Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Backdoor Trojan: please help!

Started by Guitarrulz , Mar 28 2012 07:37 PM

Please log in to reply

#1
Guitarrulz

Posted 28 March 2012 - 07:37 PM

Member

Member
10 posts

Hi, I'm having a lot of issues getting rid of a Backdoor Trojan and I'm no computer genius.

Kaspersky 2010 is saying that the Trojan program is: "Backdoor.Win32.Agent.fia", "HEUR:Backdoor.Win64.Generic"...etc. The location of the Trojan keeps changing so...maybe its multiplying?: "C:\Windows\assembly\temp\U\80000000.@", "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\sp.DLL", "C:\Windows\System32\consrv.dll",....ect.

Kaspersky tells me that I need to go through a special disinfection procedure and that the computer system will restart after its done...which it does. After the reboot, the infection still exist. Oh yeah, it seems that the deletion process deletes some important files that the computer needs to reboot. It never reboots properly and has to "fix/re-install" some files..then the system reboots again the the Trojan is still there...

I've download and ran Ati-Malware, AVG, and a couple of other programs while in safe mode and nothing seems to work.

Thank you very much for taking the time to help me!

Here is the OTL Report:

OTL logfile created on: 3/28/2012 6:18:28 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Guitarrulz\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.93 Gb Available Physical Memory | 65.50% Memory free
12.00 Gb Paging File | 9.99 Gb Available in Paging File | 83.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.04 Gb Total Space | 308.57 Gb Free Space | 67.96% Space Free | Partition Type: NTFS
Drive E: | 7.40 Gb Total Space | 7.19 Gb Free Space | 97.17% Space Free | Partition Type: FAT32

Computer Name: GUITARRULZ-PC | User Name: Guitarrulz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/28 18:18:00 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Guitarrulz\Downloads\OTL.exe
PRC - [2012/03/26 09:43:34 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/05 17:51:52 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/15 01:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/11/20 05:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/07 20:00:08 | 002,861,624 | ---- | M] (ASUSTek.) -- C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
PRC - [2009/04/07 10:34:26 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/03/20 21:37:18 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/03/04 11:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/02/10 17:51:18 | 000,113,208 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
PRC - [2009/02/06 17:57:18 | 000,072,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
PRC - [2008/12/22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/10/14 17:13:24 | 002,987,008 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
PRC - [2008/09/30 18:52:44 | 001,025,536 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
PRC - [2008/08/13 21:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/08/13 21:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 17:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/06/17 23:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/04/01 00:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2008/03/24 22:39:18 | 000,322,104 | ---- | M] (ASUSTek.) -- C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
PRC - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/11/20 14:44:30 | 001,145,400 | ---- | M] (ASUS) -- C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
PRC - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 13:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/26 09:43:33 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/03/25 22:13:58 | 000,078,848 | ---- | M] () -- c:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\sp.DLL
MOD - [2012/02/18 17:49:56 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010/11/20 05:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 05:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2008/10/14 17:13:24 | 002,987,008 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
MOD - [2008/09/30 18:52:44 | 001,025,536 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
MOD - [2008/05/28 22:40:38 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\OLED.dll
MOD - [2008/05/28 22:39:48 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\SysInfo.dll
MOD - [2008/05/22 22:24:10 | 000,045,056 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\atkmethod.dll
MOD - [2008/02/18 23:32:46 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\OvrClk.dll
MOD - [2008/02/16 23:08:46 | 000,950,272 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\OcSetting.dll
MOD - [2007/12/27 17:04:42 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\LED.dll
MOD - [2007/12/11 17:07:28 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\OUTLOOK.dll
MOD - [2007/12/07 16:32:02 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\MSN.dll
MOD - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007/11/19 14:54:20 | 000,188,416 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswsysmon.dll
MOD - [2007/11/19 12:11:58 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswcore.dll
MOD - [2007/09/06 15:05:00 | 000,081,920 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswobj.dll
MOD - [2007/08/02 10:53:06 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswresmgr.dll
MOD - [2007/07/24 15:41:10 | 000,049,152 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ResItf.dll
MOD - [2007/06/19 12:38:08 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswui.dll
MOD - [2007/06/15 11:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/01 18:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
MOD - [2007/05/14 15:07:14 | 000,009,728 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\LogonStartup.dll
MOD - [2007/05/14 12:10:40 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswgblset.dll
MOD - [2007/03/09 17:16:52 | 000,106,496 | ---- | M] () -- C:\Program Files\ATKGFNEX\AGFNEX.dll
MOD - [2006/12/09 10:34:36 | 000,139,264 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipsw_cfgmgr.dll
MOD - [2006/12/07 10:29:06 | 000,007,168 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\iphelper.dll
MOD - [2006/12/06 17:55:32 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswhlp.dll
MOD - [2006/12/06 17:55:22 | 000,086,016 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswds.dll
MOD - [2006/12/06 17:42:26 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\cxcmrt.dll
MOD - [2005/05/11 16:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\pngio.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (vsbus)
SRV:64bit: - [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (StickyMesger)
SRV:64bit: - [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (digirefresh)
SRV:64bit: - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV:64bit: - [2007/08/03 13:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2012/03/25 22:13:58 | 000,078,848 | ---- | M] () [Auto | Running] -- c:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\sp.DLL -- (SPService)
SRV - [2012/01/05 19:50:57 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/15 01:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/06 17:57:18 | 000,072,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe -- (WBVGAservice)
SRV - [2008/08/13 21:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/05 19:50:57 | 000,330,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/01/05 19:50:57 | 000,156,688 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/01/05 17:42:21 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/06/27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/16 21:59:30 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/05/15 19:50:26 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/04/01 18:46:40 | 000,016,440 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/02/11 02:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/12/15 21:41:52 | 000,038,416 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2008/11/03 00:03:28 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/08/20 23:39:14 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV:64bit: - [2008/08/10 19:14:02 | 001,820,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2008/05/01 22:59:48 | 000,166,912 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/02/15 19:27:18 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/01/23 22:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2007/07/27 20:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 21:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 12:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/27 06:01:08 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=ASUS&bmod=ASUS
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/26 11:22:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2012/03/26 11:21:48 | 000,000,000 | ---D | M]

[2012/01/05 19:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guitarrulz\AppData\Roaming\Mozilla\Extensions
[2012/03/28 18:06:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guitarrulz\AppData\Roaming\Mozilla\Firefox\Profiles\41kqjwes.default\extensions
[2012/03/28 18:06:01 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Guitarrulz\AppData\Roaming\Mozilla\Firefox\Profiles\41kqjwes.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/03/26 11:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/26 11:21:49 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/03/26 09:43:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/07 16:22:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/07 16:22:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CloudCare] C:\Program Files (x86)\Bsecure\BsecTray.exe File not found
O4 - HKLM..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Turbo Gear] C:\Program Files\ASUS\Turbo Gear\TurboGear.exe ()
O4 - HKLM..\Run: [Turbo Gear Help] C:\Program Files\ASUS\Turbo Gear\GearHelp.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B45AF7C-BF3C-4D35-86D3-4DBE0BDC959C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/28 17:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/03/28 17:58:05 | 000,000,000 | ---D | C] -- C:\Users\Guitarrulz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/03/26 09:51:49 | 000,000,000 | ---D | C] -- C:\Users\Guitarrulz\AppData\Roaming\AVG2012
[2012/03/26 09:50:30 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/03/26 09:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/03/26 09:50:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/03/26 09:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/03/26 09:46:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/03/26 09:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/03/26 08:20:49 | 000,000,000 | ---D | C] -- C:\Users\Guitarrulz\AppData\Roaming\Malwarebytes
[2012/03/26 08:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/26 08:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/26 07:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/26 07:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/25 21:42:49 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/03/09 16:50:23 | 000,000,000 | ---D | C] -- C:\Users\Guitarrulz\Documents\TurboTax
[2012/03/09 16:49:09 | 000,000,000 | ---D | C] -- C:\Users\Guitarrulz\AppData\Roaming\Intuit
[2012/03/09 16:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2010
[2012/03/09 16:46:50 | 000,000,000 | ---D | C] -- C:\Users\Guitarrulz\AppData\Local\IsolatedStorage
[2012/03/09 16:46:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2012/03/09 16:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax
[2012/03/09 16:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2012/03/09 12:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/09 12:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/09 12:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

========== Files - Modified Within 30 Days ==========

[2012/03/28 17:58:15 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/28 17:58:15 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/28 17:58:15 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/28 17:58:06 | 000,002,999 | ---- | M] () -- C:\Users\Guitarrulz\Desktop\HiJackThis.lnk
[2012/03/28 17:57:08 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/28 17:57:08 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/28 17:52:02 | 000,000,278 | -HS- | M] () -- C:\Windows\klif.spi
[2012/03/28 17:50:26 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/03/28 17:49:42 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/03/28 17:49:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/28 17:48:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/28 17:48:30 | 536,109,055 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/27 18:41:20 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/13 17:28:43 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/13 16:17:58 | 000,350,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/09 17:27:38 | 000,454,415 | ---- | M] () -- C:\Users\Guitarrulz\Desktop\2011 Tax POST amend.pdf
[2012/03/09 16:54:02 | 000,284,144 | ---- | M] () -- C:\Users\Guitarrulz\Desktop\2011 Tax PRE amend.pdf
[2012/03/09 16:51:03 | 000,143,045 | ---- | M] () -- C:\Users\Guitarrulz\Desktop\df697d0e-8939-4230-9c62-d2d3a5b98e86.pdf
[2012/03/09 16:48:01 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2010.lnk
[2012/03/09 12:50:01 | 000,000,628 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2012/03/09 12:49:09 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/03/28 17:58:06 | 000,002,999 | ---- | C] () -- C:\Users\Guitarrulz\Desktop\HiJackThis.lnk
[2012/03/28 17:51:13 | 000,000,278 | -HS- | C] () -- C:\Windows\klif.spi
[2012/03/25 21:43:55 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/03/09 17:27:38 | 000,454,415 | ---- | C] () -- C:\Users\Guitarrulz\Desktop\2011 Tax POST amend.pdf
[2012/03/09 16:54:02 | 000,284,144 | ---- | C] () -- C:\Users\Guitarrulz\Desktop\2011 Tax PRE amend.pdf
[2012/03/09 16:51:03 | 000,143,045 | ---- | C] () -- C:\Users\Guitarrulz\Desktop\df697d0e-8939-4230-9c62-d2d3a5b98e86.pdf
[2012/03/09 16:48:01 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2010.lnk
[2012/03/09 12:49:09 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/02 04:56:30 | 000,145,920 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/05 22:28:29 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/05 17:51:57 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2012/01/05 17:46:08 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/01/05 17:46:08 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2012/03/27 21:02:45 | 000,000,000 | ---D | M] -- C:\Users\Guitarrulz\AppData\Roaming\AVG2012
[2012/02/05 15:27:10 | 000,000,000 | ---D | M] -- C:\Users\Guitarrulz\AppData\Roaming\Garmin
[2009/07/13 22:08:49 | 000,016,406 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/28 17:50:26 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job

========== Purity Check ==========

< End of report >

#2
RKinner

Posted 29 March 2012 - 12:24 AM

Malware Expert

Expert
24,623 posts

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Allow the Avast Engine)
On completion of the scan, if the Fix button is enabled (not the FixMBR button) then click on it, click save log, save it to your desktop and post in your next reply

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Copy the text in the code box:


nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#3
Guitarrulz

Posted 29 March 2012 - 05:44 AM

Member

Topic Starter
Member
10 posts

Ron,

Thank you very much for replying to my post.

I was able to complete the first task: Saved ComboFix on my desktop (followed all the specific instructions) and then saved the log on my desktop too.

Next, I downloaded TDSSKiller which went through the process and found one malware for deletion. I restarted my computer and it didn't reboot properly. It brought up the same Startup Repair window and did a data restore of some sort. After the restore was complete, the computer rebooted and I was able to log back into my computer. The only problem is that the two programs and the log was missing/deleted.

My thought (again, not the expert here)... The computer seems to restore itself to the last known "good" restore point. This last known good restore point has the malware which continues the cycle of infection...again, this only happens when the malware is found, deleted, and needs a reboot in order for deletion.

How would you like me to proceed?

Again, I appreciate your help and time!

#4
RKinner

Posted 29 March 2012 - 10:28 AM

Malware Expert

Expert
24,623 posts

I need the combofix log so run it again if you don't have its log.

Go on with aswMBR and let's see what it says.

#5
Guitarrulz

Posted 29 March 2012 - 03:17 PM

Member

Topic Starter
Member
10 posts

Here you go:

ComboFix:

