06:02 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-02-22 23:59 . 2012-02-22 23:59 -------- d-----w- c:\users\armor\AppData\Local\adaware
2012-02-22 23:58 . 2012-03-02 17:40 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-02-22 23:58 . 2012-02-22 23:58 -------- d-----w- c:\program files (x86)\adawaretb
2012-02-22 23:58 . 2011-12-23 14:12 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-02-22 23:58 . 2012-02-22 23:58 -------- d-----w- c:\program files (x86)\Lavasoft
2012-02-22 03:59 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-22 03:59 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-22 03:59 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-22 03:59 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-22 03:59 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-22 03:58 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-22 03:58 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-21 05:08 . 2012-02-21 05:08 -------- d-----w- c:\users\armor\AppData\Roaming\Vyof
2012-02-21 04:43 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-19 08:20 . 2012-02-19 08:20 -------- d-----we c:\windows\system64
2012-02-18 17:05 . 2012-02-22 23:58 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-02-18 17:04 . 2012-02-18 17:05 -------- d--h--w- c:\users\armor\AppData\Local\panda2_0dn
2012-02-18 17:04 . 2012-02-19 16:43 -------- d--h--w- c:\programdata\Panda Security URL Filtering
2012-02-18 16:59 . 2012-02-18 17:00 -------- d-----w- C:\temp
2012-02-12 06:03 . 2012-02-12 06:03 -------- d--h--w- c:\users\armor\AppData\Local\Collectorz.com
2012-02-12 06:03 . 2012-02-28 19:56 -------- d-----w- c:\program files (x86)\Collectorz.com
2012-02-12 03:29 . 2012-02-12 03:29 -------- d-----w- c:\users\armor\AppData\Roaming\Template
2012-02-09 22:08 . 2012-02-22 02:04 -------- d-----w- c:\users\armor\.android
2012-02-09 22:06 . 2012-02-09 23:45 -------- d-----w- C:\droid
2012-02-09 21:44 . 2012-02-10 00:17 -------- d-----w- c:\program files (x86)\Android
2012-02-09 21:42 . 2012-02-09 21:43 -------- d-----w- c:\program files\Oracle
2012-02-09 21:41 . 2011-11-09 02:40 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-09 21:41 . 2011-11-09 02:40 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-09 21:22 . 2012-03-02 17:40 -------- d--h--w- c:\users\armor\AppData\Local\Htc
2012-02-09 21:21 . 2012-02-09 21:29 -------- d-----w- c:\users\armor\AppData\Roaming\HTC
2012-02-09 21:20 . 2012-02-22 02:04 -------- d-----w- c:\users\armor\AppData\Local\Downloaded Installations
2012-02-09 21:19 . 2012-02-09 21:19 -------- d-----w- c:\program files (x86)\Spirent Communications
2012-02-09 21:19 . 2012-02-09 21:21 -------- d-----w- c:\program files (x86)\HTC
2012-02-09 21:19 . 2012-02-09 21:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 00:01 . 2010-06-01 19:28 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-29 12:10 . 2010-03-29 04:36 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 16:30 . 2011-07-14 14:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 22:24 . 2010-05-21 22:50 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-17 22:46 . 2011-08-01 01:43 161728 ----a-w- c:\program files (x86)\4ares.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-12-21 15:44 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-12-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2011-04-27 400760]
"Facebook Update"="c:\users\armor\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-07-14 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"xmlc"="c:\windows\system32\config\systemprofile\AppData\Roaming\xmlc.exe" [2012-03-01 72248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"xmlc"="c:\windows\system32\config\systemprofile\AppData\Roaming\xmlc.exe" [2012-03-01 72248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-31 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-31 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-02-23 2152152]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-02-23 17152]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1849465098-2621327732-3741888540-1000Core.job
- c:\users\armor\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 04:35]
.
2012-03-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1849465098-2621327732-3741888540-1000UA.job
- c:\users\armor\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 04:35]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-31 23:03]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-31 23:03]
.
2012-03-02 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/?rlz=1V1IPYX
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
Wow6432Node-HKCU-Run-Big Brother Keylogger - c:\program files (x86)\Big Brother Keylogger\BBK.exe
Wow6432Node-HKCU-Run-Corel Photo Downloader - c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
Wow6432Node-HKCU-Run-loadmsh - c:\programdata\loadmsh.exe
Wow6432Node-HKCU-Run-xmlc - c:\users\armor\AppData\Roaming\xmlc.exe
Wow6432Node-HKLM-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKLM-Run-loadmsh - c:\programdata\loadmsh.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKU-Default-Run-loadmsh - c:\programdata\loadmsh.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-{EC9FC9E1-11D8-18C0-A0BC-410E43A18A9C}_is1 - c:\program files (x86)\Big Brother Keylogger\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1849465098-2621327732-3741888540-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1849465098-2621327732-3741888540-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2012-03-02 16:25:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-02 23:25
.
Pre-Run: 6,955,335,680 bytes free
Post-Run: 18,255,839,232 bytes free
.
- - End Of File - - 0A7D474BB2A7DE4BC0D44DA2F011381B

Then I ran the OTL fix you provided and when it rebooted this is the log I got:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3ea5cc93-e372-4e4d-83b9-793689516a65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ea5cc93-e372-4e4d-83b9-793689516a65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0C8413C1-FAD1-446C-8584-BE50576F863E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C8413C1-FAD1-446C-8584-BE50576F863E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0C8413C1-FAD1-446C-8584-BE50576F863E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C8413C1-FAD1-446C-8584-BE50576F863E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\loadmsh not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\xmlc deleted successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\xmlc.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\loadmsh not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\xmlc not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\armor\Desktop\anti\cmd.bat deleted successfully.
C:\Users\armor\Desktop\anti\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: armor
->Temp folder emptied: 79 bytes
->Temporary Internet Files folder emptied: 845943931 bytes
->Java cache emptied: 26647775 bytes
->Google Chrome cache emptied: 248973940 bytes
->Flash cache emptied: 2830497 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,072.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.34.0 log created on 03022012_163046

Files\Folders moved on Reboot...
C:\Users\armor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\fla18A0.tmp not found!
C:\Windows\temp\fla315E.tmp moved successfully.
File\Folder C:\Windows\temp\fla321A.tmp not found!
C:\Windows\temp\fla8CD7.tmp moved successfully.
File\Folder C:\Windows\temp\flaA89.tmp not found!

Registry entries deleted on Reboot...

Then I ran the OTL quickscan, which caused my computer to bluescreen of death, so I ran it again and got this log:

OTL logfile created on: 3/2/2012 4:54:41 PM - Run 2
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\armor\Desktop\anti
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 67.88% Memory free
7.60 Gb Paging File | 6.05 Gb Available in Paging File | 79.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 17.48 Gb Free Space | 8.01% Space Free | Partition Type: NTFS

Computer Name: ARMOR-PC | User Name: armor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/02 10:59:20 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\armor\Desktop\anti\OTL.exe
PRC - [2012/02/22 17:01:13 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012/02/22 17:01:12 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/12/23 07:12:10 | 001,101,960 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
PRC - [2011/12/20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/11/14 16:15:16 | 000,197,288 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/04/27 10:06:12 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2009/09/17 12:05:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/22 15:24:32 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
MOD - [2012/02/22 15:22:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/22 15:22:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/22 15:22:35 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/12/20 13:32:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011/12/20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/12/20 13:32:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011/12/20 13:32:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/12/20 13:32:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/12/20 13:32:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/12/20 13:32:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/12/20 13:32:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2011/12/20 13:32:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/13 08:50:11 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/16 18:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/30 23:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2012/02/22 17:01:12 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/09/17 12:05:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/06/23 15:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/23 07:12:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/01/21 02:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010/01/21 02:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/01/21 02:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/12 10:26:00 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/10/12 04:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/07 17:37:50 | 007,749,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/25 16:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/03 03:15:26 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/20 00:34:38 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/07/23 11:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/07/16 20:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/16 18:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 18:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/02/22 17:01:28 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{80BC95C2-9E53-4658-9C7E-A8DCE7A26316}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8D0C28BC-D3CD-4D41-AC34-7187F39147AA}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/?rlz=1V1IPYX
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {3E5F8888-BBC0-42DC-86D5-681707B5DDC3}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{3E5F8888-BBC0-42DC-86D5-681707B5DDC3}: "URL" = http://www.google.co...1I7GZGN_enUS458
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\armor\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\armor\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)


[2011/02/11 22:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\armor\AppData\Roaming\Mozilla\Extensions
[2012/03/01 18:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\armor\AppData\Roaming\Mozilla\Firefox\Profiles\pazg7csr.default\extensions
[2012/03/01 18:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\armor\AppData\Roaming\Mozilla\Firefox\Profiles\pazg7csr.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/03/01 18:34:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/27 18:52:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/11 07:45:42 | 000,002,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\armor\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\armor\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/03/02 16:17:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\armor\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.1)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Mahjong%20Escape%20-%20Ancient%20China/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinn...ly/monopoly.cab (Monopoly Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Mahjong%20Escape%20-%20Ancient%20China/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC723C50-F06C-4930-9B0F-35958215C59C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/02 16:30:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/02 16:28:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/02 16:25:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/02 15:28:33 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/02 15:26:41 | 000,000,000 | ---D | C] -- C:\Users\armor\Desktop\anti
[2012/03/02 10:14:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/02 10:14:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/02 10:14:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/02 10:13:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/02 10:09:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/24 20:25:31 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/02/24 20:18:23 | 000,000,000 | ---D | C] -- C:\Users\armor\AppData\Roaming\Roxio Log Files
[2012/02/22 23:17:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenXML-ODF Translator
[2012/02/22 23:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ODF Add-in for Microsoft Office
[2012/02/22 23:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Menu for Office
[2012/02/22 23:15:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Classic Menu for Office
[2012/02/22 23:05:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012/02/22 23:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
[2012/02/22 23:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/02/22 16:59:01 | 000,000,000 | ---D | C] -- C:\Users\armor\AppData\Local\adaware
[2012/02/22 16:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/02/22 16:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/02/22 16:58:27 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/02/22 16:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/02/22 16:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012/02/22 16:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/20 22:08:03 | 000,000,000 | ---D | C] -- C:\Users\armor\AppData\Roaming\Vyof
[2012/02/19 01:20:42 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/02/18 10:05:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012/02/18 10:04:50 | 000,000,000 | -H-D | C] -- C:\Users\armor\AppData\Local\panda2_0dn
[2012/02/18 10:04:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Panda Security URL Filtering
[2012/02/18 09:59:51 | 000,000,000 | ---D | C] -- C:\temp
[2012/02/11 23:03:37 | 000,000,000 | -H-D | C] -- C:\Users\armor\AppData\Local\Collectorz.com
[2012/02/11 23:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Collectorz.com
[2012/02/11 23:03:28 | 000,000,000 | ---D | C] -- C:\Users\armor\Documents\Comic Collector
[2012/02/11 23:03:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Collectorz.com
[2012/02/11 20:29:24 | 000,000,000 | ---D | C] -- C:\Users\armor\AppData\Roaming\Template
[2012/02/09 16:53:44 | 000,000,000 | ---D | C] -- C:\Users\armor\Desktop\HTC Rezound
[2012/02/09 15:08:32 | 000,000,000 | ---D | C] -- C:\Users\armor\.android
[2012/02/09 15:06:58 | 000,000,000 | ---D | C] -- C:\droid
[2012/02/09 14:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
[2012/02/09 14:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Android
[2012/02/09 14:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/02/09 14:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2012/02/09 14:22:22 | 000,000,000 | -H-D | C] -- C:\Users\armor\AppData\Local\Htc
[2012/02/09 14:21:42 | 000,000,000 | ---D | C] -- C:\Users\armor\AppData\Roaming\HTC
[2012/02/09 14:20:22 | 000,000,000 | ---D | C] -- C:\Users\armor\AppData\Local\Downloaded Installations
[2012/02/09 14:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012/02/09 14:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012/02/09 14:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012/02/09 14:19:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/04/01 08:21:59 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\armor\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/03/02 16:59:39 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/02 16:59:39 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/02 16:59:39 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/02 16:53:20 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/02 16:53:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/02 16:52:56 | 3061,190,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/02 16:47:20 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 16:47:20 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 16:25:06 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/02 16:17:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/02 12:40:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1849465098-2621327732-3741888540-1000UA.job
[2012/03/02 10:39:31 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/03/01 18:27:17 | 000,000,076 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2012/03/01 18:00:01 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/02/29 09:01:53 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/02/29 09:01:53 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/02/25 21:40:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1849465098-2621327732-3741888540-1000Core.job
[2012/02/23 17:45:21 | 000,426,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/22 17:01:28 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/02/22 03:07:12 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/02/18 13:03:19 | 000,000,000 | ---- | M] () -- C:\0x0304A000.sfl
[2012/02/15 17:01:53 | 000,002,306 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/11 23:03:32 | 000,001,229 | ---- | M] () -- C:\Users\Public\Desktop\Comic Collector.lnk
[2012/02/11 20:29:27 | 000,000,100 | ---- | M] () -- C:\Users\armor\AppData\Roaming\wklnhst.dat
[2012/02/09 14:28:58 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk

========== Files Created - No Company Name ==========

[2012/03/02 10:14:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/02 10:14:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/02 10:14:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/02 10:14:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/02 10:14:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/25 17:02:57 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/02/25 17:02:57 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/02/22 23:15:24 | 000,528,744 | ---- | C] () -- C:\Windows\SysWow64\OGAVerify.exe
[2012/02/22 23:15:23 | 000,691,592 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2012/02/22 03:07:12 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/02/18 13:03:19 | 000,000,000 | ---- | C] () -- C:\0x0304A000.sfl
[2012/02/11 23:03:32 | 000,001,229 | ---- | C] () -- C:\Users\Public\Desktop\Comic Collector.lnk
[2012/02/11 20:29:19 | 000,000,100 | ---- | C] () -- C:\Users\armor\AppData\Roaming\wklnhst.dat
[2012/02/09 14:28:58 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2011/08/10 00:09:55 | 000,000,088 | RHS- | C] () -- C:\ProgramData\A8CB972F41.sys
[2011/08/10 00:09:54 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/31 18:43:44 | 000,161,728 | ---- | C] () -- C:\Program Files (x86)\4ares.dll
[2011/04/09 10:00:30 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/08 22:20:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/15 17:37:34 | 000,000,031 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/10/04 10:37:15 | 000,014,848 | ---- | C] () -- C:\Users\armor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/18 20:14:26 | 000,000,076 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/05/24 09:36:08 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/26 17:10:35 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2010/03/26 17:10:35 | 000,002,410 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini

========== LOP Check ==========

[2010/10/15 16:12:39 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\.minecraft
[2011/05/18 14:02:48 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\AnvSoft
[2012/03/02 17:03:52 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\BitTorrent
[2011/08/02 15:04:51 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\FKRMonitor
[2011/07/06 23:11:59 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\FK_Monitor
[2011/03/02 13:48:53 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\gtk-2.0
[2012/02/09 14:29:00 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\HTC
[2010/03/13 13:16:38 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\iWin
[2011/08/10 08:27:17 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\JPEGsnoop
[2011/08/07 15:45:09 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\Kernel for Windows Data Recovery
[2010/03/22 20:53:20 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\Ludia
[2010/11/04 17:38:21 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\Oberon Media
[2011/02/23 12:49:33 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\Panda Security
[2010/03/24 15:14:27 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\PlayFirst
[2011/04/09 22:00:15 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\SoftGrid Client
[2010/05/23 23:08:26 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\SpinTop
[2012/02/11 20:29:24 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\Template
[2011/04/09 10:01:54 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\TP
[2010/09/16 10:28:22 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\Uniblue
[2012/02/20 22:08:03 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\Vyof
[2011/05/18 13:05:33 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\WeatherBug
[2011/06/07 11:50:46 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\Windows Live Writer
[2011/05/18 13:09:24 | 000,000,000 | ---D | M] -- C:\Users\armor\AppData\Roaming\Winff
[2012/02/25 21:40:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1849465098-2621327732-3741888540-1000Core.job
[2012/03/02 12:40:01 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1849465098-2621327732-3741888540-1000UA.job
[2012/03/01 18:00:01 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011/04/19 11:23:23 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:40E5AD89
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:C46995DA
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:4A9220C3
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A3E39C6A

< End of report >

I downloaded and ran aswMBR.exe, it caused my computer to crash and restart, I ran it again and here is the log:.