ComboFix 12-03-29.02 - Guitarrulz 03/29/2012 13:54:41.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4744 [GMT -7:00]
Running from: c:\users\Guitarrulz\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Internet Security *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
FW: Kaspersky Internet Security *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Kaspersky Internet Security *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 21:00 . 2012-03-29 21:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-29 21:00 . 2012-03-29 21:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 11:13 . 2012-03-29 11:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 00:58 . 2012-03-29 00:58 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-26 16:51 . 2012-03-28 04:02 -------- d-----w- c:\users\Guitarrulz\AppData\Roaming\AVG2012
2012-03-26 16:50 . 2012-03-28 04:02 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-26 16:50 . 2012-03-26 16:57 -------- d-----w- c:\programdata\AVG2012
2012-03-26 16:50 . 2012-03-26 16:50 -------- d-----w- C:\$AVG
2012-03-26 16:49 . 2012-03-26 18:21 -------- d-----w- c:\program files (x86)\AVG
2012-03-26 16:46 . 2012-03-26 16:46 -------- d--h--w- c:\programdata\Common Files
2012-03-26 16:46 . 2012-03-29 12:21 -------- d-----w- c:\programdata\MFAData
2012-03-26 16:43 . 2012-03-26 16:43 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-26 16:43 . 2012-03-26 16:43 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-26 15:20 . 2012-03-26 15:20 -------- d-----w- c:\users\Guitarrulz\AppData\Roaming\Malwarebytes
2012-03-26 15:20 . 2012-03-29 01:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-26 15:20 . 2012-03-26 15:20 -------- d-----w- c:\programdata\Malwarebytes
2012-03-26 14:52 . 2012-03-26 15:17 -------- d-----w- c:\programdata\AVAST Software
2012-03-26 14:52 . 2012-03-26 15:17 -------- d-----w- c:\program files\AVAST Software
2012-03-09 23:49 . 2012-03-29 12:18 -------- d-----w- c:\users\Guitarrulz\AppData\Roaming\Intuit
2012-03-09 23:46 . 2012-03-09 23:46 -------- d-----w- c:\users\Guitarrulz\AppData\Local\IsolatedStorage
2012-03-09 23:46 . 2012-03-26 18:21 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-03-09 23:46 . 2012-03-26 18:21 -------- d-----w- c:\program files (x86)\TurboTax
2012-03-09 23:46 . 2012-03-29 12:17 -------- d-----w- c:\programdata\Intuit
2012-03-09 20:25 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E927522-DD92-4C80-8BE0-DA593A35FA04}\mpengine.dll
2012-03-09 19:48 . 2012-03-26 18:21 -------- d-----w- c:\program files\iPod
2012-03-09 19:48 . 2012-03-26 18:21 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 17:18 . 2012-01-06 02:15 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 00:49 . 2012-01-06 07:44 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 08:26 . 2012-02-15 08:26 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-15 08:26 . 2012-02-15 08:26 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-15 08:26 . 2012-02-15 08:26 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-15 08:26 . 2012-02-15 08:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-15 08:26 . 2012-02-15 08:26 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-15 08:26 . 2012-02-15 08:26 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-15 08:26 . 2012-02-15 08:26 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-15 08:26 . 2012-02-15 08:26 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-15 08:26 . 2012-02-15 08:26 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-15 08:26 . 2012-02-15 08:26 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-15 08:26 . 2012-02-15 08:26 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-15 08:26 . 2012-02-15 08:26 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-15 08:26 . 2012-02-15 08:26 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-15 08:26 . 2012-02-15 08:26 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-15 08:26 . 2012-02-15 08:26 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-15 08:26 . 2012-02-15 08:26 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-15 08:26 . 2012-02-15 08:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-15 08:26 . 2012-02-15 08:26 448512 ----a-w- c:\windows\system32\html.iec
2012-02-15 08:26 . 2012-02-15 08:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-15 08:26 . 2012-02-15 08:26 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-15 08:26 . 2012-02-15 08:26 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-15 08:26 . 2012-02-15 08:26 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-15 08:26 . 2012-02-15 08:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-15 08:26 . 2012-02-15 08:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 08:26 . 2012-02-15 08:26 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-15 08:26 . 2012-02-15 08:26 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-02-15 08:26 . 2012-02-15 08:26 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-15 08:26 . 2012-02-15 08:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-15 08:26 . 2012-02-15 08:26 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-15 08:26 . 2012-02-15 08:26 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-15 08:26 . 2012-02-15 08:26 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-15 08:26 . 2012-02-15 08:26 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-15 08:26 . 2012-02-15 08:26 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-15 08:26 . 2012-02-15 08:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-15 08:26 . 2012-02-15 08:26 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-15 08:26 . 2012-02-15 08:26 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-15 08:26 . 2012-02-15 08:26 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-15 08:26 . 2012-02-15 08:26 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-15 08:26 . 2012-02-15 08:26 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-15 08:26 . 2012-02-15 08:26 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-15 08:26 . 2012-02-15 08:26 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-15 08:26 . 2012-02-15 08:26 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-23 23:49 . 2012-01-23 23:49 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-14 04:06 . 2012-02-20 05:05 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-06 18:16 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-06 18:16 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-06 07:00 . 2009-08-18 20:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-01-06 07:00 . 2009-08-18 19:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-06 02:50 . 2009-05-24 23:30 156688 ----a-w- c:\windows\system32\drivers\kl1.sys
2012-01-06 00:51 . 2012-01-06 00:51 47672 ----a-w- c:\windows\AsScrProlog.exe
2012-01-06 00:51 . 2012-01-06 00:51 4814371 ----a-w- c:\windows\ASUS Camera ScreenSaver.exe
2012-01-06 00:51 . 2012-01-06 00:51 281144 ----a-w- c:\windows\ASUS Camera ScreenSaver Uninstaller.exe
2012-01-06 00:51 . 2012-01-06 00:51 520192 ----a-w- c:\windows\SysWow64\Asus_Camera_ScreenSaver.scr
2012-01-06 00:51 . 2012-01-06 00:51 3054136 ----a-w- c:\windows\AsScrPro.exe
2012-01-06 00:42 . 2012-01-06 00:42 35384 ----a-w- c:\windows\system32\drivers\AsDsm.sys
2012-01-06 00:37 . 2012-01-06 00:37 525792 ----a-w- c:\windows\DIFxAPI.dll
2012-01-04 10:44 . 2012-02-20 05:05 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-20 05:05 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-29_20.34.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-06 07:57 . 2012-03-29 20:46 32304 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-29 20:46 39168 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-18 19:35 . 2012-03-29 20:43 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-01-18 19:35 . 2012-03-29 11:13 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-01-06 07:57 . 2012-03-29 20:46 9212 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-923135465-3537770601-534353817-1000_UserData.bin
+ 2012-03-29 20:44 . 2012-03-29 20:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-29 20:31 . 2012-03-29 20:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-29 20:31 . 2012-03-29 20:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-29 20:44 . 2012-03-29 20:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-03-29 20:14 660318 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-29 20:53 660318 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-29 20:53 121214 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-29 20:14 121214 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-29 20:31 316384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-29 20:43 316384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-06 04:25 . 2012-03-29 20:31 8811516 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-923135465-3537770601-534353817-1000-12288.dat
+ 2012-01-06 04:25 . 2012-03-29 20:43 8811516 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-923135465-3537770601-534353817-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ADSMTray"="c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2012-01-06 47672]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-01-06 3054136]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-08 2861624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"Turbo Gear"="c:\program files\ASUS\Turbo Gear\TurboGear.exe" [2008-10-15 2987008]
"Turbo Gear Help"="c:\program files\ASUS\Turbo Gear\GearHelp.exe" [2008-10-01 1025536]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2012-01-06 311680]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"CloudCare"="c:\program files (x86)\Bsecure\BsecTray.exe" [BU]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-12 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-12 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-07 72248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LULLABY
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-12 12:31]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-12 12:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-04-28 7731232]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_Dlls"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vsbus
SrvcEPECioctl
ATIVXSTW
StickyMesger
digirefresh
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Guitarrulz\AppData\Roaming\Mozilla\Firefox\Profiles\41kqjwes.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-923135465-3537770601-534353817-1000\Software\SecuROM\License information*]
"datasecu"=hex:62,5b,72,84,bf,17,2c,45,63,1d,84,41,f0,87,30,e4,70,92,1d,ff,f7,
d2,c9,5b,b9,cb,d2,a4,5a,17,e8,5f,10,1a,9a,36,63,5c,06,9a,ba,88,0b,ad,7b,1c,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-29 14:03:30
ComboFix-quarantined-files.txt 2012-03-29 21:03
ComboFix2.txt 2012-03-29 20:39
ComboFix3.txt 2012-03-29 11:06
.
Pre-Run: 328,823,402,496 bytes free
Post-Run: 328,769,929,216 bytes free
.
- - End Of File - - F8FB55D2F97CB65FE8635F0C6B9C1651

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-29 14:11:32
-----------------------------
14:11:32.508 OS Version: Windows x64 6.1.7601 Service Pack 1
14:11:32.508 Number of processors: 2 586 0x170A
14:11:32.509 ComputerName: GUITARRULZ-PC UserName: Guitarrulz
14:11:33.746 Initialize success
14:12:21.026 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:12:21.028 Disk 0 Vendor: ST950032 0002 Size: 476940MB BusType: 3
14:12:21.034 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
14:12:21.036 Disk 1 Vendor: ( Size: 7582MB BusType: 12
14:12:21.243 Disk 0 MBR read successfully
14:12:21.245 Disk 0 MBR scan
14:12:21.247 Disk 0 Windows 7 default MBR code
14:12:21.320 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 12001 MB offset 63
14:12:21.528 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 464937 MB offset 24580096
14:12:21.545 Disk 0 scanning C:\Windows\system32\drivers
14:12:31.271 Service scanning
14:12:51.556 Modules scanning
14:12:51.565 Scan finished successfully
14:14:22.151 Disk 0 MBR has been saved successfully to "C:\Users\Guitarrulz\Desktop\MBR.dat"
14:14:22.158 The log file has been saved successfully to "C:\Users\Guitarrulz\Desktop\aswMBR.txt"

#6
RKinner

Posted 29 March 2012 - 03:45 PM

Malware Expert

Expert
24,623 posts

aswMBR should have offered a download of the Avast Engine which you need to accept. Please try it again. Maybe pause Kaspersky while you run it.

Can you run TDSSKiller and tell it to SKIP anything it finds so we can get a log?

#7
Guitarrulz

Posted 29 March 2012 - 07:06 PM

Member

Topic Starter
Member
10 posts

for some reason when I ran TDSSKiller, the report didn't pop up. So I copied what was in the "report" section at the top right of the program after running the it.

TDSSKiller:

17:56:12.0524 1488 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
17:56:13.0009 1488 ============================================================
17:56:13.0009 1488 Current date / time: 2012/03/29 17:56:13.0009
17:56:13.0009 1488 SystemInfo:
17:56:13.0009 1488
17:56:13.0009 1488 OS Version: 6.1.7601 ServicePack: 1.0
17:56:13.0009 1488 Product type: Workstation
17:56:13.0009 1488 ComputerName: GUITARRULZ-PC
17:56:13.0009 1488 UserName: Guitarrulz
17:56:13.0009 1488 Windows directory: C:\Windows
17:56:13.0009 1488 System windows directory: C:\Windows
17:56:13.0009 1488 Running under WOW64
17:56:13.0009 1488 Processor architecture: Intel x64
17:56:13.0009 1488 Number of processors: 2
17:56:13.0009 1488 Page size: 0x1000
17:56:13.0009 1488 Boot type: Normal boot
17:56:13.0009 1488 ============================================================
17:56:13.0470 1488 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:56:13.0476 1488 \Device\Harddisk0\DR0:
17:56:13.0476 1488 MBR used
17:56:13.0476 1488 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1771000, BlocksNum 0x38C14800
17:56:13.0524 1488 Initialize success
17:56:13.0524 1488 ============================================================
17:56:31.0086 5096 ============================================================
17:56:31.0087 5096 Scan started
17:56:31.0087 5096 Mode: Manual; SigCheck; TDLFS;
17:56:31.0087 5096 ============================================================
17:56:31.0431 5096 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:56:31.0501 5096 1394ohci - ok
17:56:31.0569 5096 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:56:31.0588 5096 ACPI - ok
17:56:31.0712 5096 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:56:31.0739 5096 AcpiPmi - ok
17:56:31.0804 5096 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:56:31.0831 5096 adp94xx - ok
17:56:31.0963 5096 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:56:31.0988 5096 adpahci - ok
17:56:32.0035 5096 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:56:32.0049 5096 adpu320 - ok
17:56:32.0168 5096 ADSMService (c0bf554d2277f7a4c735d475ade2e3b2) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
17:56:32.0177 5096 ADSMService ( UnsignedFile.Multi.Generic ) - warning
17:56:32.0177 5096 ADSMService - detected UnsignedFile.Multi.Generic (1)
17:56:32.0282 5096 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:56:32.0333 5096 AeLookupSvc - ok
17:56:32.0420 5096 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:56:32.0449 5096 AFD - ok
17:56:32.0502 5096 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:56:32.0516 5096 agp440 - ok
17:56:32.0566 5096 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:56:32.0582 5096 ALG - ok
17:56:32.0673 5096 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:56:32.0691 5096 aliide - ok
17:56:32.0714 5096 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:56:32.0727 5096 amdide - ok
17:56:32.0774 5096 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:56:32.0789 5096 AmdK8 - ok
17:56:32.0823 5096 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:56:32.0839 5096 AmdPPM - ok
17:56:32.0904 5096 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:56:32.0924 5096 amdsata - ok
17:56:32.0978 5096 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:56:32.0993 5096 amdsbs - ok
17:56:33.0012 5096 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:56:33.0024 5096 amdxata - ok
17:56:33.0085 5096 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:56:33.0120 5096 AppID - ok
17:56:33.0170 5096 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:56:33.0214 5096 AppIDSvc - ok
17:56:33.0280 5096 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:56:33.0316 5096 Appinfo - ok
17:56:33.0490 5096 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:56:33.0508 5096 Apple Mobile Device - ok
17:56:33.0659 5096 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:56:33.0678 5096 arc - ok
17:56:33.0712 5096 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:56:33.0725 5096 arcsas - ok
17:56:33.0782 5096 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
17:56:33.0818 5096 AsDsm - ok
17:56:33.0929 5096 ASLDRService (eb1807795cd3eeaa3288b4a30de254e8) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
17:56:33.0945 5096 ASLDRService - ok
17:56:34.0028 5096 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
17:56:34.0043 5096 ASMMAP64 - ok
17:56:34.0182 5096 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:56:34.0200 5096 aspnet_state - ok
17:56:34.0286 5096 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:56:34.0328 5096 AsyncMac - ok
17:56:34.0387 5096 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:56:34.0405 5096 atapi - ok
17:56:34.0558 5096 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
17:56:34.0605 5096 athr - ok
17:56:34.0712 5096 ATKGFNEXSrv (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
17:56:34.0720 5096 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
17:56:34.0720 5096 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
17:56:34.0858 5096 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:56:34.0903 5096 AudioEndpointBuilder - ok
17:56:34.0926 5096 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:56:34.0966 5096 AudioSrv - ok
17:56:35.0068 5096 AVP (80b7a5958416e87f1a52d48179881a7f) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
17:56:35.0088 5096 AVP - ok
17:56:35.0248 5096 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:56:35.0274 5096 AxInstSV - ok
17:56:35.0365 5096 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:56:35.0391 5096 b06bdrv - ok
17:56:35.0449 5096 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:56:35.0475 5096 b57nd60a - ok
17:56:35.0529 5096 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:56:35.0553 5096 BDESVC - ok
17:56:35.0611 5096 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:56:35.0651 5096 Beep - ok
17:56:35.0754 5096 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:56:35.0794 5096 BFE - ok
17:56:35.0855 5096 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
17:56:35.0903 5096 BITS - ok
17:56:36.0040 5096 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:56:36.0063 5096 blbdrive - ok
17:56:36.0156 5096 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:56:36.0178 5096 Bonjour Service - ok
17:56:36.0292 5096 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:56:36.0314 5096 bowser - ok
17:56:36.0360 5096 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:56:36.0383 5096 BrFiltLo - ok
17:56:36.0395 5096 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:56:36.0412 5096 BrFiltUp - ok
17:56:36.0470 5096 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:56:36.0514 5096 BridgeMP - ok
17:56:36.0580 5096 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:56:36.0618 5096 Browser - ok
17:56:36.0678 5096 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:56:36.0705 5096 Brserid - ok
17:56:36.0721 5096 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:56:36.0738 5096 BrSerWdm - ok
17:56:36.0813 5096 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:56:36.0839 5096 BrUsbMdm - ok
17:56:36.0856 5096 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:56:36.0872 5096 BrUsbSer - ok
17:56:36.0996 5096 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:56:37.0023 5096 BTHMODEM - ok
17:56:37.0080 5096 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:56:37.0122 5096 bthserv - ok
17:56:37.0154 5096 catchme - ok
17:56:37.0215 5096 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:56:37.0261 5096 cdfs - ok
17:56:37.0327 5096 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:56:37.0347 5096 cdrom - ok
17:56:37.0390 5096 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:56:37.0424 5096 CertPropSvc - ok
17:56:37.0495 5096 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:56:37.0520 5096 circlass - ok
17:56:37.0556 5096 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:56:37.0572 5096 CLFS - ok
17:56:37.0651 5096 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:56:37.0668 5096 clr_optimization_v2.0.50727_32 - ok
17:56:37.0727 5096 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:56:37.0745 5096 clr_optimization_v2.0.50727_64 - ok
17:56:37.0904 5096 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:56:37.0923 5096 clr_optimization_v4.0.30319_32 - ok
17:56:37.0969 5096 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:56:37.0987 5096 clr_optimization_v4.0.30319_64 - ok
17:56:38.0115 5096 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:56:38.0137 5096 CmBatt - ok
17:56:38.0161 5096 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:56:38.0173 5096 cmdide - ok
17:56:38.0217 5096 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:56:38.0252 5096 CNG - ok
17:56:38.0326 5096 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:56:38.0345 5096 Compbatt - ok
17:56:38.0397 5096 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:56:38.0421 5096 CompositeBus - ok
17:56:38.0448 5096 COMSysApp - ok
17:56:38.0485 5096 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:56:38.0497 5096 crcdisk - ok
17:56:38.0563 5096 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:56:38.0598 5096 CryptSvc - ok
17:56:38.0645 5096 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:56:38.0686 5096 DcomLaunch - ok
17:56:38.0733 5096 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:56:38.0776 5096 defragsvc - ok
17:56:38.0841 5096 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:56:38.0885 5096 DfsC - ok
17:56:38.0982 5096 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:56:39.0031 5096 Dhcp - ok
17:56:39.0078 5096 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:56:39.0123 5096 discache - ok
17:56:39.0207 5096 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:56:39.0227 5096 Disk - ok
17:56:39.0283 5096 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:56:39.0301 5096 Dnscache - ok
17:56:39.0348 5096 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:56:39.0395 5096 dot3svc - ok
17:56:39.0458 5096 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:56:39.0507 5096 DPS - ok
17:56:39.0579 5096 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:56:39.0599 5096 drmkaud - ok
17:56:39.0657 5096 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:56:39.0688 5096 DXGKrnl - ok
17:56:39.0734 5096 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:56:39.0781 5096 EapHost - ok
17:56:39.0897 5096 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:56:39.0949 5096 ebdrv - ok
17:56:39.0976 5096 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:56:39.0993 5096 EFS - ok
17:56:40.0076 5096 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:56:40.0105 5096 ehRecvr - ok
17:56:40.0139 5096 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:56:40.0155 5096 ehSched - ok
17:56:40.0213 5096 EIO_XP - ok
17:56:40.0279 5096 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:56:40.0307 5096 elxstor - ok
17:56:40.0412 5096 enecir (3a70dc8951b995c73a22b9a23210833e) C:\Windows\system32\DRIVERS\enecir.sys
17:56:40.0431 5096 enecir - ok
17:56:40.0545 5096 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:56:40.0569 5096 ErrDev - ok
17:56:40.0620 5096 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:56:40.0676 5096 EventSystem - ok
17:56:40.0721 5096 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:56:40.0757 5096 exfat - ok
17:56:40.0800 5096 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:56:40.0837 5096 fastfat - ok
17:56:40.0895 5096 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:56:40.0917 5096 Fax - ok
17:56:40.0985 5096 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:56:41.0008 5096 fdc - ok
17:56:41.0066 5096 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:56:41.0125 5096 fdPHost - ok
17:56:41.0136 5096 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:56:41.0172 5096 FDResPub - ok
17:56:41.0226 5096 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:56:41.0242 5096 FileInfo - ok
17:56:41.0264 5096 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:56:41.0300 5096 Filetrace - ok
17:56:41.0371 5096 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:56:41.0392 5096 flpydisk - ok
17:56:41.0438 5096 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:56:41.0453 5096 FltMgr - ok
17:56:41.0507 5096 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:56:41.0543 5096 FontCache - ok
17:56:41.0639 5096 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:56:41.0655 5096 FontCache3.0.0.0 - ok
17:56:41.0742 5096 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:56:41.0756 5096 FsDepends - ok
17:56:41.0771 5096 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:56:41.0784 5096 Fs_Rec - ok
17:56:41.0891 5096 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:56:41.0917 5096 fvevol - ok
17:56:41.0971 5096 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:56:41.0990 5096 gagp30kx - ok
17:56:42.0093 5096 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:56:42.0108 5096 GEARAspiWDM - ok
17:56:42.0224 5096 ghaio (7d66ebde8b7f9b4e00beefeee82670d4) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
17:56:42.0238 5096 ghaio - ok
17:56:42.0352 5096 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:56:42.0403 5096 gpsvc - ok
17:56:42.0538 5096 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:56:42.0555 5096 gupdate - ok
17:56:42.0593 5096 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:56:42.0609 5096 gupdatem - ok
17:56:42.0723 5096 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:56:42.0746 5096 hcw85cir - ok
17:56:42.0804 5096 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:56:42.0832 5096 HDAudBus - ok
17:56:42.0870 5096 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:56:42.0885 5096 HidBatt - ok
17:56:42.0906 5096 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:56:42.0924 5096 HidBth - ok
17:56:42.0968 5096 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:56:42.0985 5096 HidIr - ok
17:56:43.0028 5096 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:56:43.0064 5096 hidserv - ok
17:56:43.0167 5096 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:56:43.0189 5096 HidUsb - ok
17:56:43.0260 5096 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:56:43.0314 5096 hkmsvc - ok
17:56:43.0376 5096 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:56:43.0404 5096 HomeGroupListener - ok
17:56:43.0442 5096 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:56:43.0471 5096 HomeGroupProvider - ok
17:56:43.0528 5096 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:56:43.0547 5096 HpSAMD - ok
17:56:43.0608 5096 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:56:43.0658 5096 HTTP - ok
17:56:43.0699 5096 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:56:43.0718 5096 hwpolicy - ok
17:56:43.0841 5096 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:56:43.0866 5096 i8042prt - ok
17:56:43.0926 5096 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\DRIVERS\iaStor.sys
17:56:43.0945 5096 iaStor - ok
17:56:44.0008 5096 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:56:44.0032 5096 iaStorV - ok
17:56:44.0133 5096 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:56:44.0158 5096 idsvc - ok
17:56:44.0292 5096 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:56:44.0311 5096 iirsp - ok
17:56:44.0385 5096 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:56:44.0439 5096 IKEEXT - ok
17:56:44.0559 5096 IntcAzAudAddService (f5aa166953fc4c03503e1345ef2d429a) C:\Windows\system32\drivers\RTKVHD64.sys
17:56:44.0604 5096 IntcAzAudAddService - ok
17:56:44.0633 5096 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:56:44.0645 5096 intelide - ok
17:56:44.0746 5096 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:56:44.0769 5096 intelppm - ok
17:56:44.0899 5096 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
17:56:44.0909 5096 IntuitUpdateService - ok
17:56:45.0017 5096 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:56:45.0065 5096 IPBusEnum - ok
17:56:45.0122 5096 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:56:45.0174 5096 IpFilterDriver - ok
17:56:45.0279 5096 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:56:45.0332 5096 iphlpsvc - ok
17:56:45.0358 5096 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:56:45.0374 5096 IPMIDRV - ok
17:56:45.0436 5096 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:56:45.0483 5096 IPNAT - ok
17:56:45.0575 5096 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
17:56:45.0601 5096 iPod Service - ok
17:56:45.0706 5096 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:56:45.0735 5096 IRENUM - ok
17:56:45.0806 5096 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:56:45.0825 5096 isapnp - ok
17:56:45.0853 5096 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:56:45.0869 5096 iScsiPrt - ok
17:56:45.0916 5096 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:56:45.0935 5096 kbdclass - ok
17:56:46.0045 5096 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:56:46.0069 5096 kbdhid - ok
17:56:46.0103 5096 kbfiltr (6cc3a43b3c898bc360a89b75c128b05d) C:\Windows\system32\DRIVERS\kbfiltr.sys
17:56:46.0117 5096 kbfiltr - ok
17:56:46.0150 5096 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:56:46.0167 5096 KeyIso - ok
17:56:46.0306 5096 kl1 (ae1589b6bf163797514cd90924361e29) C:\Windows\system32\DRIVERS\kl1.sys
17:56:46.0324 5096 kl1 - ok
17:56:46.0379 5096 KLBG (3b11e0c94599aadc172f977a3d4b2b33) C:\Windows\system32\DRIVERS\klbg.sys
17:56:46.0395 5096 KLBG - ok
17:56:46.0459 5096 KLIF (e692707f4e1bb2240b232d911ae4c5c5) C:\Windows\system32\DRIVERS\klif.sys
17:56:46.0480 5096 KLIF - ok
17:56:46.0538 5096 KLIM6 (3d217d7d89a4ba705d4ca14268d7d7b2) C:\Windows\system32\DRIVERS\klim6.sys
17:56:46.0553 5096 KLIM6 - ok
17:56:46.0590 5096 klmouflt (0bd3e79be9f60418d20315d50bdbba86) C:\Windows\system32\DRIVERS\klmouflt.sys
17:56:46.0605 5096 klmouflt - ok
17:56:46.0634 5096 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:56:46.0654 5096 KSecDD - ok
17:56:46.0689 5096 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:56:46.0704 5096 KSecPkg - ok
17:56:46.0796 5096 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:56:46.0838 5096 ksthunk - ok
17:56:46.0886 5096 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:56:46.0933 5096 KtmRm - ok
17:56:46.0981 5096 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:56:47.0025 5096 LanmanServer - ok
17:56:47.0077 5096 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:56:47.0119 5096 LanmanWorkstation - ok
17:56:47.0203 5096 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:56:47.0239 5096 lltdio - ok
17:56:47.0291 5096 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:56:47.0330 5096 lltdsvc - ok
17:56:47.0352 5096 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:56:47.0390 5096 lmhosts - ok
17:56:47.0465 5096 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:56:47.0483 5096 LSI_FC - ok
17:56:47.0501 5096 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:56:47.0515 5096 LSI_SAS - ok
17:56:47.0534 5096 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:56:47.0546 5096 LSI_SAS2 - ok
17:56:47.0569 5096 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:56:47.0583 5096 LSI_SCSI - ok
17:56:47.0626 5096 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:56:47.0673 5096 luafv - ok
17:56:47.0694 5096 lullaby (37b2618e3646d427771ae1719edadf9c) C:\Windows\system32\DRIVERS\lullaby.sys
17:56:47.0704 5096 lullaby - ok
17:56:47.0743 5096 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:56:47.0769 5096 Mcx2Svc - ok
17:56:47.0813 5096 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:56:47.0832 5096 megasas - ok
17:56:47.0851 5096 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:56:47.0867 5096 MegaSR - ok
17:56:47.0903 5096 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:56:47.0941 5096 MMCSS - ok
17:56:47.0987 5096 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:56:48.0032 5096 Modem - ok
17:56:48.0065 5096 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:56:48.0083 5096 monitor - ok
17:56:48.0132 5096 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:56:48.0145 5096 mouclass - ok
17:56:48.0245 5096 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:56:48.0264 5096 mouhid - ok
17:56:48.0305 5096 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:56:48.0318 5096 mountmgr - ok
17:56:48.0343 5096 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:56:48.0356 5096 mpio - ok
17:56:48.0393 5096 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:56:48.0428 5096 mpsdrv - ok
17:56:48.0559 5096 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:56:48.0603 5096 MpsSvc - ok
17:56:48.0654 5096 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:56:48.0674 5096 MRxDAV - ok
17:56:48.0711 5096 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:56:48.0736 5096 mrxsmb - ok
17:56:48.0749 5096 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:56:48.0766 5096 mrxsmb10 - ok
17:56:48.0788 5096 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:56:48.0803 5096 mrxsmb20 - ok
17:56:48.0840 5096 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:56:48.0852 5096 msahci - ok
17:56:48.0871 5096 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:56:48.0885 5096 msdsm - ok
17:56:48.0932 5096 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:56:48.0951 5096 MSDTC - ok
17:56:49.0027 5096 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:56:49.0065 5096 Msfs - ok
17:56:49.0085 5096 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:56:49.0119 5096 mshidkmdf - ok
17:56:49.0147 5096 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:56:49.0159 5096 msisadrv - ok
17:56:49.0237 5096 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:56:49.0288 5096 MSiSCSI - ok
17:56:49.0296 5096 msiserver - ok
17:56:49.0366 5096 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:56:49.0412 5096 MSKSSRV - ok
17:56:49.0427 5096 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:56:49.0462 5096 MSPCLOCK - ok
17:56:49.0474 5096 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:56:49.0508 5096 MSPQM - ok
17:56:49.0557 5096 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:56:49.0580 5096 MsRPC - ok
17:56:49.0611 5096 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:56:49.0623 5096 mssmbios - ok
17:56:49.0673 5096 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:56:49.0708 5096 MSTEE - ok
17:56:49.0731 5096 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:56:49.0746 5096 MTConfig - ok
17:56:49.0803 5096 MTsensor (a523d9f6aeb152c4480d754df7fa9f7f) C:\Windows\system32\DRIVERS\ATK64AMD.sys
17:56:49.0825 5096 MTsensor - ok
17:56:49.0878 5096 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:56:49.0899 5096 Mup - ok
17:56:49.0949 5096 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:56:49.0990 5096 napagent - ok
17:56:50.0065 5096 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:56:50.0094 5096 NativeWifiP - ok