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-02 17:26:26
-----------------------------
17:26:26.098 OS Version: Windows x64 6.1.7601 Service Pack 1
17:26:26.098 Number of processors: 4 586 0x2502
17:26:26.098 ComputerName: ARMOR-PC UserName: armor
17:26:38.672 Initialize success
17:26:47.252 AVAST engine defs: 12030201
17:26:52.696 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:26:52.696 Disk 0 Vendor: ST9250410AS 0004SDM1 Size: 238475MB BusType: 11
17:26:52.696 Device \Driver\atapi -> MajorFunction fffffa8004fba5c4
17:26:52.728 Disk 0 MBR read successfully
17:26:52.728 Disk 0 MBR scan
17:26:52.743 Disk 0 MBR:Pihar-C [Rtk]
17:26:52.743 Disk 0 TDL4@MBR code has been found
17:26:52.743 Disk 0 MBR hidden
17:26:52.743 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
17:26:52.774 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
17:26:52.790 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
17:26:52.790 Disk 0 MBR [TDL4] **ROOTKIT**
17:26:52.806 Disk 0 trace - called modules:
17:26:52.806 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys >>UNKNOWN [0xfffffa8004fba5c4]<<
17:26:52.821 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bcf060]
17:26:52.821 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004a5cce0]
17:26:52.821 5 stdflt.sys[fffff88001986a4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800492f060]
17:26:52.837 \Driver\atapi[0xfffffa800495e2b0] -> IRP_MJ_CREATE -> 0xfffffa8004fba5c4
17:27:10.278 AVAST engine scan C:\Windows
17:27:27.001 AVAST engine scan C:\Windows\system32
17:40:53.714 AVAST engine scan C:\Windows\system32\drivers
17:42:03.826 AVAST engine scan C:\Users\armor
17:48:01.405 File: C:\Users\armor\AppData\Roaming\Vyof\jyizk.exe **INFECTED** Win32:SmokeLdr-D [Trj]
18:21:00.259 AVAST engine scan C:\ProgramData
18:23:20.104 Scan finished successfully
19:19:34.399 Disk 0 MBR has been saved successfully to "C:\Users\armor\Desktop\anti\logs\p2\MBR.dat"
19:19:34.409 The log file has been saved successfully to "C:\Users\armor\Desktop\anti\logs\p2\aswMBR.txt"

Edited by xarmorivsleepx, 02 March 2012 - 08:21 PM.

  • 0

#4
Essexboy
Posted 03 March 2012 - 07:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK you have a TDL4 mbr infection. I will not use aswMBR for this as it has a problem in about 1% of the cases with 64bit systems

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#5
xarmorivsleepx
Posted 03 March 2012 - 10:49 AM

xarmorivsleepx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK, thanks. I ran TDSSKiller without any problems, as instructed, and this is log:

09:36:19.0656 5660 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
09:36:20.0146 5660 ============================================================
09:36:20.0146 5660 Current date / time: 2012/03/03 09:36:20.0146
09:36:20.0146 5660 SystemInfo:
09:36:20.0146 5660
09:36:20.0146 5660 OS Version: 6.1.7601 ServicePack: 1.0
09:36:20.0146 5660 Product type: Workstation
09:36:20.0146 5660 ComputerName: ARMOR-PC
09:36:20.0146 5660 UserName: armor
09:36:20.0146 5660 Windows directory: C:\Windows
09:36:20.0146 5660 System windows directory: C:\Windows
09:36:20.0146 5660 Running under WOW64
09:36:20.0146 5660 Processor architecture: Intel x64
09:36:20.0146 5660 Number of processors: 4
09:36:20.0146 5660 Page size: 0x1000
09:36:20.0146 5660 Boot type: Normal boot
09:36:20.0146 5660 ============================================================
09:36:22.0977 5660 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:36:22.0977 5660 \Device\Harddisk0\DR0:
09:36:22.0977 5660 MBR used
09:36:22.0977 5660 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
09:36:22.0977 5660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
09:36:23.0137 5660 Initialize success
09:36:23.0137 5660 ============================================================
09:36:45.0427 2552 ============================================================
09:36:45.0427 2552 Scan started
09:36:45.0427 2552 Mode: Manual; SigCheck; TDLFS;
09:36:45.0427 2552 ============================================================
09:36:55.0919 2552 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:36:56.0839 2552 1394ohci - ok
09:36:58.0950 2552 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
09:36:58.0960 2552 Acceler - ok
09:37:00.0870 2552 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:37:01.0050 2552 ACPI - ok
09:37:02.0791 2552 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:37:05.0111 2552 AcpiPmi - ok
09:37:08.0964 2552 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:37:09.0144 2552 adp94xx - ok
09:37:10.0124 2552 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:37:10.0284 2552 adpahci - ok
09:37:12.0294 2552 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:37:12.0324 2552 adpu320 - ok
09:37:14.0905 2552 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:37:15.0385 2552 AFD - ok
09:37:16.0576 2552 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:37:16.0586 2552 agp440 - ok
09:37:18.0646 2552 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:37:18.0666 2552 aliide - ok
09:37:21.0437 2552 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:37:21.0467 2552 amdide - ok
09:37:22.0247 2552 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:37:22.0397 2552 AmdK8 - ok
09:37:22.0687 2552 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:37:22.0737 2552 AmdPPM - ok
09:37:23.0147 2552 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:37:23.0167 2552 amdsata - ok
09:37:23.0487 2552 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:37:23.0558 2552 amdsbs - ok
09:37:23.0928 2552 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:37:23.0938 2552 amdxata - ok
09:37:24.0318 2552 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:37:26.0298 2552 AppID - ok
09:37:27.0909 2552 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:37:27.0929 2552 arc - ok
09:37:30.0231 2552 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:37:30.0251 2552 arcsas - ok
09:37:32.0231 2552 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:37:35.0153 2552 AsyncMac - ok
09:37:35.0763 2552 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:37:35.0773 2552 atapi - ok
09:37:36.0784 2552 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:37:37.0384 2552 b06bdrv - ok
09:37:39.0634 2552 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:37:39.0814 2552 b57nd60a - ok
09:37:40.0605 2552 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
09:37:40.0625 2552 BCM42RLY - ok
09:37:42.0215 2552 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
09:37:42.0395 2552 BCM43XX - ok
09:37:43.0415 2552 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:37:43.0505 2552 Beep - ok
09:37:43.0995 2552 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:37:44.0065 2552 blbdrive - ok
09:37:44.0385 2552 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:37:44.0485 2552 bowser - ok
09:37:45.0055 2552 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:37:45.0175 2552 BrFiltLo - ok
09:37:45.0515 2552 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:37:45.0535 2552 BrFiltUp - ok
09:37:45.0795 2552 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:37:45.0895 2552 BridgeMP - ok
09:37:46.0035 2552 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:37:46.0265 2552 Brserid - ok
09:37:46.0415 2552 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:37:46.0475 2552 BrSerWdm - ok
09:37:46.0925 2552 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:37:46.0985 2552 BrUsbMdm - ok
09:37:47.0065 2552 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:37:47.0125 2552 BrUsbSer - ok
09:37:47.0265 2552 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:37:47.0315 2552 BTHMODEM - ok
09:37:47.0665 2552 catchme - ok
09:37:48.0135 2552 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:37:48.0225 2552 cdfs - ok
09:37:48.0385 2552 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:37:48.0445 2552 cdrom - ok
09:37:48.0706 2552 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:37:48.0746 2552 circlass - ok
09:37:49.0036 2552 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:37:49.0056 2552 CLFS - ok
09:37:49.0156 2552 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:37:49.0176 2552 CmBatt - ok
09:37:49.0316 2552 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:37:49.0336 2552 cmdide - ok
09:37:49.0576 2552 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:37:49.0613 2552 CNG - ok
09:37:49.0990 2552 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:37:50.0010 2552 Compbatt - ok
09:37:50.0290 2552 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:37:50.0370 2552 CompositeBus - ok
09:37:50.0570 2552 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:37:50.0580 2552 crcdisk - ok
09:37:50.0800 2552 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
09:37:50.0880 2552 CtClsFlt - ok
09:37:51.0080 2552 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:37:51.0170 2552 DfsC - ok
09:37:51.0470 2552 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:37:51.0930 2552 discache - ok
09:37:52.0450 2552 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:37:52.0470 2552 Disk - ok
09:37:53.0021 2552 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:37:53.0221 2552 drmkaud - ok
09:37:53.0621 2552 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:37:53.0711 2552 DXGKrnl - ok
09:37:54.0431 2552 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:37:54.0601 2552 ebdrv - ok
09:37:54.0882 2552 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:37:54.0952 2552 elxstor - ok
09:37:55.0102 2552 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:37:55.0162 2552 ErrDev - ok
09:37:55.0222 2552 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:37:55.0322 2552 exfat - ok
09:37:55.0432 2552 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:37:55.0532 2552 fastfat - ok
09:37:55.0622 2552 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:37:55.0682 2552 fdc - ok
09:37:55.0762 2552 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:37:55.0772 2552 FileInfo - ok
09:37:55.0942 2552 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:37:56.0032 2552 Filetrace - ok
09:37:56.0872 2552 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:37:59.0063 2552 flpydisk - ok
09:37:59.0523 2552 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:37:59.0593 2552 FltMgr - ok
09:37:59.0953 2552 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:37:59.0973 2552 FsDepends - ok
09:38:00.0173 2552 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
09:38:00.0193 2552 fssfltr - ok
09:38:00.0303 2552 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:38:00.0323 2552 Fs_Rec - ok
09:38:00.0873 2552 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:38:00.0893 2552 fvevol - ok
09:38:01.0213 2552 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:38:01.0233 2552 gagp30kx - ok
09:38:01.0333 2552 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:38:01.0353 2552 GEARAspiWDM - ok
09:38:01.0463 2552 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:38:01.0543 2552 hcw85cir - ok
09:38:01.0713 2552 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:38:01.0773 2552 HDAudBus - ok
09:38:01.0873 2552 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
09:38:01.0883 2552 HECIx64 - ok
09:38:01.0963 2552 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:38:02.0013 2552 HidBatt - ok
09:38:02.0113 2552 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:38:02.0213 2552 HidBth - ok
09:38:02.0323 2552 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:38:02.0393 2552 HidIr - ok
09:38:02.0663 2552 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
09:38:02.0723 2552 HidUsb - ok
09:38:02.0963 2552 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:38:02.0973 2552 HpSAMD - ok
09:38:03.0203 2552 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
09:38:03.0303 2552 HTCAND64 - ok
09:38:03.0663 2552 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
09:38:03.0683 2552 htcnprot - ok
09:38:04.0053 2552 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:38:04.0163 2552 HTTP - ok
09:38:04.0363 2552 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:38:04.0373 2552 hwpolicy - ok
09:38:04.0473 2552 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:38:04.0493 2552 i8042prt - ok
09:38:04.0673 2552 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:38:04.0703 2552 iaStorV - ok
09:38:06.0003 2552 igfx (404548917acaaa314165c2882b045c94) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:38:06.0393 2552 igfx - ok