17:56:50.0158 5096 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:56:50.0189 5096 NDIS - ok
17:56:50.0243 5096 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:56:50.0286 5096 NdisCap - ok
17:56:50.0332 5096 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:56:50.0375 5096 NdisTapi - ok
17:56:50.0425 5096 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:56:50.0467 5096 Ndisuio - ok
17:56:50.0501 5096 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:56:50.0536 5096 NdisWan - ok
17:56:50.0573 5096 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:56:50.0608 5096 NDProxy - ok
17:56:50.0739 5096 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:56:50.0776 5096 NetBIOS - ok
17:56:50.0825 5096 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:56:50.0875 5096 NetBT - ok
17:56:50.0904 5096 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:56:50.0921 5096 Netlogon - ok
17:56:50.0980 5096 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:56:51.0021 5096 Netman - ok
17:56:51.0131 5096 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:56:51.0150 5096 NetMsmqActivator - ok
17:56:51.0176 5096 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:56:51.0193 5096 NetPipeActivator - ok
17:56:51.0291 5096 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:56:51.0340 5096 netprofm - ok
17:56:51.0407 5096 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:56:51.0425 5096 NetTcpActivator - ok
17:56:51.0461 5096 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:56:51.0477 5096 NetTcpPortSharing - ok
17:56:51.0553 5096 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:56:51.0572 5096 nfrd960 - ok
17:56:51.0629 5096 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:56:51.0674 5096 NlaSvc - ok
17:56:51.0739 5096 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:56:51.0783 5096 Npfs - ok
17:56:51.0814 5096 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:56:51.0852 5096 nsi - ok
17:56:51.0870 5096 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:56:51.0905 5096 nsiproxy - ok
17:56:51.0963 5096 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:56:52.0001 5096 Ntfs - ok
17:56:52.0042 5096 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:56:52.0085 5096 Null - ok
17:56:52.0402 5096 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:56:52.0580 5096 nvlddmkm - ok
17:56:52.0620 5096 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:56:52.0634 5096 nvraid - ok
17:56:52.0654 5096 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:56:52.0669 5096 nvstor - ok
17:56:52.0723 5096 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
17:56:52.0757 5096 nvsvc - ok
17:56:52.0912 5096 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:56:52.0951 5096 nvUpdatusService - ok
17:56:53.0059 5096 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:56:53.0079 5096 nv_agp - ok
17:56:53.0204 5096 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:56:53.0221 5096 odserv - ok
17:56:53.0331 5096 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:56:53.0355 5096 ohci1394 - ok
17:56:53.0474 5096 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:56:53.0492 5096 ose - ok
17:56:53.0612 5096 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:56:53.0643 5096 p2pimsvc - ok
17:56:53.0666 5096 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:56:53.0688 5096 p2psvc - ok
17:56:53.0732 5096 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:56:53.0753 5096 Parport - ok
17:56:53.0796 5096 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:56:53.0809 5096 partmgr - ok
17:56:53.0848 5096 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:56:53.0871 5096 PcaSvc - ok
17:56:53.0911 5096 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:56:53.0926 5096 pci - ok
17:56:53.0943 5096 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:56:53.0955 5096 pciide - ok
17:56:53.0999 5096 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:56:54.0013 5096 pcmcia - ok
17:56:54.0032 5096 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:56:54.0045 5096 pcw - ok
17:56:54.0074 5096 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:56:54.0114 5096 PEAUTH - ok
17:56:54.0202 5096 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:56:54.0229 5096 PerfHost - ok
17:56:54.0328 5096 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:56:54.0384 5096 pla - ok
17:56:54.0464 5096 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:56:54.0497 5096 PlugPlay - ok
17:56:54.0536 5096 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:56:54.0561 5096 PNRPAutoReg - ok
17:56:54.0579 5096 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:56:54.0600 5096 PNRPsvc - ok
17:56:54.0649 5096 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:56:54.0698 5096 PolicyAgent - ok
17:56:54.0748 5096 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:56:54.0795 5096 Power - ok
17:56:54.0885 5096 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:56:54.0938 5096 PptpMiniport - ok
17:56:54.0982 5096 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:56:55.0007 5096 Processor - ok
17:56:55.0050 5096 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:56:55.0088 5096 ProfSvc - ok
17:56:55.0120 5096 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:56:55.0137 5096 ProtectedStorage - ok
17:56:55.0211 5096 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:56:55.0247 5096 Psched - ok
17:56:55.0318 5096 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:56:55.0356 5096 ql2300 - ok
17:56:55.0388 5096 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:56:55.0402 5096 ql40xx - ok
17:56:55.0439 5096 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:56:55.0463 5096 QWAVE - ok
17:56:55.0487 5096 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:56:55.0506 5096 QWAVEdrv - ok
17:56:55.0519 5096 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:56:55.0554 5096 RasAcd - ok
17:56:55.0651 5096 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:56:55.0693 5096 RasAgileVpn - ok
17:56:55.0733 5096 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:56:55.0780 5096 RasAuto - ok
17:56:55.0855 5096 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:56:55.0897 5096 Rasl2tp - ok
17:56:55.0947 5096 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:56:55.0993 5096 RasMan - ok
17:56:56.0062 5096 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:56:56.0113 5096 RasPppoe - ok
17:56:56.0135 5096 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:56:56.0182 5096 RasSstp - ok
17:56:56.0224 5096 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:56:56.0261 5096 rdbss - ok
17:56:56.0299 5096 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:56:56.0316 5096 rdpbus - ok
17:56:56.0331 5096 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:56:56.0366 5096 RDPCDD - ok
17:56:56.0412 5096 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:56:56.0448 5096 RDPENCDD - ok
17:56:56.0473 5096 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:56:56.0508 5096 RDPREFMP - ok
17:56:56.0542 5096 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:56:56.0578 5096 RDPWD - ok
17:56:56.0630 5096 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:56:56.0644 5096 rdyboost - ok
17:56:56.0709 5096 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:56:56.0760 5096 RemoteAccess - ok
17:56:56.0792 5096 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:56:56.0831 5096 RemoteRegistry - ok
17:56:56.0904 5096 rimmptsk (4ccf35f5086cdbf5e6c51a1cfbd0b269) C:\Windows\system32\DRIVERS\rimmpx64.sys
17:56:56.0924 5096 rimmptsk - ok
17:56:56.0968 5096 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
17:56:56.0987 5096 rimsptsk - ok
17:56:57.0009 5096 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
17:56:57.0022 5096 rismxdp - ok
17:56:57.0061 5096 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:56:57.0100 5096 RpcEptMapper - ok
17:56:57.0156 5096 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:56:57.0173 5096 RpcLocator - ok
17:56:57.0222 5096 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:56:57.0264 5096 RpcSs - ok
17:56:57.0361 5096 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:56:57.0415 5096 rspndr - ok
17:56:57.0516 5096 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:56:57.0555 5096 RTL8167 - ok
17:56:57.0598 5096 RTL8169 (a2cbe070fba458357acef41c3f3906ca) C:\Windows\system32\DRIVERS\Rtlh64.sys
17:56:57.0621 5096 RTL8169 - ok
17:56:57.0651 5096 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:56:57.0668 5096 SamSs - ok
17:56:57.0712 5096 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:56:57.0732 5096 sbp2port - ok
17:56:57.0778 5096 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:56:57.0824 5096 SCardSvr - ok
17:56:57.0863 5096 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:56:57.0905 5096 scfilter - ok
17:56:57.0962 5096 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:56:58.0009 5096 Schedule - ok
17:56:58.0047 5096 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:56:58.0081 5096 SCPolicySvc - ok
17:56:58.0152 5096 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
17:56:58.0172 5096 sdbus - ok
17:56:58.0216 5096 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:56:58.0245 5096 SDRSVC - ok
17:56:58.0311 5096 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:56:58.0354 5096 secdrv - ok
17:56:58.0393 5096 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:56:58.0445 5096 seclogon - ok
17:56:58.0496 5096 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:56:58.0534 5096 SENS - ok
17:56:58.0550 5096 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:56:58.0568 5096 SensrSvc - ok
17:56:58.0633 5096 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:56:58.0656 5096 Serenum - ok
17:56:58.0682 5096 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:56:58.0698 5096 Serial - ok
17:56:58.0722 5096 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:56:58.0737 5096 sermouse - ok
17:56:58.0792 5096 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:56:58.0838 5096 SessionEnv - ok
17:56:58.0854 5096 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:56:58.0869 5096 sffdisk - ok
17:56:58.0879 5096 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:56:58.0894 5096 sffp_mmc - ok
17:56:58.0921 5096 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:56:58.0938 5096 sffp_sd - ok
17:56:58.0958 5096 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:56:58.0973 5096 sfloppy - ok
17:56:59.0025 5096 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:56:59.0075 5096 SharedAccess - ok
17:56:59.0117 5096 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:56:59.0167 5096 ShellHWDetection - ok
17:56:59.0235 5096 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:56:59.0253 5096 SiSRaid2 - ok
17:56:59.0276 5096 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:56:59.0290 5096 SiSRaid4 - ok
17:56:59.0330 5096 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:56:59.0375 5096 Smb - ok
17:56:59.0432 5096 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:56:59.0456 5096 SNMPTRAP - ok
17:56:59.0563 5096 SNP2UVC (1a5806e5c2e232c193b90d2ade8a977c) C:\Windows\system32\DRIVERS\snp2uvc.sys
17:56:59.0603 5096 SNP2UVC - ok
17:56:59.0646 5096 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:56:59.0658 5096 spldr - ok
17:56:59.0772 5096 spmgr (739db668dbd812285ecc553e64a5e212) C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
17:56:59.0789 5096 spmgr - ok
17:56:59.0913 5096 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:56:59.0970 5096 Spooler - ok
17:57:00.0105 5096 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:57:00.0176 5096 sppsvc - ok
17:57:00.0223 5096 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:57:00.0262 5096 sppuinotify - ok
17:57:00.0306 5096 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:57:00.0324 5096 srv - ok
17:57:00.0354 5096 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:57:00.0374 5096 srv2 - ok
17:57:00.0511 5096 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:57:00.0532 5096 srvnet - ok
17:57:00.0593 5096 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:57:00.0638 5096 SSDPSRV - ok
17:57:00.0655 5096 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:57:00.0694 5096 SstpSvc - ok
17:57:00.0908 5096 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:57:00.0928 5096 Stereo Service - ok
17:57:01.0061 5096 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:57:01.0073 5096 stexstor - ok
17:57:01.0152 5096 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:57:01.0181 5096 stisvc - ok
17:57:01.0233 5096 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:57:01.0250 5096 swenum - ok
17:57:01.0304 5096 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:57:01.0347 5096 swprv - ok
17:57:01.0433 5096 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:57:01.0480 5096 SysMain - ok
17:57:01.0532 5096 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:57:01.0561 5096 TabletInputService - ok
17:57:01.0614 5096 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:57:01.0662 5096 TapiSrv - ok
17:57:01.0708 5096 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:57:01.0755 5096 TBS - ok
17:57:01.0844 5096 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:57:01.0882 5096 Tcpip - ok
17:57:01.0948 5096 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:57:01.0991 5096 TCPIP6 - ok
17:57:02.0042 5096 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:57:02.0075 5096 tcpipreg - ok
17:57:02.0178 5096 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:57:02.0225 5096 TDPIPE - ok
17:57:02.0243 5096 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:57:02.0279 5096 TDTCP - ok
17:57:02.0325 5096 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:57:02.0370 5096 tdx - ok
17:57:02.0393 5096 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:57:02.0406 5096 TermDD - ok
17:57:02.0458 5096 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:57:02.0518 5096 TermService - ok
17:57:02.0561 5096 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:57:02.0584 5096 Themes - ok
17:57:02.0617 5096 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:57:02.0655 5096 THREADORDER - ok
17:57:02.0699 5096 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:57:02.0739 5096 TrkWks - ok
17:57:02.0790 5096 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:57:02.0832 5096 TrustedInstaller - ok
17:57:02.0894 5096 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:57:02.0939 5096 tssecsrv - ok
17:57:03.0021 5096 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:57:03.0043 5096 TsUsbFlt - ok
17:57:03.0097 5096 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:57:03.0146 5096 tunnel - ok
17:57:03.0184 5096 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:57:03.0197 5096 uagp35 - ok
17:57:03.0248 5096 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:57:03.0285 5096 udfs - ok
17:57:03.0325 5096 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:57:03.0344 5096 UI0Detect - ok
17:57:03.0376 5096 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:57:03.0398 5096 uliagpkx - ok
17:57:03.0450 5096 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:57:03.0470 5096 umbus - ok
17:57:03.0504 5096 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:57:03.0519 5096 UmPass - ok
17:57:03.0565 5096 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:57:03.0615 5096 upnphost - ok
17:57:03.0663 5096 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:57:03.0668 5096 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
17:57:03.0668 5096 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
17:57:03.0700 5096 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:57:03.0715 5096 usbccgp - ok
17:57:03.0773 5096 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:57:03.0790 5096 usbcir - ok
17:57:03.0817 5096 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:57:03.0832 5096 usbehci - ok
17:57:03.0890 5096 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:57:03.0916 5096 usbhub - ok
17:57:03.0936 5096 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:57:03.0951 5096 usbohci - ok
17:57:04.0001 5096 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:57:04.0026 5096 usbprint - ok
17:57:04.0055 5096 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:57:04.0073 5096 usbscan - ok
17:57:04.0098 5096 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:57:04.0114 5096 USBSTOR - ok
17:57:04.0136 5096 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:57:04.0151 5096 usbuhci - ok
17:57:04.0188 5096 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:57:04.0231 5096 UxSms - ok
17:57:04.0265 5096 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:57:04.0285 5096 VaultSvc - ok
17:57:04.0348 5096 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:57:04.0367 5096 vdrvroot - ok
17:57:04.0410 5096 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:57:04.0453 5096 vds - ok
17:57:04.0501 5096 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:57:04.0522 5096 vga - ok
17:57:04.0544 5096 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:57:04.0581 5096 VgaSave - ok
17:57:04.0626 5096 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:57:04.0641 5096 vhdmp - ok
17:57:04.0678 5096 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:57:04.0695 5096 viaide - ok
17:57:04.0718 5096 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:57:04.0731 5096 volmgr - ok
17:57:04.0774 5096 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:57:04.0790 5096 volmgrx - ok
17:57:04.0816 5096 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:57:04.0832 5096 volsnap - ok
17:57:04.0999 5096 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:57:05.0020 5096 vsmraid - ok
17:57:05.0099 5096 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:57:05.0158 5096 VSS - ok
17:57:05.0192 5096 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:57:05.0209 5096 vwifibus - ok
17:57:05.0253 5096 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:57:05.0285 5096 vwififlt - ok
17:57:05.0391 5096 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:57:05.0420 5096 vwifimp - ok
17:57:05.0476 5096 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:57:05.0518 5096 W32Time - ok
17:57:05.0543 5096 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:57:05.0558 5096 WacomPen - ok
17:57:05.0613 5096 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:57:05.0653 5096 WANARP - ok
17:57:05.0690 5096 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:57:05.0731 5096 Wanarpv6 - ok
17:57:05.0868 5096 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:57:05.0897 5096 WatAdminSvc - ok
17:57:06.0020 5096 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:57:06.0063 5096 wbengine - ok
17:57:06.0148 5096 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:57:06.0181 5096 WbioSrvc - ok
17:57:06.0299 5096 WBVGAservice (8dd42f233ec1317e5f7b0fc61e3d9bc2) C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
17:57:06.0314 5096 WBVGAservice - ok
17:57:06.0409 5096 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:57:06.0446 5096 wcncsvc - ok
17:57:06.0496 5096 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:57:06.0526 5096 WcsPlugInService - ok
17:57:06.0593 5096 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:57:06.0612 5096 Wd - ok
17:57:06.0646 5096 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:57:06.0670 5096 Wdf01000 - ok
17:57:06.0723 5096 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:57:06.0751 5096 WdiServiceHost - ok
17:57:06.0767 5096 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:57:06.0795 5096 WdiSystemHost - ok
17:57:06.0850 5096 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:57:06.0877 5096 WebClient - ok
17:57:06.0904 5096 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:57:06.0947 5096 Wecsvc - ok
17:57:06.0970 5096 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:57:07.0011 5096 wercplsupport - ok
17:57:07.0083 5096 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:57:07.0137 5096 WerSvc - ok
17:57:07.0217 5096 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:57:07.0262 5096 WfpLwf - ok
17:57:07.0282 5096 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:57:07.0295 5096 WIMMount - ok
17:57:07.0355 5096 WinDefend - ok
17:57:07.0366 5096 WinHttpAutoProxySvc - ok
17:57:07.0478 5096 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:57:07.0535 5096 Winmgmt - ok
17:57:07.0622 5096 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:57:07.0683 5096 WinRM - ok
17:57:07.0843 5096 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:57:07.0861 5096 WinUsb - ok
17:57:07.0917 5096 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:57:07.0955 5096 Wlansvc - ok
17:57:08.0080 5096 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:57:08.0121 5096 wlidsvc - ok
17:57:08.0214 5096 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:57:08.0236 5096 WmiAcpi - ok
17:57:08.0304 5096 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:57:08.0321 5096 wmiApSrv - ok
17:57:08.0372 5096 WMPNetworkSvc - ok
17:57:08.0481 5096 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:57:08.0510 5096 WPCSvc - ok
17:57:08.0552 5096 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:57:08.0584 5096 WPDBusEnum - ok
17:57:08.0635 5096 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:57:08.0677 5096 ws2ifsl - ok
17:57:08.0781 5096 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:57:08.0818 5096 wscsvc - ok
17:57:08.0828 5096 WSearch - ok
17:57:08.0918 5096 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:57:08.0981 5096 wuauserv - ok
17:57:09.0032 5096 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:57:09.0072 5096 WudfPf - ok
17:57:09.0128 5096 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:57:09.0166 5096 WUDFRd - ok
17:57:09.0248 5096 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:57:09.0300 5096 wudfsvc - ok
17:57:09.0345 5096 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:57:09.0380 5096 WwanSvc - ok
17:57:09.0427 5096 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:57:09.0608 5096 \Device\Harddisk0\DR0 - ok
17:57:09.0611 5096 Boot (0x1200) (08ca4709b952ab8aaa4bc0f1dd17cd31) \Device\Harddisk0\DR0\Partition0
17:57:09.0613 5096 \Device\Harddisk0\DR0\Partition0 - ok
17:57:09.0614 5096 ============================================================
17:57:09.0614 5096 Scan finished
17:57:09.0614 5096 ============================================================
17:57:09.0628 2088 Detected object count: 3
17:57:09.0628 2088 Actual detected object count: 3
17:57:31.0722 2088 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:31.0722 2088 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:31.0724 2088 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:31.0724 2088 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:31.0726 2088 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:31.0726 2088 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