09:38:07.0303 2552 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:38:07.0313 2552 iirsp - ok
09:38:07.0633 2552 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
09:38:07.0803 2552 Impcd - ok
09:38:08.0283 2552 IntcAzAudAddService (a9638fa0fb0c5b86229c3fd809ce8cff) C:\Windows\system32\drivers\RTKVHD64.sys
09:38:08.0393 2552 IntcAzAudAddService - ok
09:38:08.0834 2552 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
09:38:09.0034 2552 IntcDAud - ok
09:38:09.0304 2552 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:38:09.0314 2552 intelide - ok
09:38:09.0644 2552 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:38:09.0664 2552 intelppm - ok
09:38:09.0864 2552 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:38:09.0944 2552 IpFilterDriver - ok
09:38:10.0064 2552 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:38:10.0084 2552 IPMIDRV - ok
09:38:10.0164 2552 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:38:10.0264 2552 IPNAT - ok
09:38:10.0564 2552 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:38:10.0994 2552 IRENUM - ok
09:38:11.0524 2552 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:38:11.0544 2552 isapnp - ok
09:38:12.0055 2552 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:38:12.0115 2552 iScsiPrt - ok
09:38:12.0555 2552 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
09:38:12.0595 2552 k57nd60a - ok
09:38:12.0976 2552 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
09:38:12.0986 2552 kbdclass - ok
09:38:13.0656 2552 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:38:13.0796 2552 kbdhid - ok
09:38:14.0096 2552 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:38:14.0116 2552 KSecDD - ok
09:38:14.0346 2552 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:38:14.0366 2552 KSecPkg - ok
09:38:14.0676 2552 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:38:14.0776 2552 ksthunk - ok
09:38:15.0386 2552 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
09:38:15.0396 2552 Lavasoft Kernexplorer - ok
09:38:15.0906 2552 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
09:38:15.0916 2552 Lbd - ok
09:38:16.0356 2552 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:38:16.0436 2552 lltdio - ok
09:38:16.0796 2552 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:38:16.0806 2552 LSI_FC - ok
09:38:16.0896 2552 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:38:16.0906 2552 LSI_SAS - ok
09:38:17.0036 2552 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:38:17.0056 2552 LSI_SAS2 - ok
09:38:17.0346 2552 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:38:17.0436 2552 LSI_SCSI - ok
09:38:17.0846 2552 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:38:17.0926 2552 luafv - ok
09:38:18.0126 2552 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:38:18.0146 2552 megasas - ok
09:38:18.0436 2552 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:38:18.0496 2552 MegaSR - ok
09:38:18.0826 2552 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:38:18.0916 2552 Modem - ok
09:38:19.0086 2552 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:38:19.0146 2552 monitor - ok
09:38:19.0286 2552 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
09:38:19.0296 2552 mouclass - ok
09:38:19.0416 2552 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:38:19.0466 2552 mouhid - ok
09:38:19.0586 2552 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:38:19.0596 2552 mountmgr - ok
09:38:19.0756 2552 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:38:19.0766 2552 mpio - ok
09:38:19.0856 2552 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:38:19.0936 2552 mpsdrv - ok
09:38:20.0156 2552 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:38:20.0646 2552 MRxDAV - ok
09:38:20.0847 2552 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:38:20.0947 2552 mrxsmb - ok
09:38:21.0337 2552 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:38:21.0387 2552 mrxsmb10 - ok
09:38:21.0627 2552 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:38:21.0647 2552 mrxsmb20 - ok
09:38:21.0847 2552 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:38:21.0867 2552 msahci - ok
09:38:22.0067 2552 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:38:22.0087 2552 msdsm - ok
09:38:22.0377 2552 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:38:22.0427 2552 Msfs - ok
09:38:23.0108 2552 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:38:23.0228 2552 mshidkmdf - ok
09:38:23.0468 2552 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:38:23.0488 2552 msisadrv - ok
09:38:23.0838 2552 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:38:23.0928 2552 MSKSSRV - ok
09:38:24.0078 2552 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:38:24.0158 2552 MSPCLOCK - ok
09:38:24.0428 2552 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:38:24.0528 2552 MSPQM - ok
09:38:24.0819 2552 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:38:24.0839 2552 MsRPC - ok
09:38:25.0149 2552 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:38:25.0159 2552 mssmbios - ok
09:38:25.0269 2552 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:38:25.0379 2552 MSTEE - ok
09:38:25.0549 2552 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:38:25.0609 2552 MTConfig - ok
09:38:25.0699 2552 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:38:25.0709 2552 Mup - ok
09:38:25.0969 2552 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:38:26.0029 2552 NativeWifiP - ok
09:38:26.0549 2552 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:38:26.0649 2552 NDIS - ok
09:38:26.0810 2552 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:38:26.0920 2552 NdisCap - ok
09:38:27.0160 2552 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:38:27.0250 2552 NdisTapi - ok
09:38:27.0410 2552 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:38:27.0500 2552 Ndisuio - ok
09:38:27.0620 2552 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:38:27.0710 2552 NdisWan - ok
09:38:27.0830 2552 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:38:27.0920 2552 NDProxy - ok
09:38:28.0150 2552 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:38:28.0230 2552 NetBIOS - ok
09:38:28.0400 2552 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:38:28.0480 2552 NetBT - ok
09:38:29.0110 2552 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:38:29.0130 2552 nfrd960 - ok
09:38:29.0270 2552 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:38:29.0370 2552 Npfs - ok
09:38:29.0440 2552 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:38:29.0560 2552 nsiproxy - ok
09:38:29.0930 2552 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:38:30.0050 2552 Ntfs - ok
09:38:30.0180 2552 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:38:30.0270 2552 Null - ok
09:38:30.0400 2552 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:38:30.0420 2552 nvraid - ok
09:38:30.0470 2552 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:38:30.0490 2552 nvstor - ok
09:38:30.0750 2552 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:38:30.0770 2552 nv_agp - ok
09:38:31.0001 2552 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:38:31.0051 2552 ohci1394 - ok
09:38:31.0231 2552 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:38:31.0251 2552 Parport - ok
09:38:31.0341 2552 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
09:38:31.0361 2552 partmgr - ok
09:38:31.0551 2552 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:38:31.0561 2552 pci - ok
09:38:31.0671 2552 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:38:31.0681 2552 pciide - ok
09:38:31.0821 2552 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:38:31.0841 2552 pcmcia - ok
09:38:32.0031 2552 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:38:32.0051 2552 pcw - ok
09:38:32.0391 2552 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:38:32.0451 2552 PEAUTH - ok
09:38:32.0691 2552 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:38:32.0771 2552 PptpMiniport - ok
09:38:33.0011 2552 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:38:33.0071 2552 Processor - ok
09:38:33.0231 2552 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:38:33.0321 2552 Psched - ok
09:38:33.0651 2552 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:38:33.0771 2552 ql2300 - ok
09:38:33.0901 2552 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:38:33.0911 2552 ql40xx - ok
09:38:34.0181 2552 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:38:34.0241 2552 QWAVEdrv - ok
09:38:34.0321 2552 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:38:34.0411 2552 RasAcd - ok
09:38:34.0611 2552 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:38:34.0651 2552 RasAgileVpn - ok
09:38:34.0841 2552 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:38:34.0931 2552 Rasl2tp - ok
09:38:35.0201 2552 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:38:35.0301 2552 RasPppoe - ok
09:38:35.0501 2552 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:38:35.0581 2552 RasSstp - ok
09:38:35.0771 2552 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:38:35.0922 2552 rdbss - ok
09:38:35.0982 2552 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:38:36.0032 2552 rdpbus - ok
09:38:36.0202 2552 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:38:36.0282 2552 RDPCDD - ok
09:38:36.0432 2552 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:38:36.0482 2552 RDPENCDD - ok
09:38:36.0672 2552 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:38:36.0722 2552 RDPREFMP - ok
09:38:37.0002 2552 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
09:38:37.0052 2552 RDPWD - ok
09:38:37.0262 2552 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:38:37.0272 2552 rdyboost - ok
09:38:37.0412 2552 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:38:37.0512 2552 rspndr - ok
09:38:37.0712 2552 RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys
09:38:37.0832 2552 RSUSBSTOR - ok
09:38:38.0022 2552 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:38:38.0042 2552 sbp2port - ok