For aswMBR, I went ahead and downloaded Avast Engine and paused Kaspersky while it ran. At the end the "Fix" button did show up and I did hit it...here is the log:

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-29 17:20:33
-----------------------------
17:20:33.899 OS Version: Windows x64 6.1.7601 Service Pack 1
17:20:33.899 Number of processors: 2 586 0x170A
17:20:33.900 ComputerName: GUITARRULZ-PC UserName: Guitarrulz
17:20:35.963 Initialize success
17:22:06.207 AVAST engine defs: 12032901
17:23:32.464 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:23:32.467 Disk 0 Vendor: ST950032 0002 Size: 476940MB BusType: 3
17:23:32.474 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
17:23:32.477 Disk 1 Vendor: ( Size: 7582MB BusType: 12
17:23:32.493 Disk 0 MBR read successfully
17:23:32.497 Disk 0 MBR scan
17:23:32.502 Disk 0 Windows 7 default MBR code
17:23:32.507 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 12001 MB offset 63
17:23:32.513 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 464937 MB offset 24580096
17:23:32.544 Disk 0 scanning C:\Windows\system32\drivers
17:23:45.037 Service scanning
17:24:12.712 Modules scanning
17:24:13.977 AVAST engine scan C:\Windows
17:24:17.675 AVAST engine scan C:\Windows\system32
17:24:31.110 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
17:27:47.872 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
17:27:48.909 AVAST engine scan C:\Windows\system32\drivers
17:28:04.133 AVAST engine scan C:\Users\Guitarrulz
17:29:56.895 AVAST engine scan C:\ProgramData
17:32:02.675 Scan finished successfully
17:34:21.178 Disk 0 MBR has been saved successfully to "C:\Users\Guitarrulz\Desktop\MBR.dat"
17:34:21.183 The log file has been saved successfully to "C:\Users\Guitarrulz\Desktop\aswMBR1.txt"

#8
RKinner

Posted 29 March 2012 - 09:20 PM

Malware Expert

Expert
24,623 posts

Run aswMBR again and let's see if it really did fix it.

#9
Guitarrulz

Posted 29 March 2012 - 10:17 PM

Member

Topic Starter
Member
10 posts

Latest:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-29 20:34:12
-----------------------------
20:34:12.484 OS Version: Windows x64 6.1.7601 Service Pack 1
20:34:12.484 Number of processors: 2 586 0x170A
20:34:12.484 ComputerName: GUITARRULZ-PC UserName: Guitarrulz
20:34:14.294 Initialize success
20:34:21.205 AVAST engine defs: 12032901
20:34:24.715 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:34:24.715 Disk 0 Vendor: ST950032 0002 Size: 476940MB BusType: 3
20:34:24.715 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
20:34:24.730 Disk 1 Vendor: ( Size: 7582MB BusType: 12
20:34:24.746 Disk 0 MBR read successfully
20:34:24.746 Disk 0 MBR scan
20:34:24.746 Disk 0 Windows 7 default MBR code
20:34:24.762 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 12001 MB offset 63
20:34:24.777 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 464937 MB offset 24580096
20:34:24.824 Disk 0 scanning C:\Windows\system32\drivers
20:34:40.676 Service scanning
20:35:12.344 Modules scanning
20:35:13.732 AVAST engine scan C:\Windows
20:35:29.160 AVAST engine scan C:\Windows\system32
20:39:56.593 AVAST engine scan C:\Windows\system32\drivers
20:40:25.437 AVAST engine scan C:\Users\Guitarrulz
20:42:53.107 AVAST engine scan C:\ProgramData
20:45:06.426 Scan finished successfully
21:13:21.418 Disk 0 MBR has been saved successfully to "C:\Users\Guitarrulz\Desktop\MBR.dat"
21:13:21.433 The log file has been saved successfully to "C:\Users\Guitarrulz\Desktop\aswMBR2.txt"

#10
RKinner

Posted 29 March 2012 - 11:11 PM

Malware Expert

Expert
24,623 posts

That looks pretty good. What I usually do to make sure it can't come back is create a folder called consrv.dll in C:\Windows\system32\. Windows will not allow a file of the same name where there is a folder (and vice versa) so the infection can't reinstall itself even if you hit the same site.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Let's also see if it did any damage:

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

#11
Guitarrulz

Posted 30 March 2012 - 05:17 PM

Member

Topic Starter
Member
10 posts

Ron, here is what you have asked for. While my system seems to be running a bit faster and these automatic website re-directions have stopped, my ati-virus is still showing malware/viruses/trojans. Not sure whats up. Thanks!

OTL:

OTL logfile created on: 3/30/2012 3:21:23 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Guitarrulz\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.32 Gb Available Physical Memory | 72.00% Memory free
12.00 Gb Paging File | 10.14 Gb Available in Paging File | 84.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.04 Gb Total Space | 302.33 Gb Free Space | 66.59% Space Free | Partition Type: NTFS
Drive E: | 7.40 Gb Total Space | 7.19 Gb Free Space | 97.17% Space Free | Partition Type: FAT32

Computer Name: GUITARRULZ-PC | User Name: Guitarrulz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/30 15:18:31 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Guitarrulz\Desktop\OTL.exe
PRC - [2012/03/26 09:43:34 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/05 17:51:52 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/15 01:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/11/20 05:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/07 20:00:08 | 002,861,624 | ---- | M] (ASUSTek.) -- C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
PRC - [2009/04/07 10:34:26 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/03/20 21:37:18 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/03/04 11:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/02/10 17:51:18 | 000,113,208 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
PRC - [2009/02/06 17:57:18 | 000,072,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
PRC - [2008/12/22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/10/14 17:13:24 | 002,987,008 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
PRC - [2008/09/30 18:52:44 | 001,025,536 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
PRC - [2008/08/13 21:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/08/13 21:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 17:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/06/17 23:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2008/03/24 22:39:18 | 000,322,104 | ---- | M] (ASUSTek.) -- C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
PRC - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/11/20 14:44:30 | 001,145,400 | ---- | M] (ASUS) -- C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
PRC - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 13:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/26 09:43:33 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/18 17:49:56 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2008/10/14 17:13:24 | 002,987,008 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
MOD - [2008/09/30 18:52:44 | 001,025,536 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
MOD - [2008/05/28 22:40:38 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\OLED.dll
MOD - [2008/05/28 22:39:48 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\SysInfo.dll
MOD - [2008/05/22 22:24:10 | 000,045,056 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\atkmethod.dll
MOD - [2008/02/18 23:32:46 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\OvrClk.dll
MOD - [2008/02/16 23:08:46 | 000,950,272 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\OcSetting.dll
MOD - [2007/12/27 17:04:42 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\LED.dll
MOD - [2007/12/11 17:07:28 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\OUTLOOK.dll
MOD - [2007/12/07 16:32:02 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\MSN.dll
MOD - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007/11/19 14:54:20 | 000,188,416 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswsysmon.dll
MOD - [2007/11/19 12:11:58 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswcore.dll
MOD - [2007/09/06 15:05:00 | 000,081,920 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswobj.dll
MOD - [2007/08/02 10:53:06 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswresmgr.dll
MOD - [2007/07/24 15:41:10 | 000,049,152 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ResItf.dll
MOD - [2007/06/19 12:38:08 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswui.dll
MOD - [2007/06/15 11:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/01 18:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
MOD - [2007/05/14 15:07:14 | 000,009,728 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\LogonStartup.dll
MOD - [2007/05/14 12:10:40 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswgblset.dll
MOD - [2007/03/09 17:16:52 | 000,106,496 | ---- | M] () -- C:\Program Files\ATKGFNEX\AGFNEX.dll
MOD - [2006/12/09 10:34:36 | 000,139,264 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipsw_cfgmgr.dll
MOD - [2006/12/07 10:29:06 | 000,007,168 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\iphelper.dll
MOD - [2006/12/06 17:55:32 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswhlp.dll
MOD - [2006/12/06 17:55:22 | 000,086,016 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswds.dll
MOD - [2006/12/06 17:42:26 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\cxcmrt.dll
MOD - [2005/05/11 16:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\pngio.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (vsbus)
SRV:64bit: - [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (StickyMesger)
SRV:64bit: - [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (SrvcEPECioctl)
SRV:64bit: - [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (digirefresh)
SRV:64bit: - [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (ATIVXSTW)
SRV:64bit: - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV:64bit: - [2007/08/03 13:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2012/01/05 19:50:57 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/15 01:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/06 17:57:18 | 000,072,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe -- (WBVGAservice)
SRV - [2008/08/13 21:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/05 19:50:57 | 000,330,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/01/05 19:50:57 | 000,156,688 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/01/05 17:42:21 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/06/27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/16 21:59:30 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/05/15 19:50:26 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/04/01 18:46:40 | 000,016,440 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/02/11 02:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/12/15 21:41:52 | 000,038,416 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2008/11/03 00:03:28 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/08/20 23:39:14 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV:64bit: - [2008/08/10 19:14:02 | 001,820,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2008/05/01 22:59:48 | 000,166,912 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/02/15 19:27:18 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/01/23 22:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2007/07/27 20:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 21:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 12:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/27 06:01:08 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=ASUS&bmod=ASUS
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/26 11:22:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2012/03/26 11:21:48 | 000,000,000 | ---D | M]

[2012/01/05 19:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guitarrulz\AppData\Roaming\Mozilla\Extensions
[2012/03/29 05:18:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guitarrulz\AppData\Roaming\Mozilla\Firefox\Profiles\41kqjwes.default\extensions
[2012/03/29 05:18:01 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Guitarrulz\AppData\Roaming\Mozilla\Firefox\Profiles\41kqjwes.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/03/26 11:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/26 11:21:49 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/03/26 09:43:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/07 16:22:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/07 16:22:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/29 13:34:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CloudCare] C:\Program Files (x86)\Bsecure\BsecTray.exe File not found
O4 - HKLM..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Turbo Gear] C:\Program Files\ASUS\Turbo Gear\TurboGear.exe ()
O4 - HKLM..\Run: [Turbo Gear Help] C:\Program Files\ASUS\Turbo Gear\GearHelp.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B45AF7C-BF3C-4D35-86D3-4DBE0BDC959C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/30 15:18:26 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Guitarrulz\Desktop\OTL.exe
[2012/03/30 15:10:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\consrv.dll
[2012/03/29 21:31:20 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/29 17:47:00 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Guitarrulz\Desktop\tdsskiller.exe
[2012/03/29 17:16:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/29 14:09:56 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Guitarrulz\Desktop\aswMBR.exe
[2012/03/29 14:03:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/29 13:18:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/29 13:18:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/29 13:18:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/29 13:15:20 | 004,448,838 | R--- | C] (Swearware) -- C:\Users\Guitarrulz\Desktop\ComboFix.exe
[2012/03/29 04:13:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/29 04:07:03 | 000,000,000 | ---D | C] -- C:\Users\Guitarrulz\Desktop\Fix
[2012/03/29 03:50:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/29 03:50:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/28 17:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/03/26 09:51:49 | 000,000,000 | ---D | C] -- C:\Users\Guitarrulz\AppData\Roaming\AVG2012
[2012/03/26 09:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/03/26 09:50:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/03/26 09:50:30 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/03/26 09:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/03/26 09:46:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/03/26 09:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/03/26 08:20:49 | 000,000,000 | ---D | C] -- C:\Users\Guitarrulz\AppData\Roaming\Malwarebytes
[2012/03/26 08:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/26 08:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/26 07:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/26 07:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/09 16:50:23 | 000,000,000 | ---D | C] -- C:\Users\Guitarrulz\Documents\TurboTax
[2012/03/09 16:49:09 | 000,000,000 | ---D | C] -- C:\Users\Guitarrulz\AppData\Roaming\Intuit
[2012/03/09 16:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2010
[2012/03/09 16:46:50 | 000,000,000 | ---D | C] -- C:\Users\Guitarrulz\AppData\Local\IsolatedStorage
[2012/03/09 16:46:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2012/03/09 16:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax
[2012/03/09 16:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2012/03/09 12:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/09 12:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/09 12:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

========== Files - Modified Within 30 Days ==========

[2012/03/30 15:18:31 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Guitarrulz\Desktop\OTL.exe
[2012/03/30 14:29:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/30 14:07:06 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/30 14:07:06 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/30 14:07:06 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/30 14:05:45 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/30 14:05:45 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/30 13:58:45 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/30 13:58:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/30 13:57:34 | 536,109,055 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/29 21:31:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/03/29 21:13:21 | 000,000,512 | ---- | M] () -- C:\Users\Guitarrulz\Desktop\MBR.dat
[2012/03/29 17:47:07 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Guitarrulz\Desktop\tdsskiller.exe
[2012/03/29 14:10:07 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Guitarrulz\Desktop\aswMBR.exe
[2012/03/29 13:34:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/29 13:15:39 | 004,448,838 | R--- | M] (Swearware) -- C:\Users\Guitarrulz\Desktop\ComboFix.exe
[2012/03/13 17:28:43 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/13 16:17:58 | 000,350,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/09 17:27:38 | 000,454,415 | ---- | M] () -- C:\Users\Guitarrulz\Desktop\2011 Tax POST amend.pdf
[2012/03/09 16:54:02 | 000,284,144 | ---- | M] () -- C:\Users\Guitarrulz\Desktop\2011 Tax PRE amend.pdf
[2012/03/09 16:51:03 | 000,143,045 | ---- | M] () -- C:\Users\Guitarrulz\Desktop\df697d0e-8939-4230-9c62-d2d3a5b98e86.pdf
[2012/03/09 16:48:01 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2010.lnk
[2012/03/09 12:50:01 | 000,000,628 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2012/03/09 12:49:09 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/06 16:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

========== Files Created - No Company Name ==========

[2012/03/29 21:31:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/03/29 14:14:22 | 000,000,512 | ---- | C] () -- C:\Users\Guitarrulz\Desktop\MBR.dat
[2012/03/29 13:18:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/29 13:18:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/29 13:18:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/29 13:18:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/29 13:18:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/09 17:27:38 | 000,454,415 | ---- | C] () -- C:\Users\Guitarrulz\Desktop\2011 Tax POST amend.pdf
[2012/03/09 16:54:02 | 000,284,144 | ---- | C] () -- C:\Users\Guitarrulz\Desktop\2011 Tax PRE amend.pdf
[2012/03/09 16:51:03 | 000,143,045 | ---- | C] () -- C:\Users\Guitarrulz\Desktop\df697d0e-8939-4230-9c62-d2d3a5b98e86.pdf
[2012/03/09 16:48:01 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2010.lnk
[2012/03/09 12:49:09 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/02 04:56:30 | 000,145,920 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/05 22:28:29 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/05 17:51:57 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2012/01/05 17:46:08 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/01/05 17:46:08 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

< End of report >

Second OTL:

OTL Extras logfile created on: 3/30/2012 3:21:23 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Guitarrulz\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.32 Gb Available Physical Memory | 72.00% Memory free
12.00 Gb Paging File | 10.14 Gb Available in Paging File | 84.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.04 Gb Total Space | 302.33 Gb Free Space | 66.59% Space Free | Partition Type: NTFS
Drive E: | 7.40 Gb Total Space | 7.19 Gb Free Space | 97.17% Space Free | Partition Type: FAT32

Computer Name: GUITARRULZ-PC | User Name: Guitarrulz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{79C79444-7BD2-453F-AC3E-78B648813C09}" = AVG 2012
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"WinRAR archiver" = WinRAR 4.10 beta 5 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{439F7BFD-4F1B-4CAE-834A-4136396C2738}" = ASUS Turbo Gear Enhanced VGA Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{558B0625-03A7-491C-9693-FD1066005CBB}" = Turbo Gear Extreme
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module
"{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{C3B6103A-C76F-45CF-898E-22E74BD33CFF}" = Direct Console 2.0
"{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E8CC51B4-F039-4A13-8C23-57661C5A90AC}" = Express Gate
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"CloudCare" = CloudCare
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SystemRequirementsLab" = System Requirements Lab
"TurboTax 2010" = TurboTax 2010

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/27/2012 11:29:21 PM | Computer Name = Guitarrulz-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/27/2012 11:34:17 PM | Computer Name = Guitarrulz-PC | Source = Windows Search Service | ID = 3100
Description =

Error - 3/27/2012 11:40:08 PM | Computer Name = Guitarrulz-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/28/2012 12:30:18 AM | Computer Name = Guitarrulz-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/28/2012 12:08:21 PM | Computer Name = Guitarrulz-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/28/2012 12:19:44 PM | Computer Name = Guitarrulz-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/28/2012 12:27:01 PM | Computer Name = Guitarrulz-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/28/2012 8:50:15 PM | Computer Name = Guitarrulz-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/29/2012 6:40:12 AM | Computer Name = Guitarrulz-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/29/2012 7:01:53 AM | Computer Name = Guitarrulz-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/29/2012 4:30:51 PM | Computer Name = Guitarrulz-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/29/2012 4:32:06 PM | Computer Name = Guitarrulz-PC | Source = Service Control Manager | ID = 7023
Description = The Regsrvc service terminated with the following error: %%2

Error - 3/29/2012 4:32:06 PM | Computer Name = Guitarrulz-PC | Source = Service Control Manager | ID = 7023
Description = The CTERFXFX.DLL service terminated with the following error: %%2

Error - 3/29/2012 4:32:06 PM | Computer Name = Guitarrulz-PC | Source = Service Control Manager | ID = 7023
Description = The SiS7018 service terminated with the following error: %%2

Error - 3/29/2012 4:32:06 PM | Computer Name = Guitarrulz-PC | Source = Service Control Manager | ID = 7023
Description = The MozyFilter service terminated with the following error: %%2

Error - 3/29/2012 4:32:06 PM | Computer Name = Guitarrulz-PC | Source = Service Control Manager | ID = 7023
Description = The Naimagent32 service terminated with the following error: %%2

Error - 3/29/2012 4:32:06 PM | Computer Name = Guitarrulz-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 3/29/2012 4:32:24 PM | Computer Name = Guitarrulz-PC | Source = Service Control Manager | ID = 7000
Description = The EIO_XP service failed to start due to the following error: %%2

Error - 3/29/2012 4:32:24 PM | Computer Name = Guitarrulz-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
EIO_XP

Error - 3/29/2012 4:34:19 PM | Computer Name = Guitarrulz-PC | Source = Service Control Manager | ID = 7000
Description = The EIO_XP service failed to start due to the following error: %%2

< End of report >

Event View Tool:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/03/2012 4:10:37 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/03/2012 10:45:57 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Second Event Viewer Tool:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/03/2012 4:11:53 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/03/2012 10:45:57 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#12
RKinner

Posted 30 March 2012 - 06:39 PM

Malware Expert

Expert
24,623 posts

OTL still shows the winsock2 stack as corrupt so let's fix that and see if it helps.

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:Services
vsbus
StickyMesger
digirefresh

:OTL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKLM..\Run: [CloudCare] C:\Program Files (x86)\Bsecure\BsecTray.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config vsbus start= disabled /c
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

This will also create a file called winsock2.reg on your desktop. This is an insurance file in case the next step kills your Internet access. Just right click it and Merge and it should put it back. Otherwise leave it alone.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after the line:

netsh  winsock  reset  catalog

(I use 2 spaces in the code box so you can see where one space goes.)

Reboot.

If you can still get on the Internet after the reboot then delete the file winsock2.reg. Run OTL, Quickscan and post the log.

If not then you can right click on it and Merge then reboot and you should be back. If you have to do that then please rename the file to winsock2.txt and attach it to the next post. (System Restore is the backup in case that doesn't work but it should.)

#13
Guitarrulz

Posted 30 March 2012 - 07:50 PM

Member

Topic Starter
Member
10 posts

I was able to do a winsock reset w/o using the back up.

Here is the OTL Quickscan log...

OTL:

OTL logfile created on: 3/30/2012 6:37:53 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Guitarrulz\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.48 Gb Available Physical Memory | 74.65% Memory free
12.00 Gb Paging File | 10.44 Gb Available in Paging File | 87.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.04 Gb Total Space | 302.67 Gb Free Space | 66.66% Space Free | Partition Type: NTFS
Drive E: | 7.40 Gb Total Space | 7.19 Gb Free Space | 97.17% Space Free | Partition Type: FAT32

Computer Name: GUITARRULZ-PC | User Name: Guitarrulz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/30 15:18:31 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Guitarrulz\Desktop\OTL.exe
PRC - [2012/03/26 09:43:34 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/05 17:51:52 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/15 01:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/11/20 05:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/07 20:00:08 | 002,861,624 | ---- | M] (ASUSTek.) -- C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
PRC - [2009/04/07 10:34:26 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/03/20 21:37:18 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/03/04 11:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/02/10 17:51:18 | 000,113,208 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
PRC - [2009/02/06 17:57:18 | 000,072,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
PRC - [2008/12/22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/10/14 17:13:24 | 002,987,008 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
PRC - [2008/09/30 18:52:44 | 001,025,536 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
PRC - [2008/08/13 21:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/08/13 21:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 17:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/06/17 23:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/04/01 00:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2008/03/24 22:39:18 | 000,322,104 | ---- | M] (ASUSTek.) -- C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
PRC - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/11/20 14:44:30 | 001,145,400 | ---- | M] (ASUS) -- C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
PRC - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 13:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/26 09:43:33 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/18 17:49:56 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2008/10/14 17:13:24 | 002,987,008 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
MOD - [2008/09/30 18:52:44 | 001,025,536 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
MOD - [2008/05/28 22:40:38 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\OLED.dll
MOD - [2008/05/28 22:39:48 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\SysInfo.dll
MOD - [2008/05/22 22:24:10 | 000,045,056 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\atkmethod.dll
MOD - [2008/02/18 23:32:46 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\OvrClk.dll
MOD - [2008/02/16 23:08:46 | 000,950,272 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\OcSetting.dll
MOD - [2007/12/27 17:04:42 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\LED.dll
MOD - [2007/12/11 17:07:28 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\OUTLOOK.dll
MOD - [2007/12/07 16:32:02 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\MSN.dll
MOD - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007/11/19 14:54:20 | 000,188,416 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswsysmon.dll
MOD - [2007/11/19 12:11:58 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswcore.dll
MOD - [2007/09/06 15:05:00 | 000,081,920 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswobj.dll
MOD - [2007/08/02 10:53:06 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswresmgr.dll
MOD - [2007/07/24 15:41:10 | 000,049,152 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ResItf.dll
MOD - [2007/06/19 12:38:08 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswui.dll
MOD - [2007/06/15 11:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/01 18:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
MOD - [2007/05/14 15:07:14 | 000,009,728 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\LogonStartup.dll
MOD - [2007/05/14 12:10:40 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswgblset.dll
MOD - [2007/03/09 17:16:52 | 000,106,496 | ---- | M] () -- C:\Program Files\ATKGFNEX\AGFNEX.dll
MOD - [2006/12/09 10:34:36 | 000,139,264 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipsw_cfgmgr.dll
MOD - [2006/12/07 10:29:06 | 000,007,168 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\iphelper.dll
MOD - [2006/12/06 17:55:32 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswhlp.dll
MOD - [2006/12/06 17:55:22 | 000,086,016 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswds.dll
MOD - [2006/12/06 17:42:26 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\cxcmrt.dll
MOD - [2005/05/11 16:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\pngio.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (SrvcEPECioctl)
SRV:64bit: - [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (ATIVXSTW)
SRV:64bit: - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV:64bit: - [2007/08/03 13:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2012/01/05 19:50:57 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/15 01:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/06 17:57:18 | 000,072,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe -- (WBVGAservice)
SRV - [2008/08/13 21:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/05 19:50:57 | 000,330,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/01/05 19:50:57 | 000,156,688 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/01/05 17:42:21 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/06/27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/16 21:59:30 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/05/15 19:50:26 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/04/01 18:46:40 | 000,016,440 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/02/11 02:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/12/15 21:41:52 | 000,038,416 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2008/11/03 00:03:28 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/08/20 23:39:14 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV:64bit: - [2008/08/10 19:14:02 | 001,820,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2008/05/01 22:59:48 | 000,166,912 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/02/15 19:27:18 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/01/23 22:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2007/07/27 20:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 21:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 12:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/27 06:01:08 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=ASUS&bmod=ASUS
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/26 11:22:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2012/03/26 11:21:48 | 000,000,000 | ---D | M]

[2012/01/05 19:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guitarrulz\AppData\Roaming\Mozilla\Extensions
[2012/03/29 05:18:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guitarrulz\AppData\Roaming\Mozilla\Firefox\Profiles\41kqjwes.default\extensions
[2012/03/29 05:18:01 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Guitarrulz\AppData\Roaming\Mozilla\Firefox\Profiles\41kqjwes.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/03/26 11:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/26 11:21:49 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/03/26 09:43:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/07 16:22:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/07 16:22:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/29 13:34:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Turbo Gear] C:\Program Files\ASUS\Turbo Gear\TurboGear.exe ()
O4 - HKLM..\Run: [Turbo Gear Help] C:\Program Files\ASUS\Turbo Gear\GearHelp.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B45AF7C-BF3C-4D35-86D3-4DBE0BDC959C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/30 18:27:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/30 15:18:26 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Guitarrulz\Desktop\OTL.exe
[2012/03/30 15:10:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\consrv.dll
[2012/03/29 21:31:20 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/29 17:47:00 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Guitarrulz\Desktop\tdsskiller.exe
[2012/03/29 17:16:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/29 14:09:56 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Guitarrulz\Desktop\aswMBR.exe
[2012/03/29 14:03:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/29 13:18:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/29 13:18:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/29 13:18:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/29 13:15:20 | 004,448,838 | R--- | C] (Swearware) -- C:\Users\Guitarrulz\Desktop\ComboFix.exe
[2012/03/29 04:13:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/29 04:07:03 | 000,000,000 | ---D | C] -- C:\Users\Guitarrulz\Desktop\Fix
[2012/03/29 03:50:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/29 03:50:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/28 17:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/03/26 09:51:49 | 000,000,000 | ---D | C] -- C:\Users\Guitarrulz\AppData\Roaming\AVG2012
[2012/03/26 09:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/03/26 09:50:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/03/26 09:50:30 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/03/26 09:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/03/26 09:46:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/03/26 09:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/03/26 08:20:49 | 000,000,000 | ---D | C] -- C:\Users\Guitarrulz\AppData\Roaming\Malwarebytes
[2012/03/26 08:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/26 08:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/26 07:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/26 07:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/09 16:50:23 | 000,000,000 | ---D | C] -- C:\Users\Guitarrulz\Documents\TurboTax
[2012/03/09 16:49:09 | 000,000,000 | ---D | C] -- C:\Users\Guitarrulz\AppData\Roaming\Intuit
[2012/03/09 16:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2010
[2012/03/09 16:46:50 | 000,000,000 | ---D | C] -- C:\Users\Guitarrulz\AppData\Local\IsolatedStorage
[2012/03/09 16:46:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2012/03/09 16:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax
[2012/03/09 16:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2012/03/09 12:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/09 12:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/09 12:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

========== Files - Modified Within 30 Days ==========

[2012/03/30 18:42:17 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/30 18:42:17 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/30 18:38:04 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/30 18:38:04 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/30 18:38:04 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/30 18:35:58 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/30 18:34:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/30 18:34:24 | 536,109,055 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/30 18:29:08 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/30 16:09:14 | 000,061,440 | ---- | M] ( ) -- C:\Users\Guitarrulz\Desktop\VEW.exe
[2012/03/30 15:18:31 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Guitarrulz\Desktop\OTL.exe
[2012/03/29 21:31:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/03/29 21:13:21 | 000,000,512 | ---- | M] () -- C:\Users\Guitarrulz\Desktop\MBR.dat
[2012/03/29 17:47:07 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Guitarrulz\Desktop\tdsskiller.exe
[2012/03/29 14:10:07 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Guitarrulz\Desktop\aswMBR.exe
[2012/03/29 13:34:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/29 13:15:39 | 004,448,838 | R--- | M] (Swearware) -- C:\Users\Guitarrulz\Desktop\ComboFix.exe
[2012/03/13 17:28:43 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/13 16:17:58 | 000,350,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/09 17:27:38 | 000,454,415 | ---- | M] () -- C:\Users\Guitarrulz\Desktop\2011 Tax POST amend.pdf
[2012/03/09 16:54:02 | 000,284,144 | ---- | M] () -- C:\Users\Guitarrulz\Desktop\2011 Tax PRE amend.pdf
[2012/03/09 16:51:03 | 000,143,045 | ---- | M] () -- C:\Users\Guitarrulz\Desktop\df697d0e-8939-4230-9c62-d2d3a5b98e86.pdf
[2012/03/09 16:48:01 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2010.lnk
[2012/03/09 12:50:01 | 000,000,628 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2012/03/09 12:49:09 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/06 16:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

========== Files Created - No Company Name ==========

[2012/03/30 16:09:12 | 000,061,440 | ---- | C] ( ) -- C:\Users\Guitarrulz\Desktop\VEW.exe
[2012/03/29 21:31:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/03/29 14:14:22 | 000,000,512 | ---- | C] () -- C:\Users\Guitarrulz\Desktop\MBR.dat
[2012/03/29 13:18:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/29 13:18:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/29 13:18:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/29 13:18:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/29 13:18:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/09 17:27:38 | 000,454,415 | ---- | C] () -- C:\Users\Guitarrulz\Desktop\2011 Tax POST amend.pdf
[2012/03/09 16:54:02 | 000,284,144 | ---- | C] () -- C:\Users\Guitarrulz\Desktop\2011 Tax PRE amend.pdf
[2012/03/09 16:51:03 | 000,143,045 | ---- | C] () -- C:\Users\Guitarrulz\Desktop\df697d0e-8939-4230-9c62-d2d3a5b98e86.pdf
[2012/03/09 16:48:01 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2010.lnk
[2012/03/09 12:49:09 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/02 04:56:30 | 000,145,920 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/05 22:28:29 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/05 17:51:57 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2012/01/05 17:46:08 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/01/05 17:46:08 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2012/03/27 21:02:45 | 000,000,000 | ---D | M] -- C:\Users\Guitarrulz\AppData\Roaming\AVG2012
[2012/02/05 15:27:10 | 000,000,000 | ---D | M] -- C:\Users\Guitarrulz\AppData\Roaming\Garmin
[2009/07/13 22:08:49 | 000,019,906 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#14
RKinner

Posted 30 March 2012 - 10:57 PM

Malware Expert

Expert
24,623 posts

Good. You can delete the winsock2.reg file if you haven't already.

I'm not sure what your anti-virus is seeing. Probably still some infection left in System Restore so let's clean it out:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.

If you are still seeing problems:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Let's also try the bitdefender quickscan (also with IE). This one is very quick.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

#15
Guitarrulz

Posted 31 March 2012 - 07:44 AM

Member

Topic Starter
Member
10 posts

My apologies, I forgot to run the ESET in IE and instead ran it in FireFox. If you need me to re-run it, please let me know. However, I did run bitdfender in IE.

ESET LOG:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=29f14eb099f5d74e8842427211812cae
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-31 01:26:43
# local_time=2012-03-31 06:26:43 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 323389 323389 0 0
# compatibility_mode=5893 16776573 100 94 0 84739346 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=138933
# found=2
# cleaned=2
# scan_time=4507
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Trojan Found Using ESET:

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan cleaned by deleting - quarantined

Second Trojan Found Using ESET:

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan cleaned by deleting - quarantined

Bitdefender Log:

QuickScan 32-bit v0.9.9.113
---------------------------
Scan date: Sat Mar 31 06:33:26 2012
Machine ID: E0FCDEF6

No infection found.
-------------------

Processes
---------
ADSMSrv 1628 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
ADSMSrv 1648 C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
GFNEXSrv 1672 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
ADSMTray 3384 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
ALU 3504 C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
ASUS Screen Saver Protector 3308 C:\Windows\AsScrPro.exe
ASUS SmartLogon 3532 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
ASUS Turbo Gear Enhanced VGA Driver 2240 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
ASUS Turbo Gear Enhanced VGA Driver 3244 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
ATK Hotkey 3944 C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
ATK Hotkey 3280 C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
ATK Hotkey 3588 C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
ATK Media 4056 C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
ATKOSD2 3728 C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
Atouch64 3616 C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
Direct Console 2.0 3540 C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
Direct Console 2.0 3388 C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
distnoted 3700 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
Firefox 4800 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
GearHelp.exe 512 C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
Intuit Update Service 4832 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
iTunes 3992 C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 4020 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Kaspersky Anti-Virus 1988 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
Kaspersky Anti-Virus 1452 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
Microsoft® Windows® Operating System 3712 C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
Microsoft® Windows® Operating System 4152 C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
MobileDeviceService 1956 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Net4Switch 3780 C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
NVIDIA Update Components 2180 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
spmgr Module 1544 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
Stereo Vision Control Panel API Server 900 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
TurboGear.exe 2724 C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
ubd.exe 3364 C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
WBVGAservice.exe 1188 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
Windows® Internet Explorer 2532 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 2056 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 3844 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Network activity
----------------
Process avp.exe (1988) connected on port 80 (HTTP) --> 63.80.138.24
Process avp.exe (1988) connected on port 80 (HTTP) --> 74.125.224.193
Process avp.exe (1988) connected on port 80 (HTTP) --> 74.125.224.193
Process avp.exe (1988) connected on port 80 (HTTP) --> 199.7.57.72
Process avp.exe (1988) connected on port 80 (HTTP) --> 184.30.255.139
Process avp.exe (1988) connected on port 80 (HTTP) --> 184.30.255.139
Process avp.exe (1988) connected on port 80 (HTTP) --> 63.80.138.56
Process avp.exe (1988) connected on port 80 (HTTP) --> 63.80.138.56
Process avp.exe (1988) connected on port 80 (HTTP) --> 74.125.224.193
Process avp.exe (1988) connected on port 80 (HTTP) --> 74.125.224.193
Process avp.exe (1988) connected on port 80 (HTTP) --> 63.80.138.51
Process avp.exe (1988) connected on port 80 (HTTP) --> 66.235.142.3

Process avp.exe (1988) listens on ports: 1110, 19780

Autoruns and critical files
---------------------------
ADSMTray C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
AsScrProlog.exe C:\Windows\AsScrProlog.exe
ASUS Screen Saver Protector C:\Windows\AsScrPro.exe
ATK Hotkey C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
ATK Media C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
ATKOSD2 C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
Direct Console 2.0 C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
GearHelp.exe C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
HD Audio Control Panel C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Kaspersky Anti-Virus C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
Kaspersky Anti-Virus c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll
Microsoft® Windows® Operating System C:\Windows\system32\Ribbons.scr
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Realtek Voice Manager C:\Program Files\Realtek\Audio\HDA\Skytel.exe
TurboGear.exe C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
ubd.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Browser plugins
---------------
AcroIEHelper Library C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Garmin Communicator Plug-In C:\Users\Guitarrulz\AppData\Roaming\Mozilla\Firefox\Profiles\41kqjwes.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
Garmin Communicator Plug-In C:\Windows\Downloaded Program Files\GarminAxControl.ocx
Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
Google Update C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
Java™ Platform SE 6 U29 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U29 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
Kaspersky Anti-Virus C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
Kaspersky Anti-Virus C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
Microsoft® Windows Live ID C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Microsoft® Windows Live ID C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows Live ID C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
NVIDIA 3D Vision C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
NVIDIA 3D VISION C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
System Requirements Lab C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll
Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

Missing files
-------------
File not found: C:\Windows\System32\nwprovau.dll
--> HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\"LibraryPath"

Scan
----
MD5: c0bf554d2277f7a4c735d475ade2e3b2 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
MD5: 8ea12dfe1483241fd299d93db872cc26 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MD5: a95209b0323131e40309207d4c2616a8 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MD5: 44cb8f8c28bc8cc2ae73740b3a1502f3 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
MD5: f4dcd4912b185c3aaeb92a7040832ad1 C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MD5: eb1807795cd3eeaa3288b4a30de254e8 C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
MD5: fec6e5284c2c4a48084bfbd4a1ed1fcd C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
MD5: d62088f1c4e7b3477ad2a5f8f5c6def3 C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
MD5: f85834c5301820c3ca79f5a2b412a874 C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
MD5: 5723fd41724d992dbc6aef0ecd93d322 C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
MD5: 4a7c441d99d86704d194e7678873b95d C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
MD5: 69f879de639049ab5e1dbf6d1daa3020 C:\Program Files (x86)\ASUS\ATK Media\ATKMETHOD.dll
MD5: fb6912237629d8f934920c362a1f54e1 C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
MD5: bbbeba6d33f9cc659e477827eed47db3 C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
MD5: f5b8e0de0a1ee6c574e5c4c1bde00b21 C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
MD5: 26b7e4a6b43ab683f7ce858a843176c5 C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
MD5: 52febe7383efcd207b372e12d68e1994 C:\Program Files (x86)\ASUS\Direct Console\LED.dll
MD5: 4234b5364e35fccda19c258c2f24826a C:\Program Files (x86)\ASUS\Direct Console\MSN.dll
MD5: 1b637427975a532484c668eb79d5c150 C:\Program Files (x86)\ASUS\Direct Console\OLED.dll
MD5: 42cd45dd88dc2421867a18088124f407 C:\Program Files (x86)\ASUS\Direct Console\OUTLOOK.dll
MD5: d9bab11f7c5450417a6c83edab6de8f4 C:\Program Files (x86)\ASUS\Direct Console\OvrClk.dll
MD5: c15984c8cd3dba6f9a715024fe973adb C:\Program Files (x86)\ASUS\Direct Console\SysInfo.dll
MD5: 38595c19227d211b5a0932f6609a6c32 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
MD5: 9b4669a4ecb28e3fe3f7b395e0a92d46 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
MD5: 8dd42f233ec1317e5f7b0fc61e3d9bc2 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: c11f6a1f61481e24be3fdc06ea6f7d2a C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: 5afde66182599274ede47a4448da096f C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ApplePushService.dll
MD5: 92da9ede07390b4352b29dd82079e398 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
MD5: 35ac4b63cbb9fb6b4472913e9948b517 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: ba02f01be7ed88e8974c798acb3075f5 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
MD5: 5d76c8cc87d0efbe0b4a3bef6b67ebf0 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 67b539d844f804ebac7a1e3828fde709 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: bb3a22f3eed85a12cfb2dd60d9f9b52f C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
MD5: 126f34ac5d9e681d06499eec0dd6679e C:\Program Files (x86)\Common Files\Apple\Apple Application Support\Foundation.dll
MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 3bde52411df2fe4252c9289f51cb0f7e C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 9cb819197e6b2fd3dc0429e3dc1ccfdd C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libtidy.dll
MD5: 5e33c164dc7fa74728d8a83036c438bb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 32d78dcabfb942275e01363d5232c77d C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
MD5: 638c7596b493f5f77db9ef6bad8fe46c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: 2dedc3afe3c49b5dae717d0a9bebf298 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.DLL
MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: 25d7cfbbfad6e76a85865310f2e6fea7 C:\Program Files (x86)\Common Files\Apple\Internet Services\AOSKit.dll
MD5: f81f14dc4dd866552dd37398e68fe23f C:\Program Files (x86)\Common Files\Apple\Internet Services\ChunkingLibrary.dll
MD5: c16c054f1e07ee69090b03b5e053ba36 C:\Program Files (x86)\Common Files\Apple\Internet Services\GenerationalStorage.dll
MD5: 89084dd8c7a4c7fcda50485b33c6c98d C:\Program Files (x86)\Common Files\Apple\Internet Services\mmcs.dll
MD5: e0e15f209360e4a97abcc21a486b4aee C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MD5: 82d73d171bf119b5aae68bfefadfe9fe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd_main.dll
MD5: c753ed3da24f3fe86f754e08a14e2460 C:\Program Files (x86)\Common Files\Apple\Internet Services\Ubiquity.dll
MD5: 7ef47644b74ebe721cc32211d3c35e76 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: f8ecb748b53a010464f7a63154d75f56 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: 09ead9cb2346b671f8f079d3472134d8 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 2c478e667ce27b2b7142f756cf569a9a C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
MD5: 3dc635b66dd7412e1c9c3a77b8d78f25 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
MD5: 6e3245df783e58375b3465f03274743e C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MD5: 2424231bbd703a677d115c29983b4293 C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
MD5: 631289583481c45c7342efd57442b738 C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\vgx.dll
MD5: 9e0096a138c7d8dd773369f474007202 C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
MD5: 1e6b52abdf4082374de9d43cbd2f7e08 C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: cf5d4889c15cc8a40be54f55f27093b1 C:\Program Files (x86)\Internet Explorer\IEShims.dll
MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe
MD5: fc5c0757a0f50d8f3efc9c1476894934 C:\Program Files (x86)\iTunes\iTunesHelper.dll
MD5: 7746ff4871c7ee3c169d19b424a47710 C:\Program Files (x86)\iTunes\iTunesHelper.exe
MD5: 62dcdc3cff5eee1f8586035ffb5578ae C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: cf595046da4bf5c0dc13de5bdddc4485 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 8d43de6f1385057b8ad2857547b7b828 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
MD5: dc365b6e595683f67bc21a203432e336 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
MD5: 1e96525ae85d402f9f8047f8caef5f06 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 80b7a5958416e87f1a52d48179881a7f C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
MD5: af38d8b689359081962625366c6113b9 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\filemap.ppl
MD5: 4865af525c17eb7b8c4133319ade499c C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
MD5: 40291eb576569eee0cfdd59e062ae1a1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klscav.dll
MD5: 177b840f4841e5427d57d1f1c220d870 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\kltbar.dll
MD5: 1100ffdb370a0830d2e8687bfa2e3f96 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbcl.dll
MD5: f7e3c261efac13a90a374c15a457aa67 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblc.dll
MD5: a93292703b5a3f1218eeaa79c48b31de C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\nfio.ppl
MD5: 32fdc26e95259740aca05818fc8b41c0 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\params.ppl
MD5: 9a27a2b2d01db4f0df64347264632cbd C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\prloader.dll
MD5: 7ba0a93fe5039d6e5645f76273364b67 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\propmap.ppl
MD5: 32265867104f43bf9223f4dfde718730 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\prremote.dll
MD5: dfe530e1d22e6d1f5f72c66176b4216c C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\pxstub.ppl
MD5: f77cdb030a2dfb77f10de9d595a76943 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\scrchpg.dll
MD5: 4d16f5b21e8ed0e1d6f108f630f4467b C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\winreg.ppl
MD5: 36a0f250c766d27bfe5a953c1a65b696 c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
MD5: 6204c26dcb34b2eed90d5596940d143b C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
MD5: 637f2bdc0e53704d121ddd27a1f62090 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MD5: 792ad4e12d88fa5c00aef1cd47c799f4 C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MD5: 34de10b73cd7fc49883194e7d3be22de C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MD5: f999636c41c916d0155d56a85249cc64 C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
MD5: 48e8dea531335d2b19a3a8447f8b004b C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MD5: cfa3c950b2b8ee3c5034d65f2bc41197 C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
MD5: f4244f5e60a86b5c4bdea7df2a78fc7e C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
MD5: 42715cffa91f27e92f7a3ff4f9ebfe66 C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MD5: c416c299590deeee0be11b888f883f6a C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MD5: bbb6d09959d7530254a532a3de0b722a C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MD5: 74108b60faf9d33975fec563f151dd4c C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
MD5: 4b1e9f38378763c9947410fc72a8d2d3 C:\Program Files (x86)\Mozilla Firefox\plc4.dll
MD5: 81b31aff59c953ab6470db8d1085dbee C:\Program Files (x86)\Mozilla Firefox\plds4.dll
MD5: d54b335c7a41bbe015a9360b038b78bc C:\Program Files (x86)\Mozilla Firefox\smime3.dll
MD5: 7560db4cc2ad90a24bb2f823100cc0b2 C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MD5: 5d8f040c8083a361d3496b06a51d3560 C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
MD5: c896d6b31e08d50080495b5de76fc0b5 C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
MD5: b2187594f83a69cc04e74bf878d8b5a3 C:\Program Files (x86)\Mozilla Firefox\xul.dll
MD5: 6bf3b3b67fede52ba67b35cb57b51e32 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
MD5: b93ecdb31ab5da3bf131d393f0e0511d C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
MD5: 70b72c2411153b71e79c36e120ae302a C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MD5: 0ff69503e2e1fbeaf57bccc5136e14e0 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
MD5: 9e1222c417291bc836210743624a8e5e C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
MD5: a621d67e4b3f278c8664641ebf070d0d C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStereoApiI.dll
MD5: 7e22de30e222bfdfcec7e77032baf3cd C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
MD5: 632eded399df9223c2ca731932b35d6a C:\Program Files (x86)\Windows Mail\msoe.dll
MD5: e75b5018f961c2db0fdfec7414b6ef2e C:\Program Files (x86)\Windows Mail\msoeres.dll
MD5: 247bb80a929ff381808feab2998f8c7c C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
MD5: 7d66ebde8b7f9b4e00beefeee82670d4 C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
MD5: 89a3fadbe9b26453c71b3b365ab70f9b C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
MD5: db029472e09f7c5db7ab05ba2833193b C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
MD5: 1962d4b729cae91a063b3306c0f44ce4 C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
MD5: 739db668dbd812285ecc553e64a5e212 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
MD5: b8eee72879838de037dd2683e1f3869e C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
MD5: cc63071a849dae4d7ff3d727bc0ec6d9 C:\Program Files\ASUS\NB Probe\SPM\spos.dll
MD5: acaebf071eba0b26f75e7b06fffd161c C:\Program Files\ASUS\Net4Switch\cxcmrt.dll
MD5: 98e4981102ee30c86b623eecac8d8edd C:\Program Files\ASUS\Net4Switch\iphelper.dll
MD5: e053808a58ac178c42537bccc5c14e76 C:\Program Files\ASUS\Net4Switch\ipsw_cfgmgr.dll
MD5: 1a3150ad4d457ab77f09644e3256696f C:\Program Files\ASUS\Net4Switch\ipswcom.dll
MD5: a629d8b372ee24d11179b1e2756863e0 C:\Program Files\ASUS\Net4Switch\ipswcore.dll
MD5: 3143701c2816c660748c55411143bcc7 C:\Program Files\ASUS\Net4Switch\ipswds.dll
MD5: 38136e040711444dd38fe603717353f7 C:\Program Files\ASUS\Net4Switch\ipswgblset.dll
MD5: 3dfff99064240db92f44ccbca7fd8d61 C:\Program Files\ASUS\Net4Switch\ipswhlp.dll
MD5: a0a611b2e8dafd5a338760ade98cb8c1 C:\Program Files\ASUS\Net4Switch\ipswobj.dll
MD5: 333102fe1471484eea7f61248aa7c64f C:\Program Files\ASUS\Net4Switch\ipswresmgr.dll
MD5: f9283a7980114bd8a5af378a8b9dee92 C:\Program Files\ASUS\Net4Switch\ipswsysmon.dll
MD5: ed9c2822e469a54f10a153b2d12c21b4 C:\Program Files\ASUS\Net4Switch\ipswui.dll
MD5: 9d6d2386849369958166cfbee3c8fada C:\Program Files\ASUS\Net4Switch\LogonStartup.dll
MD5: c86fcc57039fb337d18786ddfecf447c C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
MD5: 299f4bee1cba746d5abc211ddb1a473f C:\Program Files\ASUS\Net4Switch\ResItf.dll
MD5: 89c3f5089837108acaa8e9eb7770b003 C:\Program Files\ASUS\Turbo Gear\atkmethod.dll
MD5: 8374cdc7882a0a2ccc8a6c72b83ec61e C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
MD5: dbbc9c33835afda71fb4999ce505b493 C:\Program Files\ASUS\Turbo Gear\OcSetting.dll
MD5: 5bbc951150e738f108c6d3d325bd4029 C:\Program Files\ASUS\Turbo Gear\pngio.dll
MD5: 9e659aa046dd74f2d372aa9ac3c4b01e C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
MD5: 154c07fcd2cac728c1166307515ed61d C:\Program Files\ASUS\Turbo Gear\TurboGearExtreme.dll
MD5: 5146ee8519b1e76a2336c07df42ed993 C:\Program Files\ATKGFNEX\AGFNEX.dll
MD5: 2db34edd17d3a8da7105a19c95a3dd68 C:\Program Files\ATKGFNEX\ASMMAP64.sys
MD5: 7c157574a181b19b9dcf5f339e25337e C:\Program Files\ATKGFNEX\GFNEXSrv.exe
MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 0a888754c63c3a5d8cd8f7492c62b40d C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 755e4ba6dce627a2683bb7640553c8d6 C:\Program Files\iPod\bin\iPodService.exe
MD5: 9fb64e57c353c1e6f8b237914d55099c C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
MD5: 9e0702a60299c38e0411f97d0f1c7c47 C:\Program Files\Realtek\Audio\HDA\Skytel.exe
MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: 414badce0803e142b5b57322e85103ac C:\Users\Guitarrulz\AppData\Roaming\Mozilla\Firefox\Profiles\41kqjwes.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
MD5: dde609ac0ed5669dc40650dfe0e66c3e C:\Windows\AsScrPro.exe
MD5: 768021cdb3b8d3cfaaccbae39628b5ba C:\Windows\AsScrProlog.exe
MD5: c80da476bfbad97d874a0efe037d7113 C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MD5: 937fbd23997a91af923d5e89286126bd C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MD5: 35cab7cf3754c41aeb69dce1d5aca5a4 C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MD5: 6db969df540bc71722848940d180ac08 C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MD5: 12500e86fafeb5cb22c0aba370cfffbd C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MD5: 26d2b399e87f2df5dbce2dac24d94cff C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MD5: c0770e006d0556d359f586ed86ead004 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MD5: 03a615644f1fd6996e5c36d22f9d1e5f C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll
MD5: fe88e72f1b01ef8334e47ec44117559f C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MD5: f71a731e236fb55e3585dc5391d286d3 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MD5: 54b21273aaf8a0ba1c06494ffb21bb29 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MD5: 515d0e89532fa76488be97427de4207f C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MD5: e5210eb71e2017951050550067c30093 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MD5: b37a7c2b855fa1523a6840246c250fb2 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MD5: 1d114e646e5cc8b6d18238eba210f9ae C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MD5: bc204ce4cd9d08d6b178dfc77095b850 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MD5: b89cb7f3f1a1e2807e708f5435deb13d C:\Windows\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MD5: 5a7a33f7f9dfc0c0a8b8e000f4d9d898 C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MD5: 34b28f4ad92f4a75d739f7b0e06858ef C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MD5: 1d4da021b0ad837b35afb772cc7c636d C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MD5: f68caff425a9f37e498193bddc5cc652 C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MD5: 2228fa05bcc728e116663a5e11ed6301 C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MD5: 5b3fa17e1cd6fbbdf41ac34daeecc256 C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MD5: 162ac985f452724d8ce7ccefc842809f C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MD5: 470e2295090550bc1b31ce2afc98f808 C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll
MD5: 638f45c6397c911828d2a478729b23aa C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MD5: fff324a37cb0a2704d070f41059e5ab0 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll
MD5: 3d725c257ea3952158fffbb5874896da C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MD5: 6384af9ba8ca54f0f9a6f4a6d77e596e C:\Windows\Downloaded Program Files\GarminAxControl.ocx
MD5: ebc89d1526dc72917d4421551656c54e C:\Windows\Downloaded Program Files\qsax.dll
MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehRecvr.exe
MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\Explorer.exe
MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 59d16fd61802739988728790bf1232b3 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: 96076b8fcdff3c6db4ccfbf7fe3a9b28 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: 773212b2aaa24c1e31f10246b15b276c C:\Windows\servicing\TrustedInstaller.exe
MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll
MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\system32\AUDIOSES.DLL
MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll
MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe
MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll
MD5: a585bebf7d054bd9618eda0922d5484a C:\Windows\system32\cryptsvc.dll
MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\system32\cscapi.dll
MD5: 35cede6439ff0d8903223a0817ffe46c C:\Windows\system32\d2d1.dll
MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll
MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll
MD5: 78b7a3bda25c90daa50d36a56a8d1351 C:\Windows\system32\D3D10Warp.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\system32\dbghelp.dll
MD5: 162d247e995eaebf3ef4289069e1111c C:\Windows\system32\DEVRTL.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\system32\dhcpcore.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\dnsapi.DLL
MD5: 062373995eae5f0eac9eaa9192136bfb C:\Windows\system32\dnssd.dll
MD5: 0a5c7253183a6f956d10a3a4bbc96288 C:\Windows\system32\DWrite.dll
MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll
MD5: 5c3f9dba818cd93379d1a0f215270374 C:\Windows\system32\ESENT.dll
MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\system32\Explorer.exe
MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\explorerframe.dll
MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\System32\fwpuclnt.dll
MD5: ed6f6fbbcdec95483b7351e23f4fcdf6 C:\Windows\system32\IEADVPACK.DLL
MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\system32\IEFRAME.dll
MD5: 07970aa4c392efb133d1a1bfbd66a58f C:\Windows\system32\IEUI.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\system32\IMM32.DLL
MD5: ed27d1d75bf5e683ad3edd9e3123520a C:\Windows\system32\INETCOMM.dll
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\iphlpapi.dll
MD5: dc6612a9ee015a36ba2a27bc9cc12537 C:\Windows\system32\MFC42.DLL
MD5: 24caedcd73b5b0e22226283b7b2468c7 C:\Windows\system32\MFC42u.DLL
MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\System32\MMDevApi.dll
MD5: d4191efab91e00fc09257aa5ebaf503b C:\Windows\system32\MPRAPI.dll
MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll
MD5: d83947a58613e9091b4c9cc0f1546a8d C:\Windows\system32\mscoree.dll
MD5: 7940c04ce581288a3498d57ec4ee47d2 C:\Windows\system32\msfeeds.dll
MD5: 497c9c3db953a60ec4f43a097e15f75e C:\Windows\system32\MSHTML.dll
MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C:\Windows\system32\msi.dll
MD5: 1fc31851613b25060a5815d6935310a9 C:\Windows\system32\msidcrl30.dll
MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll
MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C:\Windows\System32\msxml3.dll
MD5: 269d867585cda04d3972a39f3694e7df C:\Windows\System32\msxml6.dll
MD5: 8b57a1ad493653bb57f281fe75dd175b C:\Windows\System32\NaturalLanguage6.dll
MD5: a4cc7227a452c4909f9499d91b184364 C:\Windows\system32\NCObjAPI.DLL
MD5: 8ce1a6d16b9077e91e192499eb611c5f C:\Windows\system32\NETAPI32.dll
MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll
MD5: 03f3b770dfbed6131653ceda8ca780f0 C:\Windows\system32\ntshrui.dll
MD5: fef761350dd13d7d54c58cc4e334dac4 C:\Windows\system32\nvapi.dll
MD5: 0914ae04bf55ff19d9f94ca0a6fc3b71 C:\Windows\system32\nvd3dum.dll
MD5: 26430bc34d19df5f2f76b86b986eca6d C:\Windows\system32\nvwgf2um.dll
MD5: 7d34af98a706230cc2dedfe0cabf87ab C:\Windows\system32\ODBC32.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\OLEACC.dll
MD5: 487f44b08efeaf5ad087878357b9403d C:\Windows\system32\pdh.dll
MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\system32\PROPSYS.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\system32\provsvc.dll
MD5: 831319977c168ffcf4e9abb83a992f80 C:\Windows\system32\Ribbons.scr
MD5: 102cf6879887bbe846a00c459e6d4abc C:\Windows\system32\RICHED20.dll
MD5: b5506b451bfe7148eca7056bda2970bd C:\Windows\system32\RICHED32.DLL
MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll
MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\system32\rtutils.dll
MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\SAMCLI.DLL
MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\system32\SearchIndexer.exe
MD5: 69678722290c78d5d7198c60b5a4e3e8 C:\Windows\system32\Secur32.dll
MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll
MD5: be247ae996a9fde007a27b51413a6c79 C:\Windows\system32\shdocvw.dll
MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll
MD5: 4b9e4ce667df26ada061aa81e9aa841d C:\Windows\system32\SPFILEQ.dll
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll
MD5: 6a1e8deb746912df47cf651e138401d7 C:\Windows\System32\StructuredQuery.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL
MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll
MD5: 465dbf63a5049e4db4bc5c12ffe781cb C:\Windows\system32\tquery.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll
MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll
MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\system32\wdmaud.drv
MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll
MD5: fb19fc5951a88f3c523e35c2c98d23c0 C:\Windows\system32\webio.dll
MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\windowscodecs.dll
MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\system32\WINHTTP.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\WINSPOOL.DRV
MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll
MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\WTSAPI32.dll
MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\system32\xmllite.dll
MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\syswow64\ADVAPI32.DLL
MD5: f436e847fa799ecd75ad8c313673f450 C:\Windows\syswow64\CFGMGR32.dll
MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\syswow64\comdlg32.dll
MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\syswow64\CRYPT32.dll
MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\Windows\syswow64\DEVOBJ.dll
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll
MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\Windows\syswow64\GDI32.dll
MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll
MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\SysWOW64\ieframe.dll
MD5: cdf5b6aec538e02d5579e2e791042a1a C:\Windows\syswow64\iertutil.dll
MD5: 2f0971c08f73ee881bb54cc7c11dff7b C:\Windows\SysWOW64\jscript9.dll
MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:\Windows\syswow64\kernel32.dll
MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:\Windows\syswow64\KERNELBASE.dll
MD5: 5789773089bc334c56cc31833f20daf6 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\syswow64\MSASN1.dll
MD5: 497c9c3db953a60ec4f43a097e15f75e C:\Windows\SysWOW64\mshtml.dll
MD5: 9dc80a8aaaaac397bdab3c67165a824e C:\Windows\syswow64\msvcrt.dll
MD5: e73b0f1819602cb6ef176fb78d76a47b C:\Windows\SysWOW64\ntdll.dll
MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\syswow64\OLE32.DLL
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\SysWOW64\OLEACC.dll
MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\syswow64\OLEAUT32.DLL
MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\Windows\syswow64\RPCRT4.dll
MD5: 1affb765af1fdcc0c185c38e9ddddaee C:\Windows\SysWOW64\schannel.dll
MD5: 69678722290c78d5d7198c60b5a4e3e8 C:\Windows\SysWOW64\Secur32.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\syswow64\SETUPAPI.dll
MD5: 358fc25391c6733eaf49db480afdfd8c C:\Windows\syswow64\SHELL32.dll
MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\syswow64\SHLWAPI.dll
MD5: 44b2693080979a0e05085b3faaa43a09 C:\Windows\syswow64\SspiCli.dll
MD5: 79f14b5df9e17e12193337ed4ee1c491 C:\Windows\syswow64\urlmon.dll
MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\Windows\syswow64\USER32.dll
MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\syswow64\USP10.dll
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\sysWOW64\wbem\FastProx.dll
MD5: e6410546e86dc2c8068dca88065bd7ab C:\Windows\SysWOW64\wbem\WmiPerfClass.dll
MD5: a16195753e7c603fb732c53fe08c64bf C:\Windows\SysWOW64\wbem\WmiPerfInst.dll
MD5: 4fb491ac8d46aaf22ba8bc5c73dabef7 C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll
MD5: 1d94fa7c81d2ffe494af094619ba706f C:\Windows\syswow64\WININET.dll
MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\Windows\syswow64\WINTRUST.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\syswow64\WLDAP32.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\syswow64\WS2_32.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: b3892e6da8e2c8ce4b0a9d3eb9a185e5 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.DLL
MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.DLL
MD5: 0029eba325f2fc9b6ba46bee33f32a09 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 1.32 KB recvd
Scanned 494 files and modules - 33 seconds

==============================================================================