09:38:38.0262 2552 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:38:38.0352 2552 scfilter - ok
09:38:38.0782 2552 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:38:39.0002 2552 secdrv - ok
09:38:39.0262 2552 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:38:39.0322 2552 Serenum - ok
09:38:39.0532 2552 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:38:39.0602 2552 Serial - ok
09:38:39.0782 2552 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:38:39.0833 2552 sermouse - ok
09:38:40.0013 2552 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:38:40.0073 2552 sffdisk - ok
09:38:40.0193 2552 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:38:40.0253 2552 sffp_mmc - ok
09:38:40.0523 2552 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:38:40.0543 2552 sffp_sd - ok
09:38:40.0803 2552 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:38:40.0823 2552 sfloppy - ok
09:38:41.0163 2552 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:38:41.0173 2552 SiSRaid2 - ok
09:38:41.0413 2552 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:38:41.0423 2552 SiSRaid4 - ok
09:38:41.0703 2552 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:38:41.0793 2552 Smb - ok
09:38:42.0063 2552 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:38:42.0073 2552 spldr - ok
09:38:42.0323 2552 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:38:42.0423 2552 srv - ok
09:38:42.0834 2552 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:38:42.0964 2552 srv2 - ok
09:38:43.0184 2552 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:38:43.0234 2552 srvnet - ok
09:38:43.0534 2552 stdflt (c48e0745d33897c7a73394214f2b9b4f) C:\Windows\system32\DRIVERS\stdflt.sys
09:38:43.0544 2552 stdflt - ok
09:38:43.0804 2552 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:38:43.0814 2552 stexstor - ok
09:38:43.0974 2552 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:38:43.0984 2552 swenum - ok
09:38:44.0114 2552 SynTP (5aeec2bb8065b563adbc88ca22588953) C:\Windows\system32\DRIVERS\SynTP.sys
09:38:44.0134 2552 SynTP - ok
09:38:44.0544 2552 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
09:38:44.0854 2552 Tcpip - ok
09:38:45.0364 2552 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
09:38:45.0404 2552 TCPIP6 - ok
09:38:45.0624 2552 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:38:45.0724 2552 tcpipreg - ok
09:38:46.0025 2552 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:38:46.0145 2552 TDPIPE - ok
09:38:46.0325 2552 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:38:46.0415 2552 TDTCP - ok
09:38:46.0735 2552 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:38:46.0775 2552 tdx - ok
09:38:47.0025 2552 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:38:47.0045 2552 TermDD - ok
09:38:47.0285 2552 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:38:47.0375 2552 tssecsrv - ok
09:38:47.0695 2552 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:38:47.0805 2552 TsUsbFlt - ok
09:38:48.0165 2552 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:38:48.0255 2552 tunnel - ok
09:38:48.0485 2552 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:38:48.0495 2552 uagp35 - ok
09:38:48.0675 2552 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:38:48.0765 2552 udfs - ok
09:38:48.0896 2552 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:38:48.0916 2552 uliagpkx - ok
09:38:49.0076 2552 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:38:49.0126 2552 umbus - ok
09:38:49.0266 2552 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:38:49.0326 2552 UmPass - ok
09:38:49.0506 2552 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
09:38:49.0676 2552 USBAAPL64 - ok
09:38:49.0956 2552 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\Windows\system32\DRIVERS\lgx64bus.sys
09:38:50.0026 2552 usbbus - ok
09:38:50.0236 2552 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:38:50.0316 2552 usbccgp - ok
09:38:50.0536 2552 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:38:50.0616 2552 usbcir - ok
09:38:51.0056 2552 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\Windows\system32\DRIVERS\lgx64diag.sys
09:38:51.0106 2552 UsbDiag - ok
09:38:51.0386 2552 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
09:38:51.0456 2552 usbehci - ok
09:38:51.0606 2552 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:38:51.0726 2552 usbhub - ok
09:38:51.0916 2552 USBModem (f81055629778d33c9317b32e4d2b58db) C:\Windows\system32\DRIVERS\lgx64modem.sys
09:38:51.0966 2552 USBModem - ok
09:38:52.0166 2552 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
09:38:52.0216 2552 usbohci - ok
09:38:52.0376 2552 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:38:52.0446 2552 usbprint - ok
09:38:52.0616 2552 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:38:52.0746 2552 usbscan - ok
09:38:53.0137 2552 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:38:53.0307 2552 USBSTOR - ok
09:38:53.0487 2552 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
09:38:53.0557 2552 usbuhci - ok
09:38:53.0797 2552 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
09:38:53.0817 2552 usbvideo - ok
09:38:53.0977 2552 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:38:53.0987 2552 vdrvroot - ok
09:38:54.0237 2552 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:38:54.0257 2552 vga - ok
09:38:54.0447 2552 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:38:54.0547 2552 VgaSave - ok
09:38:54.0717 2552 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:38:54.0737 2552 vhdmp - ok
09:38:54.0977 2552 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:38:54.0987 2552 viaide - ok
09:38:55.0107 2552 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:38:55.0117 2552 volmgr - ok
09:38:55.0477 2552 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:38:55.0507 2552 volmgrx - ok
09:38:55.0837 2552 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:38:55.0857 2552 volsnap - ok
09:38:56.0088 2552 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:38:56.0098 2552 vsmraid - ok
09:38:56.0338 2552 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:38:56.0398 2552 vwifibus - ok
09:38:56.0658 2552 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:38:56.0708 2552 vwififlt - ok
09:38:57.0028 2552 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:38:57.0048 2552 vwifimp - ok
09:38:57.0238 2552 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:38:57.0278 2552 WacomPen - ok
09:38:57.0518 2552 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:38:57.0598 2552 WANARP - ok
09:38:57.0608 2552 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:38:57.0648 2552 Wanarpv6 - ok
09:38:57.0949 2552 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:38:57.0959 2552 Wd - ok
09:38:58.0879 2552 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:38:58.0930 2552 Wdf01000 - ok
09:38:59.0550 2552 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:38:59.0620 2552 WfpLwf - ok
09:39:00.0121 2552 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
09:39:00.0141 2552 WimFltr - ok
09:39:00.0331 2552 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:39:00.0351 2552 WIMMount - ok
09:39:00.0481 2552 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:39:00.0541 2552 WinUsb - ok
09:39:00.0851 2552 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:39:00.0931 2552 WmiAcpi - ok
09:39:01.0101 2552 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:39:01.0161 2552 ws2ifsl - ok
09:39:01.0241 2552 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:39:01.0311 2552 WudfPf - ok
09:39:01.0451 2552 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:39:01.0551 2552 WUDFRd - ok
09:39:01.0661 2552 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
09:39:01.0721 2552 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
09:39:01.0721 2552 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
09:39:01.0931 2552 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:39:01.0931 2552 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:39:01.0991 2552 Boot (0x1200) (cea9ba37098ecc594959bff086a0f308) \Device\Harddisk0\DR0\Partition0
09:39:02.0001 2552 \Device\Harddisk0\DR0\Partition0 - ok
09:39:02.0051 2552 Boot (0x1200) (ec5cb35cbe6e1b9862b28261cf2201ba) \Device\Harddisk0\DR0\Partition1
09:39:02.0051 2552 \Device\Harddisk0\DR0\Partition1 - ok
09:39:02.0051 2552 ============================================================
09:39:02.0051 2552 Scan finished
09:39:02.0051 2552 ============================================================
09:39:02.0061 1100 Detected object count: 2
09:39:02.0061 1100 Actual detected object count: 2
09:42:31.0691 1100 \Device\Harddisk0\DR0\# - copied to quarantine
09:42:31.0691 1100 \Device\Harddisk0\DR0 - copied to quarantine
09:42:32.0071 1100 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
09:42:32.0071 1100 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
09:42:32.0111 1100 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
09:42:32.0131 1100 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
09:42:32.0221 1100 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
09:42:32.0311 1100 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
09:42:32.0311 1100 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
09:42:32.0321 1100 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
09:42:32.0331 1100 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
09:42:32.0341 1100 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
09:42:32.0371 1100 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
09:42:32.0371 1100 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
09:42:32.0401 1100 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
09:42:32.0411 1100 \Device\Harddisk0\DR0 - ok
09:42:32.0441 1100 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
09:42:32.0441 1100 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:42:32.0441 1100 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:42:46.0228 4116 Deinitialize success
  • 0

#6
Essexboy
Posted 03 March 2012 - 11:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that should have cleared the blue screeen problem and the redirects - could you confirm that

Re-run TDSSKiller and select delete for the following item :

\Device\Harddisk0\DR0 ( TDSS File System )
  • 0

#7
xarmorivsleepx
Posted 03 March 2012 - 11:26 AM

xarmorivsleepx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK, I ran it again and deleted the specified file. Google no longer redirects, the blue screen problem was pretty random, but so far so good. Also I've noticed my laptop has gotten noticeably faster.

Edited by xarmorivsleepx, 03 March 2012 - 11:27 AM.

  • 0

#8
Essexboy
Posted 03 March 2012 - 11:28 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now sweep for orphans - can you let me know of any problems you are experiencing

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#9
xarmorivsleepx
Posted 03 March 2012 - 11:52 AM

xarmorivsleepx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Alright, done and here is the log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
armor :: ARMOR-PC [administrator]

3/3/2012 10:34:50 AM
mbam-log-2012-03-03 (10-34-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191169
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99b340f7-76e0-44ab-9948-b95a1b475d39} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d09094b3-b426-4f16-a6d9-e211fe222127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\AppID\GamevanceText.DLL (Adware.GameVance) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\armor\AppData\Roaming\Vyof\jyizk.exe (Trojan.VUPX.PTI2) -> Quarantined and deleted successfully.
C:\Program Files (x86)\4ares.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\temp\apxdloofmtdczmiwilzscp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\temp\ckthxvvsvlpzweobq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\temp\xeyqgifwwcdjrptavhencn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
  • 0

#10
Essexboy
Posted 03 March 2012 - 11:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks good the temp files were probably downloaded between the OTL fix and the TDSSKiller run

Any further problems ?
  • 0

Advertisements

#11
xarmorivsleepx
Posted 03 March 2012 - 11:59 AM

xarmorivsleepx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
So far I'm having none of the problems described before, and no new ones have occurred. I guess I just need some tips to help prevent this from happening in the future.
  • 0

#12
Essexboy
Posted 03 March 2012 - 12:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#13
xarmorivsleepx
Posted 03 March 2012 - 01:08 PM

xarmorivsleepx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Alright, I'm finished. I would really like to thank you for all the help you have given me, and for how quickly you were able to do it. Thank you very much.
  • 0

#14
Essexboy
Posted 03 March 2012 - 01:53 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure - this thread will remain open for a day or so if needed

Keep safe
  • 0

#15
xarmorivsleepx
Posted 03 March 2012 - 09:59 PM

xarmorivsleepx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I have one quick question as well, based on the infections you found on my laptop, do you recommend changing my passwords? Should I change them just to be safe? Again thank you.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP