Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ping.exe process keeps running

Started by nadtribble , Aug 23 2011 10:56 PM

  • This topic is locked This topic is locked

#1
nadtribble
Posted 23 August 2011 - 10:56 PM

nadtribble

    Member

  • Member
  • PipPip
  • 36 posts
Not sure if I'm in the right section or not. Lately something has been causing my ping.exe to run constantly. I can shut it down using task manager. but it keeps starting up on its own. not sure what's going on. I'm using window7 64 bit. Have done malware scans with marwarebytes anti-malware, and use microsoft security essentials. have also done scans with spybot search and destroy. No virus's or malware detected. any help would be appreciated. Hear is my otl log
OTL logfile created on: 8/23/2011 10:50:40 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\easyhome\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 52.07% Memory free
7.50 Gb Paging File | 5.67 Gb Available in Paging File | 75.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.88 Gb Total Space | 755.53 Gb Free Space | 82.85% Space Free | Partition Type: NTFS

Computer Name: EASYHOME-PC | User Name: easyhome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/23 22:48:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\easyhome\Desktop\OTL.exe
PRC - [2011/08/16 21:54:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/09 23:50:50 | 000,613,992 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/09/27 19:49:38 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe
PRC - [2010/09/21 17:22:20 | 000,309,104 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\easyhome\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
PRC - [2010/09/09 17:58:12 | 000,155,752 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
PRC - [2010/09/09 17:50:38 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/08 10:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2009/07/13 21:55:16 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/07/07 06:35:48 | 000,438,376 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe
PRC - [2009/07/07 06:32:42 | 001,346,048 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio PRO\THXAudioCP\THXAudio.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/18 20:28:50 | 003,356,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\7ea26f73b1db8ffa4afa9c96a1cbe9e5\WindowsBase.ni.dll
MOD - [2011/08/18 14:34:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011/08/16 21:54:40 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/09 22:12:37 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/31 15:51:34 | 000,077,312 | ---- | M] () -- C:\Users\easyhome\AppData\Roaming\Mozilla\Firefox\Profiles\jb57vp1e.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko6.dll
MOD - [2011/05/04 16:34:29 | 003,178,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/03/29 16:31:57 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/11/09 23:51:28 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll
MOD - [2010/11/09 23:50:50 | 000,613,992 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/03/02 17:24:26 | 005,279,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/03/02 17:24:26 | 004,214,784 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2009/07/13 22:35:46 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
MOD - [2009/07/13 22:35:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
MOD - [2009/07/13 22:35:42 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
MOD - [2009/07/13 18:46:40 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/07/13 18:46:36 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009/07/13 18:46:34 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2009/07/13 18:46:30 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2009/07/13 18:46:22 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2009/07/13 18:46:14 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2009/07/07 06:36:08 | 000,014,368 | ---- | M] () -- C:\Program Files (x86)\Gateway\Gateway TouchPortal\LanguageDll\TouchPortalLauncher-en.dll
MOD - [2009/07/07 06:32:48 | 000,181,248 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2003/02/02 20:06:02 | 000,153,088 | ---- | M] () -- C:\Windows\SysWOW64\UNRAR3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/09 09:01:25 | 008,205,576 | RH-- | M] () [Auto | Running] -- C:\Windows\SysNative\servicescache.exe -- (systemCheck)
SRV:64bit: - [2011/08/09 08:59:24 | 000,199,944 | -HS- | M] () [Unknown | Running] -- C:\Windows\SysNative\CNGKeyLock.exe -- (CNGKeyLock)
SRV:64bit: - [2011/08/09 08:59:23 | 008,350,984 | RHS- | M] () [Unknown | Stopped] -- C:\Windows\SysNative\sysDriverHardWare.exe -- (MicrosoftHardwareDriver)
SRV:64bit: - [2011/08/09 08:59:22 | 008,355,080 | RHS- | M] () [Unknown | Stopped] -- C:\Windows\SysNative\sysSecurityCheck.exe -- (SysCacheDriver)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/09 17:50:38 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/08/10 21:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009/08/10 21:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/07/13 21:54:04 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/06/01 20:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/03 21:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/01/15 18:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 10:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/07/13 18:46:26 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/09 09:01:26 | 000,020,104 | R--- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\akerneldrv64.sys -- (akerneldrv)
DRV:64bit: - [2011/08/09 09:01:26 | 000,016,008 | R--- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\pcrasys64.sys -- (pcrasys)
DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/09 18:18:10 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/09/09 18:18:08 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/07/13 20:53:42 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/07/13 19:59:34 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:59:32 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:59:32 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 06:17:22 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/06/30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/06/10 18:37:34 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/06/10 18:35:34 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 18:34:32 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 18:34:22 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2009/07/13 21:17:56 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gateway.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gateway.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.shaw.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.shaw.ca/start/enCA/"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.34
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:4.1.8
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20101009
FF - prefs.js..keyword.URL: "http://vshare.toolba...spx?srch=ku&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/09/09 17:41:43 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/09/09 17:41:43 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/16 21:54:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/02/28 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\easyhome\AppData\Roaming\mozilla\Extensions
[2011/08/21 10:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions
[2011/08/09 22:05:37 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/08/15 14:18:18 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/02/26 21:08:53 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2011/08/09 22:05:44 | 000,000,000 | ---D | M] ("CyberSearch") -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\[email protected]
[2011/02/26 21:08:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\[email protected]
[2011/02/26 21:08:35 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\[email protected]
[2011/02/26 21:08:38 | 000,000,000 | ---D | M] (Portalarium Player) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\[email protected]
[2011/02/26 21:08:47 | 000,000,000 | ---D | M] (vShare) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\vshare@toolbar
[2011/01/09 13:45:28 | 000,000,863 | ---- | M] () -- C:\Users\easyhome\AppData\Roaming\Mozilla\Firefox\Profiles\jb57vp1e.default\searchplugins\conduit.xml
[2010/05/01 21:03:17 | 000,000,266 | ---- | M] () -- C:\Users\easyhome\AppData\Roaming\Mozilla\Firefox\Profiles\jb57vp1e.default\searchplugins\Search.xml
[2011/01/30 19:01:03 | 000,001,583 | ---- | M] () -- C:\Users\easyhome\AppData\Roaming\Mozilla\Firefox\Profiles\jb57vp1e.default\searchplugins\web-search.xml
[2011/08/10 21:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/10 21:38:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\EASYHOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JB57VP1E.DEFAULT\EXTENSIONS\[email protected]
[2011/08/16 21:54:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe (Acer Corp.)
O4:64bit: - HKLM..\Run: [TouchPortalV3Launcher] C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe (Acer Corp.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Gateway\Gateway TouchPortal\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PRO\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [TouchMovieService] C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TouchPortalV3Launcher] C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe (Acer Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [WeatherEye] C:\Users\easyhome\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/23 22:48:20 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\easyhome\Desktop\OTL.exe
[2011/08/23 22:22:32 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1CA94C84-3EFD-4113-A89A-3198BDA4B398}
[2011/08/23 22:13:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{4E3AFF1B-7E6C-4681-8211-95415B772CF4}
[2011/08/23 20:48:06 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer
[2011/08/23 20:48:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer
[2011/08/23 11:02:45 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{08C4EF53-AA28-4073-A848-782FCBC9F9F7}
[2011/08/23 10:28:05 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{E03D3F18-3040-497E-948B-7AD28EF0BAB3}
[2011/08/23 07:55:21 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{FBB328C8-C249-4201-ABE5-ABE48AEA42EA}
[2011/08/23 07:03:44 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{2410255F-2A6D-412F-AC25-856DDDEC8CFB}
[2011/08/22 21:44:18 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{9CD262F0-2104-4668-8FA2-6A3698BE1F13}
[2011/08/22 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{FA99406C-A357-4BBB-9359-8E897D8135D8}
[2011/08/22 19:23:17 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\CleanMyPC Software
[2011/08/22 19:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CleanMyPC
[2011/08/22 19:21:32 | 000,000,000 | ---D | C] -- C:\registrycleaner
[2011/08/22 18:51:24 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{06858AF1-73DE-4A8D-8FFB-D8FE520F6346}
[2011/08/22 18:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/08/22 18:09:26 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\GetRightToGo
[2011/08/22 13:49:55 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{12F54B3F-0E09-4142-BEB3-A95E89E74589}
[2011/08/22 10:56:09 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1411B689-2F1F-42D4-948B-8DDE132CADD9}
[2011/08/22 10:03:27 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0438D4F5-6968-436F-A28D-E5FB1121231E}
[2011/08/22 09:58:53 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{A6F895E7-6139-44A8-A5E0-642BC04B68C7}
[2011/08/21 20:12:00 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{C2CC1BED-A7BB-4864-851A-199452082BAF}
[2011/08/21 12:34:25 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{C2E04CE0-739A-4681-A595-187D623BD434}
[2011/08/21 09:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/08/21 09:12:46 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{E4A7B2C4-84CF-477F-B5DD-8C5A7E3AA22A}
[2011/08/21 09:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011/08/20 13:09:17 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{D3E22284-198D-4B03-8BCF-F44901651186}
[2011/08/19 17:13:32 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{3A18C3CF-AEEA-4EBB-B158-D33D95AD9074}
[2011/08/19 10:12:46 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{E5D08D6B-69E4-48FC-9F58-B5AE4D732598}
[2011/08/19 00:11:03 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{5C25F32A-B0C3-44EF-9612-D375111F10BF}
[2011/08/18 23:49:12 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{8F0BE1F2-F403-48C9-B0F2-E3F918D77AB2}
[2011/08/18 20:42:44 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{2BA6D897-AB9F-4706-9AD0-4B08B5DDFB41}
[2011/08/18 20:11:02 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1F947CD7-02BC-4F10-8A5A-F7196CF3C566}
[2011/08/18 19:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
[2011/08/18 19:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2011/08/18 19:51:53 | 000,000,000 | ---D | C] -- C:\drivergenius
[2011/08/18 18:39:05 | 000,000,000 | ---D | C] -- C:\processexp
[2011/08/18 15:50:15 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{47828F8B-3CAC-4ABE-BB4F-6B850910F6A9}
[2011/08/18 13:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/08/18 13:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/08/18 13:06:03 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{160F230B-14E7-427E-810C-8E7628B00BB4}
[2011/08/18 09:52:44 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{FEB63173-CF85-453C-92AB-DEAAFEBF70D5}
[2011/08/18 09:46:29 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{ED010BA6-B399-44B6-98F8-6728B31EE194}
[2011/08/17 13:27:31 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{CB33CF7F-5C42-4EF2-B372-5FBEE35C8BB5}
[2011/08/17 12:30:52 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{AF489237-016F-497A-80E8-C4B56CD7DB58}
[2011/08/17 10:47:08 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{9DBB5A25-1D34-4490-A932-8D2D0855978F}
[2011/08/16 22:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/16 21:53:36 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2011/08/16 21:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011/08/16 13:24:00 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1569294B-4EE1-44FD-AEDC-A24E381F044E}
[2011/08/16 11:07:07 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{B14B8F06-5434-4CAC-993C-98E9297D3159}
[2011/08/16 08:30:09 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{AD8CB99B-08B6-4C84-BFDC-1D3994043588}
[2011/08/15 22:18:06 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{671AC9D7-DD96-4A61-AF48-FE7ADD32007A}
[2011/08/15 20:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/08/15 20:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/15 20:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/08/15 17:22:24 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{ECC06D14-8C21-4DE6-89DB-E54CD3AECA53}
[2011/08/15 17:06:04 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{E02F83DE-1FFB-43E3-A789-F64EAE63B465}
[2011/08/15 10:14:49 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{D278C048-409C-4BE5-B09E-26FDA51C6560}
[2011/08/15 08:43:45 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{B46BE585-BB86-4ACA-ACAC-85C2CCC3AAE9}
[2011/08/15 08:22:05 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{C6932D6F-BCE6-4CBE-AE31-ECBFDC69FFDF}
[2011/08/14 22:58:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/14 22:38:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/14 21:54:15 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{7CC90DB4-527D-486E-958E-7012AC937282}
[2011/08/14 21:53:36 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{65DCCDA8-7493-4803-80B8-8C80FD7EB8F1}
[2011/08/14 21:35:43 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{568CEDFA-6E00-4D10-AC59-6D23B6B2E87B}
[2011/08/14 18:13:37 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{9EFD0270-D812-4ED2-88F3-114EAABDCC53}
[2011/08/14 13:04:03 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{28B47389-D678-4058-8F54-8C853D88D6D9}
[2011/08/14 12:56:24 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1BFCAD49-B182-498D-B4B3-223711596CAF}
[2011/08/14 01:21:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{4E9E4855-F3D8-4A15-84A5-C4589A8C9A13}
[2011/08/12 21:13:19 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{5CA4307B-C757-4203-BFBF-FBB74FD4B821}
[2011/08/12 20:52:28 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{812640BC-D72A-483C-83FF-9E82EA5DB0E3}
[2011/08/12 17:56:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/12 17:56:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/12 17:56:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/12 17:46:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/12 17:20:07 | 004,170,159 | R--- | C] (Swearware) -- C:\Users\easyhome\Desktop\puppy.exe
[2011/08/12 14:16:26 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{B8396A0C-E930-4ECF-B734-FBAD6136C360}
[2011/08/12 11:03:54 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{2A42E3CA-0AE8-474D-94DC-BFE8F068A8B9}
[2011/08/12 08:59:59 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{9F00EF5D-EA3F-4BF3-A567-6792E8D5E6A8}
[2011/08/12 07:56:31 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{51583D6E-FFC6-4CC3-A1A6-FF29F203256B}
[2011/08/12 06:57:27 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{29DD3B1B-250E-489F-BD26-552169900B2A}
[2011/08/11 21:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/08/11 07:31:31 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{46A6F414-E9A7-47B6-9D1D-8A7E57FDC756}
[2011/08/10 21:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
[2011/08/10 21:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PopCap Games
[2011/08/10 21:41:46 | 000,000,000 | ---D | C] -- C:\bjblitxcrack
[2011/08/10 21:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2011/08/10 21:03:09 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{128F13D0-3842-47B1-9B89-5B21197523E5}
[2011/08/10 19:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/08/10 19:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011/08/10 19:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2011/08/10 19:44:32 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\Simply Super Software
[2011/08/10 19:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011/08/10 19:42:53 | 000,000,000 | ---D | C] -- C:\trojanremover
[2011/08/10 19:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ConeXware
[2011/08/10 19:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PatchBeam
[2011/08/10 19:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerArchiver
[2011/08/10 19:40:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerArchiver
[2011/08/10 19:26:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{7FF28835-FF6F-4DB9-9F5D-7BB64D1ECC22}
[2011/08/10 14:52:19 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{502F35FB-46CC-42FD-930A-2ECD26AAE7F6}
[2011/08/10 00:42:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/10 00:26:51 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{3F11519D-B896-4A02-86B8-F90226FE3F13}
[2011/08/10 00:10:47 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{BA8FF579-3346-474F-A4C4-1EA01F7EF93A}
[2011/08/09 22:27:49 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\Conduit
[2011/08/09 22:27:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011/08/09 22:27:02 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\uTorrent
[2011/08/09 22:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/08/09 22:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/08/09 22:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/08/09 20:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2011/08/09 20:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bejeweled Blitz
[2011/08/09 18:39:48 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/09 18:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/09 18:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/09 18:39:44 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/09 18:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/09 18:30:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/09 09:01:32 | 008,007,680 | R--- | C] ( ) -- C:\Windows\SysNative\Microsoft.mshtml.dll
[2011/08/09 09:01:32 | 000,126,976 | R--- | C] ( ) -- C:\Windows\SysNative\Interop.SHDocVw.dll
[2011/08/09 08:05:49 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{E36CF281-1FA8-4472-913F-78A6273FCB97}
[2011/08/09 06:53:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/08/09 06:53:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/08/09 05:05:46 | 000,000,000 | ---D | C] -- C:\book
[2011/08/09 04:04:35 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{69B3D09B-92EF-4753-BAFD-89EB9BA1182B}
[2011/08/09 04:01:41 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\Vaco
[2011/08/09 04:01:41 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\Diik
[2011/08/09 03:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/08/09 03:52:59 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0EA25A2A-C61D-49A1-B9D1-9DF6BAE8FBD8}
[2011/08/09 03:39:26 | 008,007,680 | ---- | C] ( ) -- C:\Windows\SysWow64\Microsoft.mshtml.dll
[2011/08/09 03:39:24 | 000,126,976 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.SHDocVw.dll
[2011/08/09 03:22:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/08/08 19:39:14 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0E4A281B-2BD6-45BB-9C19-C94FFE192F75}
[2011/08/08 19:25:46 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0A47FAC2-29AD-4BE7-8A0A-7BE1C41208BC}
[2011/08/08 19:25:34 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{AE5E8579-B81F-4BA8-BE4B-8CB298AF60F5}
[2011/08/08 18:01:25 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0A72364B-BB87-467B-8818-9D37614F6BC6}
[2011/08/08 18:01:12 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{68118980-E043-4B09-BD76-9042E1C5CD70}
[2011/08/08 12:17:38 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{38EAFFCD-198B-4E96-B9AE-B1FEF08EAC44}
[2011/08/08 12:17:26 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{BFF90156-A729-4D31-AC76-63A4D1998C84}
[2011/08/08 08:13:00 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{A0A8FD55-1CE2-4F93-B76C-40B60BA685E8}
[2011/08/07 18:10:45 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{05F241D3-7BAD-4F73-A748-E1DD4809C448}
[2011/08/07 18:10:33 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{346C1192-5F4F-41C3-B1C9-48AB60FFD952}
[2011/08/07 10:25:47 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{A884CBD8-E104-4206-BBC1-DD41E9107521}
[2011/08/07 09:59:54 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0FA4B5A9-BCA4-4E62-890A-06EF128DD735}
[2011/08/06 16:11:09 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{2C0B8277-62FD-4C06-AAB0-562374BDB1EB}
[2011/08/06 16:10:57 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{82D6673D-4ED2-4ABA-A5A6-F98243DE63DF}
[2011/08/06 11:24:43 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{BFE1533C-0B76-4BA0-BB6E-E5688271AD81}
[2011/08/06 11:24:31 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{886995DD-5CB7-42BE-AF8D-91B5539BE0BE}
[2011/08/06 09:57:54 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{40A6733D-F3A0-400B-A5E2-F2E678329A69}
[2011/08/06 09:57:42 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{CEC9925C-D75B-4B36-B88B-D96EE8CE9837}
[2011/08/05 23:02:42 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1AD5572E-D6C5-4640-AEFE-D16CAF6C43FE}
[2011/08/05 21:54:14 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{9D581322-1AC2-48DD-8D52-9D4E0BCA6553}
[2011/08/05 21:54:02 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{19AFA376-B360-4340-8CBC-7517CBBC5664}
[2011/08/05 21:46:31 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{3BF716BC-8F99-4D99-89E9-665CDA70492A}
[2011/08/05 21:46:19 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{6E072E50-4440-4E65-89CE-581E33BAD446}
[2011/08/05 21:29:48 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{E037766F-F316-459E-B714-D11382469A88}
[2011/08/05 21:16:58 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{EA859097-F242-465C-986F-A1D88B4E1E84}
[2011/08/05 20:48:59 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{F68E30F0-E21C-494A-A5A5-674528C3B484}
[2011/08/05 20:12:46 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{038DA731-209D-4808-A4B7-C56613943B44}
[2011/08/05 20:09:56 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{93D84BD2-9282-49CD-B7F0-8B6B9C7CE118}
[2011/08/05 20:09:44 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{75F84332-8CFA-440B-93B7-E058F3C5C7E0}
[2011/08/05 17:19:42 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{41C643B7-2A6D-4D89-BECA-2012F39B9A3B}
[2011/08/05 17:19:30 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{D03DD6A2-0FFE-4D8C-915B-D9A8763FA473}
[2011/08/05 14:16:24 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{8281DF27-A431-4923-9B4A-C2E86720FC62}
[2011/08/05 13:49:24 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{003E81D6-66BF-42B8-A65C-94465BDB08E9}
[2011/08/05 13:49:12 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{4B894D5E-D7F1-4496-82D3-77683CB1B184}
[2011/08/05 13:09:42 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{4EA2046D-3D3F-4B3F-98BC-B15645CDCA5E}
[2011/08/05 13:09:30 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{89F94A6E-77F8-450F-AA4F-59CBDAE078AD}
[2011/08/05 12:57:40 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{DB6C586A-2FEE-4CB9-B981-C43181EBFF4B}
[2011/08/05 12:57:28 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{2E5137B3-3FE8-472B-9E77-02526A97CF9A}
[2011/08/05 09:17:49 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{82BAABC5-69AC-440D-B709-F2FC201E231D}
[2011/08/04 15:46:52 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{08BA59A4-6BB8-41A2-89C3-ACD137BE0787}
[2011/08/03 23:01:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{8735469D-5A4F-4640-9E5D-D27B10514B35}
[2011/08/03 07:08:37 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0936B113-4245-491C-985C-EDDC3CACF66B}
[2011/08/02 14:54:00 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{784787BC-B213-4B8F-B1A7-2B3FCBF931E4}
[2011/08/02 12:56:44 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\assembly
[2011/08/02 12:56:37 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\IsolatedStorage
[2011/08/02 07:22:34 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{AEAD8942-4F08-45AD-B632-8E8EAB342299}
[2011/08/01 11:11:15 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{7838615B-9C41-4E63-B951-0B433B241C4D}
[2011/07/31 02:20:15 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{4AC3F808-BE39-4197-8C22-7E45CFC01EE3}
[2011/07/30 08:59:33 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{03C3A0F3-84BF-4E25-8ACF-557E0E8974A6}
[2011/07/29 07:06:50 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1A8A632F-9448-4784-A125-B74CFC03F123}
[2011/07/28 18:23:56 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{ECF27A40-1C44-4EF0-B964-D21BF6C4F698}
[2011/07/28 12:09:12 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{B07B71E7-EE38-4040-A981-C387EE06D59B}
[2011/07/27 08:57:17 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{78A596E8-D0E5-4E39-8F03-552BF4D22612}
[2011/07/27 08:41:49 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{9E6047F2-32AB-463A-A46A-B2795C9E878E}
[2011/07/26 18:47:06 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{AA41ADFB-7BC8-48EE-B96E-D1C3F5B9978D}
[2011/07/26 16:02:53 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{DD805767-80CF-43BB-A634-8EF2484AA64F}
[2011/07/26 11:41:58 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{512C2389-9B3D-40C5-990F-A5E60DCB3C9F}
[2011/07/25 16:20:59 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{41951FF5-DAD9-400F-BCDA-3AE0CD28FE4B}
[2011/07/25 11:14:24 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{F44F0E5A-B219-41F0-9B2B-CC91BD95DEE0}
[2011/07/24 23:01:00 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{D58009C0-20F5-4C74-BC5D-AD3DCC51BE43}
[2011/03/25 12:39:21 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\easyhome\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/08/23 22:48:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\easyhome\Desktop\OTL.exe
[2011/08/23 22:43:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/23 22:43:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/23 22:42:14 | 001,390,139 | ---- | M] () -- C:\Users\easyhome\Desktop\tdsskiller.zip
[2011/08/23 22:25:49 | 000,082,796 | RHS- | M] () -- C:\Windows\SysNative\masteraclini.enu
[2011/08/23 22:25:49 | 000,000,116 | R--- | M] () -- C:\Windows\SysNative\masteraclbini.enu
[2011/08/23 22:10:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/23 19:28:33 | 000,717,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/23 19:28:33 | 000,621,306 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/23 19:28:33 | 000,108,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/23 19:23:27 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/23 19:23:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/23 19:23:03 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/22 22:01:04 | 000,000,017 | ---- | M] () -- C:\Users\easyhome\AppData\Local\resmon.resmoncfg
[2011/08/22 19:23:57 | 003,828,341 | ---- | M] () -- C:\Users\easyhome\Documents\backup.cab
[2011/08/18 19:57:01 | 000,001,725 | ---- | M] () -- C:\Users\easyhome\Desktop\DriverGenius - Shortcut.lnk
[2011/08/18 19:11:00 | 000,422,382 | ---- | M] () -- C:\Users\easyhome\Desktop\Untitled.jpg
[2011/08/18 13:44:56 | 000,289,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/18 13:26:35 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/18 13:26:21 | 000,722,382 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/15 20:17:52 | 000,001,269 | ---- | M] () -- C:\Users\easyhome\Desktop\Spybot - Search & Destroy.lnk
[2011/08/15 19:16:14 | 000,000,755 | -HS- | M] () -- C:\Windows\SysNative\settings.ini
[2011/08/15 19:06:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/15 19:06:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/12 17:43:25 | 469,277,857 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/12 17:20:30 | 004,170,159 | R--- | M] (Swearware) -- C:\Users\easyhome\Desktop\puppy.exe
[2011/08/10 21:42:36 | 000,001,258 | ---- | M] () -- C:\Users\Public\Desktop\Bejeweled Blitz.lnk
[2011/08/10 21:42:36 | 000,000,200 | ---- | M] () -- C:\Users\Public\Desktop\Play More Great Games!.url
[2011/08/10 21:18:25 | 000,001,046 | ---- | M] () -- C:\Users\easyhome\Desktop\KMPlayer.lnk
[2011/08/10 19:44:55 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011/08/10 19:40:40 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\PowerArchiver.lnk
[2011/08/10 07:11:17 | 000,002,351 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/09 22:27:41 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/08/09 22:04:56 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/09 18:39:49 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/09 09:01:32 | 008,007,680 | R--- | M] ( ) -- C:\Windows\SysNative\Microsoft.mshtml.dll
[2011/08/09 09:01:32 | 002,096,904 | RH-- | M] () -- C:\Windows\SysNative\WinSystemProcess.exe
[2011/08/09 09:01:32 | 001,369,088 | RH-- | M] () -- C:\Windows\SysNative\7z.dll
[2011/08/09 09:01:32 | 000,256,000 | RH-- | M] () -- C:\Windows\SysNative\SevenZipSharp.dll
[2011/08/09 09:01:32 | 000,200,704 | R--- | M] () -- C:\Windows\SysNative\ICSharpCode.SharpZipLib.dll
[2011/08/09 09:01:32 | 000,126,976 | R--- | M] ( ) -- C:\Windows\SysNative\Interop.SHDocVw.dll
[2011/08/09 09:01:32 | 000,095,496 | RHS- | M] () -- C:\Windows\SysNative\FireWallDart.exe
[2011/08/09 09:01:32 | 000,061,192 | RH-- | M] () -- C:\Windows\SysNative\messagePop.exe
[2011/08/09 09:01:30 | 000,003,535 | RHS- | M] () -- C:\Windows\SysNative\{master}(1)avg.enu
[2011/08/09 09:01:30 | 000,001,786 | RHS- | M] () -- C:\Windows\SysNative\masterlock.enu
[2011/08/09 09:01:26 | 000,069,762 | -H-- | M] () -- C:\Windows\SysWow64\masteraclini.enu
[2011/08/09 09:01:26 | 000,020,104 | R--- | M] () -- C:\Windows\SysNative\drivers\akerneldrv64.sys
[2011/08/09 09:01:26 | 000,019,080 | R--- | M] () -- C:\Windows\SysNative\drivers\apcmci64.sys
[2011/08/09 09:01:26 | 000,016,008 | R--- | M] () -- C:\Windows\SysNative\drivers\pcrasys64.sys
[2011/08/09 09:01:26 | 000,004,697 | RHS- | M] () -- C:\Windows\SysNative\{master}(0)nrt.enu
[2011/08/09 09:01:26 | 000,003,618 | RHS- | M] () -- C:\Windows\SysNative\{master}(99)misc.enu
[2011/08/09 09:01:26 | 000,003,445 | RHS- | M] () -- C:\Windows\SysNative\{master}(9)com.enu
[2011/08/09 09:01:26 | 000,003,439 | RHS- | M] () -- C:\Windows\SysNative\{master}(2)cas.enu
[2011/08/09 09:01:26 | 000,003,427 | RHS- | M] () -- C:\Windows\SysNative\{master}(8)pro.enu
[2011/08/09 09:01:26 | 000,003,391 | RHS- | M] () -- C:\Windows\SysNative\{master}(3)pan.enu
[2011/08/09 09:01:26 | 000,003,354 | RHS- | M] () -- C:\Windows\SysNative\{master}(zz)Template.enu
[2011/08/09 09:01:26 | 000,003,347 | RHS- | M] () -- C:\Windows\SysNative\{master}(1a)avgi.enu
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\suspendoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\spynetkeepon
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\restorerunoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\rebootoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\overridenomonitor
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\nukeoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\firewalloff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SuspendOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SpyNetKeepOn
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\RestoreRunOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\RebootOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\OverrideNoMonitor
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\NukeOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\FireWallOff
[2011/08/09 09:01:25 | 008,205,576 | RH-- | M] () -- C:\Windows\SysNative\servicescache.exe
[2011/08/09 08:59:24 | 000,199,944 | -HS- | M] () -- C:\Windows\SysNative\CNGKeyLock.exe
[2011/08/09 08:59:23 | 008,350,984 | RHS- | M] () -- C:\Windows\SysNative\sysDriverHardWare.exe
[2011/08/09 08:59:22 | 008,355,080 | RHS- | M] () -- C:\Windows\SysNative\sysSecurityCheck.exe
[2011/08/09 03:39:27 | 008,007,680 | ---- | M] ( ) -- C:\Windows\SysWow64\Microsoft.mshtml.dll
[2011/08/09 03:39:24 | 000,126,976 | ---- | M] ( ) -- C:\Windows\SysWow64\Interop.SHDocVw.dll
[2011/08/09 03:18:02 | 001,056,768 | ---- | M] () -- C:\Windows\SysWow64\defltbase.sdb
[2011/07/27 06:20:07 | 000,008,610 | ---- | M] () -- C:\Users\easyhome\Desktop\tugboat.jpg

========== Files Created - No Company Name ==========

[2011/08/23 22:42:09 | 001,390,139 | ---- | C] () -- C:\Users\easyhome\Desktop\tdsskiller.zip
[2011/08/22 22:01:04 | 000,000,017 | ---- | C] () -- C:\Users\easyhome\AppData\Local\resmon.resmoncfg
[2011/08/22 19:23:57 | 003,828,341 | ---- | C] () -- C:\Users\easyhome\Documents\backup.cab
[2011/08/18 19:57:01 | 000,001,725 | ---- | C] () -- C:\Users\easyhome\Desktop\DriverGenius - Shortcut.lnk
[2011/08/18 19:11:00 | 000,422,382 | ---- | C] () -- C:\Users\easyhome\Desktop\Untitled.jpg
[2011/08/15 20:17:52 | 000,001,269 | ---- | C] () -- C:\Users\easyhome\Desktop\Spybot - Search & Destroy.lnk
[2011/08/15 19:18:32 | 000,001,454 | ---- | C] () -- C:\Users\easyhome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/15 19:16:14 | 000,000,755 | -HS- | C] () -- C:\Windows\SysNative\settings.ini
[2011/08/15 19:06:11 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/15 19:06:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/12 17:56:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/12 17:56:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/12 17:56:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/12 17:56:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/12 17:56:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/10 21:42:36 | 000,001,258 | ---- | C] () -- C:\Users\Public\Desktop\Bejeweled Blitz.lnk
[2011/08/10 21:18:25 | 000,001,046 | ---- | C] () -- C:\Users\easyhome\Desktop\KMPlayer.lnk
[2011/08/10 19:44:55 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011/08/10 19:44:43 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/08/10 19:44:43 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2011/08/10 19:44:43 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011/08/10 19:44:43 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2011/08/10 19:40:40 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\PowerArchiver.lnk
[2011/08/09 22:27:41 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/08/09 22:13:48 | 000,002,351 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/09 22:13:26 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/09 22:13:24 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/09 22:04:56 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/09 22:04:56 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/09 09:01:32 | 002,096,904 | RH-- | C] () -- C:\Windows\SysNative\WinSystemProcess.exe
[2011/08/09 09:01:32 | 001,369,088 | RH-- | C] () -- C:\Windows\SysNative\7z.dll
[2011/08/09 09:01:32 | 000,256,000 | RH-- | C] () -- C:\Windows\SysNative\SevenZipSharp.dll
[2011/08/09 09:01:32 | 000,200,704 | R--- | C] () -- C:\Windows\SysNative\ICSharpCode.SharpZipLib.dll
[2011/08/09 09:01:32 | 000,095,496 | RHS- | C] () -- C:\Windows\SysNative\FireWallDart.exe
[2011/08/09 09:01:32 | 000,061,192 | RH-- | C] () -- C:\Windows\SysNative\messagePop.exe
[2011/08/09 09:01:26 | 014,039,304 | RHS- | C] () -- C:\Windows\SysNative\BackupSys.exe
[2011/08/09 09:01:26 | 008,205,576 | RH-- | C] () -- C:\Windows\SysNative\servicescache.exe
[2011/08/09 09:01:26 | 000,405,504 | RHS- | C] () -- C:\Windows\SysNative\vshadow.exe
[2011/08/09 09:01:26 | 000,364,032 | RHS- | C] () -- C:\Windows\SysNative\vshadowamd64.exe
[2011/08/09 09:01:26 | 000,352,256 | RHS- | C] () -- C:\Windows\SysNative\vshadowXP.exe
[2011/08/09 09:01:26 | 000,019,080 | R--- | C] () -- C:\Windows\SysNative\drivers\apcmci64.sys
[2011/08/09 09:01:26 | 000,003,347 | RHS- | C] () -- C:\Windows\SysNative\{master}(1a)avgi.enu
[2011/08/09 09:01:26 | 000,000,116 | R--- | C] () -- C:\Windows\SysNative\masteraclbini.enu
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\suspendoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\spynetkeepon
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\restorerunoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\rebootoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\overridenomonitor
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\nukeoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\firewalloff
[2011/08/09 09:01:26 | 000,000,038 | RHS- | C] () -- C:\Windows\SysNative\masteracl.enu
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SuspendOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SpyNetKeepOn
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\RestoreRunOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\RebootOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\OverrideNoMonitor
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\NukeOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\FireWallOff
[2011/08/09 08:59:23 | 008,350,984 | RHS- | C] () -- C:\Windows\SysNative\sysDriverHardWare.exe
[2011/08/09 08:59:21 | 008,355,080 | RHS- | C] () -- C:\Windows\SysNative\sysSecurityCheck.exe
[2011/08/09 05:05:47 | 000,069,762 | -H-- | C] () -- C:\Windows\SysWow64\masteraclini.enu
[2011/08/09 03:57:51 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/08/09 03:57:22 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/09 03:22:40 | 469,277,857 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/09 03:18:00 | 001,056,768 | ---- | C] () -- C:\Windows\SysWow64\defltbase.sdb
[2011/08/09 03:16:28 | 3019,296,768 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/08 10:34:15 | 000,000,200 | ---- | C] () -- C:\Users\Public\Desktop\Play More Great Games!.url
[2011/07/27 06:20:30 | 000,008,610 | ---- | C] () -- C:\Users\easyhome\Desktop\tugboat.jpg
[2011/03/25 12:39:21 | 000,007,859 | ---- | C] () -- C:\Users\easyhome\AppData\Roaming\pcouffin.cat
[2011/03/25 12:39:21 | 000,001,167 | ---- | C] () -- C:\Users\easyhome\AppData\Roaming\pcouffin.inf
[2009/07/14 03:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:35:50 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 00:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 22:10:28 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 19:03:58 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/07 06:32:48 | 000,181,248 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/07/07 06:32:48 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/07 06:32:48 | 000,001,411 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2009/07/07 06:32:48 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2009/07/07 06:32:48 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2009/06/10 19:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/08/22 19:23:17 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\CleanMyPC Software
[2011/06/01 17:52:18 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Coby
[2011/06/01 18:06:04 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Coby Media Manager
[2011/03/31 21:32:27 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\DAEMON Tools Lite
[2011/08/09 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Diik
[2011/08/22 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\GetRightToGo
[2011/03/31 21:48:21 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\LucasArts
[2011/02/12 05:23:43 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\MyJournals
[2011/04/02 10:00:14 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\OEM
[2011/02/27 16:30:50 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\OpenOffice.org
[2011/03/07 22:13:49 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Packard Bell
[2011/08/18 17:06:12 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\PowerCinema
[2011/05/22 19:54:09 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Replay Media Catcher 4
[2011/08/10 19:44:32 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Simply Super Software
[2011/06/13 06:46:58 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Smilebox
[2011/08/16 15:54:35 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\TouchBrowser
[2011/08/18 17:05:33 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\TouchGadget
[2011/02/09 08:15:59 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\TouchPortalV3
[2011/08/23 19:41:57 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\uTorrent
[2011/08/09 08:05:39 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Vaco
[2011/07/19 21:48:47 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Vso
[2011/02/12 05:23:44 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\WebClip
[2011/02/19 09:57:56 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Windows Live Writer
[2011/08/22 09:29:22 | 000,013,312 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:ECF54A0E

< End of report >

One more thing this is a leased (rent to own computer) from easy home. so they're are root kits installed for they're security.

I did use tdsskiller and it found some malware and removed it for me. not sure if that was the problem though

Since I used tdsskiller ping.exe has not come on in the task manager so hopefully that was the problem. but still not 100% sure.

I'm not sure if he virus that tdsskiller found was the cause of my problem.(forgot to save a log) But it seemed to be an unknown driver that it detected and deleted for me. Don't mean to bump my post

not sure if problem solved or not

Mod Edit: Last 5 posts merged to clean thread up.--ST

Edited by rshaffer61, 28 August 2011 - 05:04 PM.

  • 0

Advertisements

#2
SweetTech
Posted 29 August 2011 - 10:38 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :unsure:

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Please post the contents of the TDSSKiller log. It can be located in the C:\ drive.



Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



What issues are you currently experiencing with your computer?
  • 0

#3
nadtribble
Posted 29 August 2011 - 05:47 PM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
here is a new OTL log from yesterday

OTL logfile created on: 8/28/2011 1:45:14 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\easyhome\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 61.23% Memory free
7.50 Gb Paging File | 5.79 Gb Available in Paging File | 77.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.88 Gb Total Space | 756.69 Gb Free Space | 82.98% Space Free | Partition Type: NTFS

Computer Name: EASYHOME-PC | User Name: easyhome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/23 22:48:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\easyhome\Desktop\OTL.exe
PRC - [2011/08/17 03:49:18 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/09 23:50:50 | 000,613,992 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/09/27 19:49:38 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe
PRC - [2010/09/21 17:22:20 | 000,309,104 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\easyhome\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
PRC - [2010/09/09 17:58:12 | 000,155,752 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
PRC - [2010/09/09 17:50:38 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/08 10:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2009/07/07 06:35:48 | 000,438,376 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe
PRC - [2009/07/07 06:32:42 | 001,346,048 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio PRO\THXAudioCP\THXAudio.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/27 18:48:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/08/27 18:19:42 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\47a4b624c147aae197214d4ee5f0661b\Microsoft.VisualBasic.ni.dll
MOD - [2011/08/27 07:57:00 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/27 07:56:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/27 07:56:56 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/27 07:56:50 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/08/17 03:49:17 | 000,400,440 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.215\ppgooglenaclpluginchrome.dll
MOD - [2011/08/17 03:49:15 | 004,118,072 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.215\pdf.dll
MOD - [2011/08/17 03:47:49 | 000,104,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.215\avutil-50.dll
MOD - [2011/08/17 03:47:48 | 000,203,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.215\avformat-52.dll
MOD - [2011/08/17 03:47:47 | 001,846,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.215\avcodec-52.dll
MOD - [2011/08/17 01:49:17 | 006,338,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.215\gcswf32.dll
MOD - [2011/03/29 16:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/11/09 23:51:28 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll
MOD - [2010/11/09 23:50:50 | 000,613,992 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/11/04 19:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 19:58:08 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010/11/04 19:53:23 | 005,279,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/11/04 19:53:22 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2009/07/13 22:35:46 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
MOD - [2009/07/13 22:35:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
MOD - [2009/07/13 22:35:42 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
MOD - [2009/07/13 18:46:14 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2009/07/07 06:36:08 | 000,014,368 | ---- | M] () -- C:\Program Files (x86)\Gateway\Gateway TouchPortal\LanguageDll\TouchPortalLauncher-en.dll
MOD - [2009/07/07 06:32:48 | 000,181,248 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2003/02/02 20:06:02 | 000,153,088 | ---- | M] () -- C:\Windows\SysWOW64\UNRAR3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 17:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/08/09 09:01:25 | 008,205,576 | RH-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\servicescache.exe -- (systemCheck)
SRV:64bit: - [2011/08/09 08:59:24 | 000,199,944 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\CNGKeyLock.exe.vir -- (CNGKeyLock)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/09 17:50:38 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/08/10 21:01:06 | 000,206,880 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009/08/10 21:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/07/13 21:54:04 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/03 21:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/01/15 18:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 10:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/07/13 18:46:26 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/09 18:18:10 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/09/09 18:18:08 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/07/13 20:53:42 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/07/13 19:59:34 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:59:32 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 06:17:22 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/06/30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/06/10 18:37:34 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/06/10 18:35:34 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 18:34:32 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 18:34:22 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2009/07/13 21:17:56 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gateway.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gateway.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.shaw.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.shaw.ca/start/enCA/"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.34
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:4.1.8
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20101009
FF - prefs.js..keyword.URL: "http://vshare.toolba...spx?srch=ku&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/09/09 17:41:43 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/09/09 17:41:43 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/16 21:54:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/02/28 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\easyhome\AppData\Roaming\mozilla\Extensions
[2011/08/21 10:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions
[2011/08/09 22:05:37 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/08/15 14:18:18 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/02/26 21:08:53 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2011/08/09 22:05:44 | 000,000,000 | ---D | M] ("CyberSearch") -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\[email protected]
[2011/02/26 21:08:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\[email protected]
[2011/02/26 21:08:35 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\[email protected]
[2011/02/26 21:08:38 | 000,000,000 | ---D | M] (Portalarium Player) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\[email protected]
[2011/02/26 21:08:47 | 000,000,000 | ---D | M] (vShare) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\vshare@toolbar
[2011/01/09 13:45:28 | 000,000,863 | ---- | M] () -- C:\Users\easyhome\AppData\Roaming\Mozilla\Firefox\Profiles\jb57vp1e.default\searchplugins\conduit.xml
[2010/05/01 21:03:17 | 000,000,266 | ---- | M] () -- C:\Users\easyhome\AppData\Roaming\Mozilla\Firefox\Profiles\jb57vp1e.default\searchplugins\Search.xml
[2011/01/30 19:01:03 | 000,001,583 | ---- | M] () -- C:\Users\easyhome\AppData\Roaming\Mozilla\Firefox\Profiles\jb57vp1e.default\searchplugins\web-search.xml
[2011/08/10 21:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/10 21:38:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\EASYHOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JB57VP1E.DEFAULT\EXTENSIONS\[email protected]
[2011/08/16 21:54:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe (Acer Corp.)
O4:64bit: - HKLM..\Run: [TouchPortalV3Launcher] C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe (Acer Corp.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Gateway\Gateway TouchPortal\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PRO\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [TouchMovieService] C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TouchPortalV3Launcher] C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe (Acer Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [WeatherEye] C:\Users\easyhome\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/28 08:47:18 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{DB69AE59-3C4F-4B4D-B38B-9EDA32ACDFC0}
[2011/08/26 16:32:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/08/26 12:54:52 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{46DD3D35-DA14-4562-8909-F941CFA3DC89}
[2011/08/25 21:17:02 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{B621414F-193E-480E-9482-363A865AA5AA}
[2011/08/25 20:36:11 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\SUPERAntiSpyware.com
[2011/08/25 20:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/08/25 20:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/08/25 20:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/25 00:37:06 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{DEC430C5-5B1F-40A0-B376-2BBC9EB4E255}
[2011/08/24 23:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/08/24 23:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/08/24 22:20:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/08/24 22:19:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/08/24 17:15:38 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{6318D4E8-5F0F-40CC-A5CD-AE0582008DAD}
[2011/08/24 08:23:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{7C8E76A4-2585-4283-8E3B-1258C774A34E}
[2011/08/24 07:25:07 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{703DDEC9-2723-44D5-BCD1-BA2A39D3B0F0}
[2011/08/23 23:06:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/08/23 23:05:00 | 000,110,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\90402989.sys
[2011/08/23 23:00:30 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\easyhome\Desktop\TDSSKiller.exe
[2011/08/23 22:48:20 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\easyhome\Desktop\OTL.exe
[2011/08/23 22:22:32 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1CA94C84-3EFD-4113-A89A-3198BDA4B398}
[2011/08/23 22:13:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{4E3AFF1B-7E6C-4681-8211-95415B772CF4}
[2011/08/23 20:48:06 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer
[2011/08/23 20:48:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer
[2011/08/23 11:02:45 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{08C4EF53-AA28-4073-A848-782FCBC9F9F7}
[2011/08/23 10:28:05 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{E03D3F18-3040-497E-948B-7AD28EF0BAB3}
[2011/08/23 07:55:21 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{FBB328C8-C249-4201-ABE5-ABE48AEA42EA}
[2011/08/23 07:03:44 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{2410255F-2A6D-412F-AC25-856DDDEC8CFB}
[2011/08/22 21:44:18 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{9CD262F0-2104-4668-8FA2-6A3698BE1F13}
[2011/08/22 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{FA99406C-A357-4BBB-9359-8E897D8135D8}
[2011/08/22 19:23:17 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\CleanMyPC Software
[2011/08/22 19:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CleanMyPC
[2011/08/22 19:21:32 | 000,000,000 | ---D | C] -- C:\registrycleaner
[2011/08/22 18:51:24 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{06858AF1-73DE-4A8D-8FFB-D8FE520F6346}
[2011/08/22 18:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/08/22 18:09:26 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\GetRightToGo
[2011/08/22 13:49:55 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{12F54B3F-0E09-4142-BEB3-A95E89E74589}
[2011/08/22 10:56:09 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1411B689-2F1F-42D4-948B-8DDE132CADD9}
[2011/08/22 10:03:27 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0438D4F5-6968-436F-A28D-E5FB1121231E}
[2011/08/22 09:58:53 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{A6F895E7-6139-44A8-A5E0-642BC04B68C7}
[2011/08/21 20:12:00 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{C2CC1BED-A7BB-4864-851A-199452082BAF}
[2011/08/21 12:34:25 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{C2E04CE0-739A-4681-A595-187D623BD434}
[2011/08/21 09:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/08/21 09:12:46 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{E4A7B2C4-84CF-477F-B5DD-8C5A7E3AA22A}
[2011/08/21 09:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011/08/20 13:09:17 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{D3E22284-198D-4B03-8BCF-F44901651186}
[2011/08/19 17:13:32 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{3A18C3CF-AEEA-4EBB-B158-D33D95AD9074}
[2011/08/19 10:12:46 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{E5D08D6B-69E4-48FC-9F58-B5AE4D732598}
[2011/08/19 00:11:03 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{5C25F32A-B0C3-44EF-9612-D375111F10BF}
[2011/08/18 23:49:12 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{8F0BE1F2-F403-48C9-B0F2-E3F918D77AB2}
[2011/08/18 20:42:44 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{2BA6D897-AB9F-4706-9AD0-4B08B5DDFB41}
[2011/08/18 20:11:02 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1F947CD7-02BC-4F10-8A5A-F7196CF3C566}
[2011/08/18 19:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
[2011/08/18 19:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2011/08/18 19:51:53 | 000,000,000 | ---D | C] -- C:\drivergenius
[2011/08/18 18:39:05 | 000,000,000 | ---D | C] -- C:\processexp
[2011/08/18 15:50:15 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{47828F8B-3CAC-4ABE-BB4F-6B850910F6A9}
[2011/08/18 14:29:37 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011/08/18 14:28:56 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011/08/18 13:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/08/18 13:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/08/18 13:06:03 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{160F230B-14E7-427E-810C-8E7628B00BB4}
[2011/08/18 09:52:44 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{FEB63173-CF85-453C-92AB-DEAAFEBF70D5}
[2011/08/18 09:46:29 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{ED010BA6-B399-44B6-98F8-6728B31EE194}
[2011/08/17 13:27:31 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{CB33CF7F-5C42-4EF2-B372-5FBEE35C8BB5}
[2011/08/17 12:30:52 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{AF489237-016F-497A-80E8-C4B56CD7DB58}
[2011/08/17 10:47:08 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{9DBB5A25-1D34-4490-A932-8D2D0855978F}
[2011/08/16 22:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/16 21:53:36 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2011/08/16 21:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011/08/16 13:24:00 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1569294B-4EE1-44FD-AEDC-A24E381F044E}
[2011/08/16 11:07:07 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{B14B8F06-5434-4CAC-993C-98E9297D3159}
[2011/08/16 08:30:09 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{AD8CB99B-08B6-4C84-BFDC-1D3994043588}
[2011/08/15 22:18:06 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{671AC9D7-DD96-4A61-AF48-FE7ADD32007A}
[2011/08/15 20:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/08/15 20:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/15 20:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/08/15 17:22:24 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{ECC06D14-8C21-4DE6-89DB-E54CD3AECA53}
[2011/08/15 17:06:04 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{E02F83DE-1FFB-43E3-A789-F64EAE63B465}
[2011/08/15 10:14:49 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{D278C048-409C-4BE5-B09E-26FDA51C6560}
[2011/08/15 08:43:45 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{B46BE585-BB86-4ACA-ACAC-85C2CCC3AAE9}
[2011/08/15 08:22:05 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{C6932D6F-BCE6-4CBE-AE31-ECBFDC69FFDF}
[2011/08/14 22:58:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/14 22:38:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/14 21:54:15 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{7CC90DB4-527D-486E-958E-7012AC937282}
[2011/08/14 21:53:36 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{65DCCDA8-7493-4803-80B8-8C80FD7EB8F1}
[2011/08/14 21:35:43 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{568CEDFA-6E00-4D10-AC59-6D23B6B2E87B}
[2011/08/14 18:13:37 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{9EFD0270-D812-4ED2-88F3-114EAABDCC53}
[2011/08/14 13:04:03 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{28B47389-D678-4058-8F54-8C853D88D6D9}
[2011/08/14 12:56:24 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1BFCAD49-B182-498D-B4B3-223711596CAF}
[2011/08/14 01:21:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{4E9E4855-F3D8-4A15-84A5-C4589A8C9A13}
[2011/08/12 21:13:19 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{5CA4307B-C757-4203-BFBF-FBB74FD4B821}
[2011/08/12 20:52:28 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{812640BC-D72A-483C-83FF-9E82EA5DB0E3}
[2011/08/12 14:16:26 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{B8396A0C-E930-4ECF-B734-FBAD6136C360}
[2011/08/12 11:03:54 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{2A42E3CA-0AE8-474D-94DC-BFE8F068A8B9}
[2011/08/12 08:59:59 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{9F00EF5D-EA3F-4BF3-A567-6792E8D5E6A8}
[2011/08/12 07:56:31 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{51583D6E-FFC6-4CC3-A1A6-FF29F203256B}
[2011/08/12 06:57:27 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{29DD3B1B-250E-489F-BD26-552169900B2A}
[2011/08/11 21:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/08/11 07:31:31 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{46A6F414-E9A7-47B6-9D1D-8A7E57FDC756}
[2011/08/10 21:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
[2011/08/10 21:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PopCap Games
[2011/08/10 21:41:46 | 000,000,000 | ---D | C] -- C:\bjblitxcrack
[2011/08/10 21:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2011/08/10 21:03:09 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{128F13D0-3842-47B1-9B89-5B21197523E5}
[2011/08/10 19:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/08/10 19:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011/08/10 19:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2011/08/10 19:44:32 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\Simply Super Software
[2011/08/10 19:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011/08/10 19:42:53 | 000,000,000 | ---D | C] -- C:\trojanremover
[2011/08/10 19:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ConeXware
[2011/08/10 19:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PatchBeam
[2011/08/10 19:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerArchiver
[2011/08/10 19:40:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerArchiver
[2011/08/10 19:26:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{7FF28835-FF6F-4DB9-9F5D-7BB64D1ECC22}
[2011/08/10 14:52:19 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{502F35FB-46CC-42FD-930A-2ECD26AAE7F6}
[2011/08/10 00:42:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/10 00:26:51 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{3F11519D-B896-4A02-86B8-F90226FE3F13}
[2011/08/10 00:10:47 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{BA8FF579-3346-474F-A4C4-1EA01F7EF93A}
[2011/08/09 22:27:49 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\Conduit
[2011/08/09 22:27:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011/08/09 22:27:02 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\uTorrent
[2011/08/09 22:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/08/09 22:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/08/09 22:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/08/09 20:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2011/08/09 20:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bejeweled Blitz
[2011/08/09 18:39:48 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/09 18:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/09 18:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/09 18:39:44 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/09 18:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/09 18:30:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/09 09:01:32 | 008,007,680 | R--- | C] ( ) -- C:\Windows\SysNative\Microsoft.mshtml.dll
[2011/08/09 09:01:32 | 001,369,088 | RH-- | C] (Igor Pavlov) -- C:\Windows\SysNative\7z.dll
[2011/08/09 09:01:32 | 000,256,000 | RH-- | C] (Markovtsev Vadim) -- C:\Windows\SysNative\SevenZipSharp.dll
[2011/08/09 09:01:32 | 000,200,704 | R--- | C] (ICSharpCode.net) -- C:\Windows\SysNative\ICSharpCode.SharpZipLib.dll
[2011/08/09 09:01:32 | 000,126,976 | R--- | C] ( ) -- C:\Windows\SysNative\Interop.SHDocVw.dll
[2011/08/09 09:01:26 | 014,039,304 | RHS- | C] (DesignerWare, LLC) -- C:\Windows\SysNative\BackupSys.exe
[2011/08/09 08:05:49 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{E36CF281-1FA8-4472-913F-78A6273FCB97}
[2011/08/09 06:53:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/08/09 06:53:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/08/09 05:05:46 | 000,000,000 | ---D | C] -- C:\book
[2011/08/09 04:04:35 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{69B3D09B-92EF-4753-BAFD-89EB9BA1182B}
[2011/08/09 04:01:41 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\Vaco
[2011/08/09 04:01:41 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\Diik
[2011/08/09 03:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/08/09 03:52:59 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0EA25A2A-C61D-49A1-B9D1-9DF6BAE8FBD8}
[2011/08/09 03:39:26 | 008,007,680 | ---- | C] ( ) -- C:\Windows\SysWow64\Microsoft.mshtml.dll
[2011/08/09 03:39:24 | 000,126,976 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.SHDocVw.dll
[2011/08/09 03:22:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/08/08 19:39:14 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0E4A281B-2BD6-45BB-9C19-C94FFE192F75}
[2011/08/08 19:25:46 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0A47FAC2-29AD-4BE7-8A0A-7BE1C41208BC}
[2011/08/08 19:25:34 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{AE5E8579-B81F-4BA8-BE4B-8CB298AF60F5}
[2011/08/08 18:01:25 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0A72364B-BB87-467B-8818-9D37614F6BC6}
[2011/08/08 18:01:12 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{68118980-E043-4B09-BD76-9042E1C5CD70}
[2011/08/08 12:17:38 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{38EAFFCD-198B-4E96-B9AE-B1FEF08EAC44}
[2011/08/08 12:17:26 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{BFF90156-A729-4D31-AC76-63A4D1998C84}
[2011/08/08 08:13:00 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{A0A8FD55-1CE2-4F93-B76C-40B60BA685E8}
[2011/08/07 18:10:45 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{05F241D3-7BAD-4F73-A748-E1DD4809C448}
[2011/08/07 18:10:33 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{346C1192-5F4F-41C3-B1C9-48AB60FFD952}
[2011/08/07 10:25:47 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{A884CBD8-E104-4206-BBC1-DD41E9107521}
[2011/08/07 09:59:54 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0FA4B5A9-BCA4-4E62-890A-06EF128DD735}
[2011/08/06 16:11:09 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{2C0B8277-62FD-4C06-AAB0-562374BDB1EB}
[2011/08/06 16:10:57 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{82D6673D-4ED2-4ABA-A5A6-F98243DE63DF}
[2011/08/06 11:24:43 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{BFE1533C-0B76-4BA0-BB6E-E5688271AD81}
[2011/08/06 11:24:31 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{886995DD-5CB7-42BE-AF8D-91B5539BE0BE}
[2011/08/06 09:57:54 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{40A6733D-F3A0-400B-A5E2-F2E678329A69}
[2011/08/06 09:57:42 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{CEC9925C-D75B-4B36-B88B-D96EE8CE9837}
[2011/08/05 23:02:42 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1AD5572E-D6C5-4640-AEFE-D16CAF6C43FE}
[2011/08/05 21:54:14 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{9D581322-1AC2-48DD-8D52-9D4E0BCA6553}
[2011/08/05 21:54:02 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{19AFA376-B360-4340-8CBC-7517CBBC5664}
[2011/08/05 21:46:31 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{3BF716BC-8F99-4D99-89E9-665CDA70492A}
[2011/08/05 21:46:19 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{6E072E50-4440-4E65-89CE-581E33BAD446}
[2011/08/05 21:29:48 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{E037766F-F316-459E-B714-D11382469A88}
[2011/08/05 21:16:58 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{EA859097-F242-465C-986F-A1D88B4E1E84}
[2011/08/05 20:48:59 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{F68E30F0-E21C-494A-A5A5-674528C3B484}
[2011/08/05 20:12:46 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{038DA731-209D-4808-A4B7-C56613943B44}
[2011/08/05 20:09:56 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{93D84BD2-9282-49CD-B7F0-8B6B9C7CE118}
[2011/08/05 20:09:44 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{75F84332-8CFA-440B-93B7-E058F3C5C7E0}
[2011/08/05 17:19:42 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{41C643B7-2A6D-4D89-BECA-2012F39B9A3B}
[2011/08/05 17:19:30 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{D03DD6A2-0FFE-4D8C-915B-D9A8763FA473}
[2011/08/05 14:16:24 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{8281DF27-A431-4923-9B4A-C2E86720FC62}
[2011/08/05 13:49:24 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{003E81D6-66BF-42B8-A65C-94465BDB08E9}
[2011/08/05 13:49:12 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{4B894D5E-D7F1-4496-82D3-77683CB1B184}
[2011/08/05 13:09:42 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{4EA2046D-3D3F-4B3F-98BC-B15645CDCA5E}
[2011/08/05 13:09:30 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{89F94A6E-77F8-450F-AA4F-59CBDAE078AD}
[2011/08/05 12:57:40 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{DB6C586A-2FEE-4CB9-B981-C43181EBFF4B}
[2011/08/05 12:57:28 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{2E5137B3-3FE8-472B-9E77-02526A97CF9A}
[2011/08/05 09:17:49 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{82BAABC5-69AC-440D-B709-F2FC201E231D}
[2011/08/04 15:46:52 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{08BA59A4-6BB8-41A2-89C3-ACD137BE0787}
[2011/08/03 23:01:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{8735469D-5A4F-4640-9E5D-D27B10514B35}
[2011/08/03 07:08:37 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0936B113-4245-491C-985C-EDDC3CACF66B}
[2011/08/02 14:54:00 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{784787BC-B213-4B8F-B1A7-2B3FCBF931E4}
[2011/08/02 12:56:44 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\assembly
[2011/08/02 12:56:37 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\IsolatedStorage
[2011/08/02 07:22:34 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{AEAD8942-4F08-45AD-B632-8E8EAB342299}
[2011/08/01 11:11:15 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{7838615B-9C41-4E63-B951-0B433B241C4D}
[2011/07/31 02:20:15 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{4AC3F808-BE39-4197-8C22-7E45CFC01EE3}
[2011/07/30 08:59:33 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{03C3A0F3-84BF-4E25-8ACF-557E0E8974A6}
[2011/03/25 12:39:21 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\easyhome\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/08/28 13:10:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/28 10:59:03 | 000,082,797 | RHS- | M] () -- C:\Windows\SysNative\masteraclini.enu
[2011/08/28 10:59:03 | 000,000,116 | R--- | M] () -- C:\Windows\SysNative\masteraclbini.enu
[2011/08/28 10:45:33 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/28 10:04:01 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/28 10:04:01 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/28 08:50:55 | 000,001,454 | ---- | M] () -- C:\Users\easyhome\Desktop\Internet Explorer.lnk
[2011/08/28 06:57:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/27 12:31:09 | 000,717,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/27 12:31:09 | 000,621,306 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/27 12:31:09 | 000,108,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/27 12:26:02 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/27 03:19:53 | 000,289,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/25 20:35:46 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/25 13:12:00 | 000,002,351 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/25 09:23:02 | 523,410,657 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/24 23:36:52 | 000,007,605 | ---- | M] () -- C:\Users\easyhome\AppData\Local\resmon.resmoncfg
[2011/08/23 23:05:00 | 000,110,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\90402989.sys
[2011/08/23 22:48:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\easyhome\Desktop\OTL.exe
[2011/08/23 22:42:14 | 001,390,139 | ---- | M] () -- C:\Users\easyhome\Desktop\tdsskiller.zip
[2011/08/22 19:23:57 | 003,828,341 | ---- | M] () -- C:\Users\easyhome\Documents\backup.cab
[2011/08/22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\easyhome\Desktop\TDSSKiller.exe
[2011/08/18 19:57:01 | 000,001,725 | ---- | M] () -- C:\Users\easyhome\Desktop\DriverGenius - Shortcut.lnk
[2011/08/18 19:11:00 | 000,422,382 | ---- | M] () -- C:\Users\easyhome\Desktop\Untitled.jpg
[2011/08/18 13:26:35 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/18 13:26:21 | 000,722,382 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/15 20:17:52 | 000,001,269 | ---- | M] () -- C:\Users\easyhome\Desktop\Spybot - Search & Destroy.lnk
[2011/08/15 19:16:14 | 000,000,755 | -HS- | M] () -- C:\Windows\SysNative\settings.ini
[2011/08/15 19:06:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/15 19:06:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/10 21:42:36 | 000,000,200 | ---- | M] () -- C:\Users\Public\Desktop\Play More Great Games!.url
[2011/08/10 21:18:25 | 000,001,046 | ---- | M] () -- C:\Users\easyhome\Desktop\KMPlayer.lnk
[2011/08/10 19:44:55 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011/08/10 19:40:40 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\PowerArchiver.lnk
[2011/08/09 22:27:41 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/08/09 22:04:56 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/09 18:39:49 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/09 09:01:32 | 008,007,680 | R--- | M] ( ) -- C:\Windows\SysNative\Microsoft.mshtml.dll
[2011/08/09 09:01:32 | 001,369,088 | RH-- | M] (Igor Pavlov) -- C:\Windows\SysNative\7z.dll
[2011/08/09 09:01:32 | 000,256,000 | RH-- | M] (Markovtsev Vadim) -- C:\Windows\SysNative\SevenZipSharp.dll
[2011/08/09 09:01:32 | 000,200,704 | R--- | M] (ICSharpCode.net) -- C:\Windows\SysNative\ICSharpCode.SharpZipLib.dll
[2011/08/09 09:01:32 | 000,126,976 | R--- | M] ( ) -- C:\Windows\SysNative\Interop.SHDocVw.dll
[2011/08/09 09:01:30 | 000,003,535 | RHS- | M] () -- C:\Windows\SysNative\{master}(1)avg.enu
[2011/08/09 09:01:30 | 000,001,786 | RHS- | M] () -- C:\Windows\SysNative\masterlock.enu
[2011/08/09 09:01:26 | 000,069,762 | -H-- | M] () -- C:\Windows\SysWow64\masteraclini.enu
[2011/08/09 09:01:26 | 000,004,697 | RHS- | M] () -- C:\Windows\SysNative\{master}(0)nrt.enu
[2011/08/09 09:01:26 | 000,003,618 | RHS- | M] () -- C:\Windows\SysNative\{master}(99)misc.enu
[2011/08/09 09:01:26 | 000,003,445 | RHS- | M] () -- C:\Windows\SysNative\{master}(9)com.enu
[2011/08/09 09:01:26 | 000,003,439 | RHS- | M] () -- C:\Windows\SysNative\{master}(2)cas.enu
[2011/08/09 09:01:26 | 000,003,427 | RHS- | M] () -- C:\Windows\SysNative\{master}(8)pro.enu
[2011/08/09 09:01:26 | 000,003,391 | RHS- | M] () -- C:\Windows\SysNative\{master}(3)pan.enu
[2011/08/09 09:01:26 | 000,003,354 | RHS- | M] () -- C:\Windows\SysNative\{master}(zz)Template.enu
[2011/08/09 09:01:26 | 000,003,347 | RHS- | M] () -- C:\Windows\SysNative\{master}(1a)avgi.enu
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\suspendoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\spynetkeepon
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\restorerunoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\rebootoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\overridenomonitor
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\nukeoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\firewalloff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SuspendOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SpyNetKeepOn
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\RestoreRunOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\RebootOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\OverrideNoMonitor
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\NukeOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\FireWallOff
[2011/08/09 03:39:27 | 008,007,680 | ---- | M] ( ) -- C:\Windows\SysWow64\Microsoft.mshtml.dll
[2011/08/09 03:39:24 | 000,126,976 | ---- | M] ( ) -- C:\Windows\SysWow64\Interop.SHDocVw.dll
[2011/08/09 03:18:02 | 001,056,768 | ---- | M] () -- C:\Windows\SysWow64\defltbase.sdb

========== Files Created - No Company Name ==========

[2011/08/28 08:50:55 | 000,001,454 | ---- | C] () -- C:\Users\easyhome\Desktop\Internet Explorer.lnk
[2011/08/25 20:35:46 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/23 22:42:09 | 001,390,139 | ---- | C] () -- C:\Users\easyhome\Desktop\tdsskiller.zip
[2011/08/22 22:01:04 | 000,007,605 | ---- | C] () -- C:\Users\easyhome\AppData\Local\resmon.resmoncfg
[2011/08/22 19:23:57 | 003,828,341 | ---- | C] () -- C:\Users\easyhome\Documents\backup.cab
[2011/08/18 19:57:01 | 000,001,725 | ---- | C] () -- C:\Users\easyhome\Desktop\DriverGenius - Shortcut.lnk
[2011/08/18 19:11:00 | 000,422,382 | ---- | C] () -- C:\Users\easyhome\Desktop\Untitled.jpg
[2011/08/18 14:31:01 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/08/18 14:28:19 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011/08/18 14:27:58 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011/08/18 14:27:58 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011/08/18 14:27:33 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011/08/15 20:17:52 | 000,001,269 | ---- | C] () -- C:\Users\easyhome\Desktop\Spybot - Search & Destroy.lnk
[2011/08/15 19:18:32 | 000,001,454 | ---- | C] () -- C:\Users\easyhome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/15 19:16:14 | 000,000,755 | -HS- | C] () -- C:\Windows\SysNative\settings.ini
[2011/08/15 19:06:11 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/15 19:06:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/10 21:18:25 | 000,001,046 | ---- | C] () -- C:\Users\easyhome\Desktop\KMPlayer.lnk
[2011/08/10 19:44:55 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011/08/10 19:44:43 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/08/10 19:44:43 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2011/08/10 19:44:43 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011/08/10 19:44:43 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2011/08/10 19:40:40 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\PowerArchiver.lnk
[2011/08/09 22:27:41 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/08/09 22:13:48 | 000,002,351 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/09 22:13:26 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/09 22:13:24 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/09 22:04:56 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/09 22:04:56 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/09 09:01:26 | 000,405,504 | RHS- | C] () -- C:\Windows\SysNative\vshadow.exe
[2011/08/09 09:01:26 | 000,364,032 | RHS- | C] () -- C:\Windows\SysNative\vshadowamd64.exe
[2011/08/09 09:01:26 | 000,352,256 | RHS- | C] () -- C:\Windows\SysNative\vshadowXP.exe
[2011/08/09 09:01:26 | 000,003,347 | RHS- | C] () -- C:\Windows\SysNative\{master}(1a)avgi.enu
[2011/08/09 09:01:26 | 000,000,116 | R--- | C] () -- C:\Windows\SysNative\masteraclbini.enu
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\suspendoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\spynetkeepon
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\restorerunoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\rebootoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\overridenomonitor
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\nukeoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\firewalloff
[2011/08/09 09:01:26 | 000,000,038 | RHS- | C] () -- C:\Windows\SysNative\masteracl.enu
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SuspendOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SpyNetKeepOn
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\RestoreRunOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\RebootOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\OverrideNoMonitor
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\NukeOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\FireWallOff
[2011/08/09 05:05:47 | 000,069,762 | -H-- | C] () -- C:\Windows\SysWow64\masteraclini.enu
[2011/08/09 03:57:51 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/08/09 03:57:22 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/09 03:22:40 | 523,410,657 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/09 03:18:00 | 001,056,768 | ---- | C] () -- C:\Windows\SysWow64\defltbase.sdb
[2011/08/09 03:16:28 | 3019,296,768 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/08 10:34:15 | 000,000,200 | ---- | C] () -- C:\Users\Public\Desktop\Play More Great Games!.url
[2011/03/25 12:39:21 | 000,007,859 | ---- | C] () -- C:\Users\easyhome\AppData\Roaming\pcouffin.cat
[2011/03/25 12:39:21 | 000,001,167 | ---- | C] () -- C:\Users\easyhome\AppData\Roaming\pcouffin.inf
[2009/07/14 03:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:35:50 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 00:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 22:10:28 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 19:03:58 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/07 06:32:48 | 000,181,248 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/07/07 06:32:48 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/07 06:32:48 | 000,001,411 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2009/07/07 06:32:48 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2009/07/07 06:32:48 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2009/06/10 19:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/08/22 19:23:17 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\CleanMyPC Software
[2011/06/01 17:52:18 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Coby
[2011/06/01 18:06:04 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Coby Media Manager
[2011/03/31 21:32:27 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\DAEMON Tools Lite
[2011/08/09 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Diik
[2011/08/22 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\GetRightToGo
[2011/03/31 21:48:21 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\LucasArts
[2011/02/12 05:23:43 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\MyJournals
[2011/04/02 10:00:14 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\OEM
[2011/02/27 16:30:50 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\OpenOffice.org
[2011/03/07 22:13:49 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Packard Bell
[2011/08/18 17:06:12 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\PowerCinema
[2011/05/22 19:54:09 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Replay Media Catcher 4
[2011/08/10 19:44:32 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Simply Super Software
[2011/06/13 06:46:58 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Smilebox
[2011/08/16 15:54:35 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\TouchBrowser
[2011/08/25 08:45:46 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\TouchGadget
[2011/02/09 08:15:59 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\TouchPortalV3
[2011/08/23 19:41:57 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\uTorrent
[2011/08/09 08:05:39 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Vaco
[2011/07/19 21:48:47 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Vso
[2011/02/12 05:23:44 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\WebClip
[2011/02/19 09:57:56 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Windows Live Writer
[2011/08/22 09:29:22 | 000,016,098 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:ECF54A0E

< End of report >
Just wondering why dllhost.exe is in the wow64 folder and not the system32
  • 0

#4
SweetTech
Posted 29 August 2011 - 06:17 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Do you happen to have the Extras.txt log for me to review?

Just wondering why dllhost.exe is in the wow64 folder and not the system32

This link here: http://www.samlogic....86-syswow64.htm has a pretty good explanation of the SYSWOW64 folder, and the link should answer that question for you.

Do you recognize these entries?

[2011/08/09 09:01:30 | 000,003,535 | RHS- | M] () -- C:\Windows\SysNative\{master}(1)avg.enu
[2011/08/09 09:01:30 | 000,001,786 | RHS- | M] () -- C:\Windows\SysNative\masterlock.enu
[2011/08/09 09:01:26 | 000,069,762 | -H-- | M] () -- C:\Windows\SysWow64\masteraclini.enu
[2011/08/09 09:01:26 | 000,004,697 | RHS- | M] () -- C:\Windows\SysNative\{master}(0)nrt.enu
[2011/08/09 09:01:26 | 000,003,618 | RHS- | M] () -- C:\Windows\SysNative\{master}(99)misc.enu
[2011/08/09 09:01:26 | 000,003,445 | RHS- | M] () -- C:\Windows\SysNative\{master}(9)com.enu
[2011/08/09 09:01:26 | 000,003,439 | RHS- | M] () -- C:\Windows\SysNative\{master}(2)cas.enu
[2011/08/09 09:01:26 | 000,003,427 | RHS- | M] () -- C:\Windows\SysNative\{master}(8)pro.enu
[2011/08/09 09:01:26 | 000,003,391 | RHS- | M] () -- C:\Windows\SysNative\{master}(3)pan.enu
[2011/08/09 09:01:26 | 000,003,354 | RHS- | M] () -- C:\Windows\SysNative\{master}(zz)Template.enu
[2011/08/09 09:01:26 | 000,003,347 | RHS- | M] () -- C:\Windows\SysNative\{master}(1a)avgi.enu
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\suspendoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\spynetkeepon
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\restorerunoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\rebootoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\overridenomonitor
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\nukeoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\firewalloff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SuspendOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SpyNetKeepOn
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\RestoreRunOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\RebootOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\OverrideNoMonitor
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\NukeOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\FireWallOff
[2011/08/09 09:01:26 | 000,000,116 | R--- | C] () -- C:\Windows\SysNative\masteraclbini.enu
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\suspendoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\spynetkeepon
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\restorerunoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\rebootoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\overridenomonitor
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\nukeoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\firewalloff
[2011/08/09 09:01:26 | 000,000,038 | RHS- | C] () -- C:\Windows\SysNative\masteracl.enu
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SuspendOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SpyNetKeepOn
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\RestoreRunOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\RebootOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\OverrideNoMonitor
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\NukeOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\FireWallOff
[2011/08/09 05:05:47 | 000,069,762 | -H-- | C] () -- C:\Windows\SysWow64\masteraclini.enu



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:Processes
KILLALLPROCESSES
:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
[2011/08/10 21:38:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [TaskTray] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:ECF54A0E

:Reg

:Files
type "C:\TDSSKiller*.txt" /c
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

  • 0

#5
nadtribble
Posted 29 August 2011 - 08:26 PM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Just have the first extra .txt

OTL Extras logfile created on: 8/23/2011 10:50:40 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\easyhome\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 52.07% Memory free
7.50 Gb Paging File | 5.67 Gb Available in Paging File | 75.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.88 Gb Total Space | 755.53 Gb Free Space | 82.85% Space Free | Partition Type: NTFS

Computer Name: EASYHOME-PC | User Name: easyhome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Virtual Earth 3D (Beta)
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = TouchCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14C52FEF-0236-4D8C-BBE2-E6D7C4F2926D}" = Cooliris for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Touch MVP
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{619f874d-b266-4aaa-8e54-b4e4af390af5}" = Nero 9 Essentials
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{72199E33-4F2A-4B7F-8E25-95DDDD50A678}" = Acer System Information
"{75880CD4-9436-4EDD-B7E7-400EBFD60B2C}" = TouchSettings
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97BE901A-9940-4ACF-9921-A6FAA284AC03}" = THX TruStudio PRO
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Touch Movie
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C1133252-FD54-4F25-9BCE-D3E9E586EA06}" = PowerArchiver 2010
"{C652F86F-348A-4A65-8BE8-A3F7A6370D98}" = Gateway TouchPortal
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Bejeweled Blitz" = Bejeweled Blitz
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Gateway Game Console" = Gateway Game Console
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"PatchBeam_is1" = PatchBeam v1.10
"The KMPlayer" = The KMPlayer (remove only)
"Trojan Remover_is1" = Trojan Remover 6.8.2
"uTorrent" = µTorrent
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"WT088049" = Agatha Christie - Death on the Nile
"WT088062" = Bejeweled 2 Deluxe
"WT088067" = Build-a-lot 2
"WT088074" = Chuzzle Deluxe
"WT088080" = Diner Dash 2 Restaurant Rescue
"WT088115" = Jewel Quest Solitaire 2
"WT088135" = Plants vs. Zombies
"WT088375" = Blackhawk Striker 2
"WT088395" = Dora's Carnival Adventure
"WT088415" = FATE
"WT088447" = John Deere Drive Green
"WT088451" = Penguins!
"WT088455" = Polar Bowler
"WT088459" = Polar Golfer
"WT088507" = Virtual Villagers 4 - The Tree of Life
"WT088546" = Zuma's Revenge
"WT088651" = 18 Wheels of Steel - American Long Haul
"WT088655" = Jewel Quest - Heritage
"YTdetect" = Yahoo! Detect

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#6
nadtribble
Posted 29 August 2011 - 08:46 PM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
It won't let me post the new otl log. file is too big
  • 0

#7
nadtribble
Posted 29 August 2011 - 10:24 PM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
here's the file in two parts it was too big
part I
All processes killed SERVICES/DRIVER
PROCESSES
OTL
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TaskTray deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
ADS C:\ProgramData\TEMP:ECF54A0E deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< type "C:\TDSSKiller*.txt" /c >
2011/08/23 23:01:02.0275 1984 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/23 23:01:02.0728 1984
2011/08/23 23:01:02.0728 1984 SystemInfo:
2011/08/23 23:01:02.0728 1984
2011/08/23 23:01:02.0728 1984 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/23 23:01:02.0728 1984 Product type: Workstation
2011/08/23 23:01:02.0728 1984 ComputerName: EASYHOME-PC
2011/08/23 23:01:02.0728 1984 UserName: easyhome
2011/08/23 23:01:02.0728 1984 Windows directory: C:\Windows
2011/08/23 23:01:02.0728 1984 System windows directory: C:\Windows
2011/08/23 23:01:02.0728 1984 Running under WOW64
2011/08/23 23:01:02.0728 1984 Processor architecture: Intel x64
2011/08/23 23:01:02.0728 1984 Number of processors: 4
2011/08/23 23:01:02.0728 1984 Page size: 0x1000
2011/08/23 23:01:02.0728 1984 Boot type: Normal boot
2011/08/23 23:01:02.0728 1984
2011/08/23 23:01:04.0366 1984 Initialize success
2011/08/23 23:01:22.0774 5904 =
2011/08/23 23:01:22.0774 5904 Scan started
2011/08/23 23:01:22.0774 5904 Mode: Manual;
2011/08/23 23:01:22.0774 5904
2011/08/23 23:01:23.0242 5904 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/23 23:01:23.0273 5904 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/23 23:01:23.0304 5904 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/23 23:01:23.0335 5904 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/23 23:01:23.0382 5904 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/23 23:01:23.0413 5904 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/23 23:01:23.0491 5904 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/08/23 23:01:23.0554 5904 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/23 23:01:23.0601 5904 akerneldrv (319b8bcdf8b49ae69be5b7588a901a50) C:\Windows\system32\Drivers\akerneldrv64.sys
2011/08/23 23:01:23.0601 5904 Suspicious file (NoAccess): C:\Windows\system32\Drivers\akerneldrv64.sys. md5: 319b8bcdf8b49ae69be5b7588a901a50
2011/08/23 23:01:23.0601 5904 akerneldrv - detected LockedFile.Multi.Generic (1)
2011/08/23 23:01:23.0632 5904 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/23 23:01:23.0647 5904 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/23 23:01:23.0663 5904 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/23 23:01:23.0710 5904 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/23 23:01:23.0757 5904 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/08/23 23:01:23.0788 5904 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/23 23:01:23.0819 5904 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/08/23 23:01:23.0850 5904 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/08/23 23:01:23.0913 5904 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/23 23:01:23.0928 5904 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/23 23:01:23.0975 5904 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/23 23:01:23.0991 5904 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/23 23:01:24.0053 5904 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/23 23:01:24.0084 5904 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/23 23:01:24.0147 5904 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/23 23:01:24.0162 5904 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/23 23:01:24.0209 5904 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/23 23:01:24.0240 5904 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/23 23:01:24.0271 5904 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/23 23:01:24.0303 5904 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/23 23:01:24.0334 5904 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/23 23:01:24.0349 5904 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/23 23:01:24.0381 5904 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/23 23:01:24.0412 5904 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/23 23:01:24.0490 5904 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/23 23:01:24.0521 5904 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/23 23:01:24.0568 5904 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/23 23:01:24.0599 5904 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/23 23:01:24.0646 5904 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/23 23:01:24.0661 5904 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/23 23:01:24.0739 5904 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/08/23 23:01:24.0771 5904 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/23 23:01:24.0833 5904 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/23 23:01:24.0942 5904 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/23 23:01:25.0036 5904 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/08/23 23:01:25.0083 5904 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/23 23:01:25.0098 5904 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/23 23:01:25.0145 5904 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/23 23:01:25.0192 5904 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/23 23:01:25.0285 5904 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/23 23:01:25.0379 5904 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/23 23:01:25.0410 5904 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/23 23:01:25.0473 5904 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/23 23:01:25.0504 5904 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/23 23:01:25.0535 5904 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/23 23:01:25.0582 5904 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/23 23:01:25.0597 5904 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/23 23:01:25.0613 5904 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/23 23:01:25.0660 5904 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/08/23 23:01:25.0722 5904 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/23 23:01:25.0753 5904 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/23 23:01:25.0831 5904 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/23 23:01:26.0003 5904 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/23 23:01:26.0097 5904 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/23 23:01:26.0143 5904 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/08/23 23:01:26.0190 5904 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/23 23:01:26.0221 5904 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/23 23:01:26.0268 5904 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/23 23:01:26.0315 5904 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/23 23:01:26.0362 5904 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/23 23:01:26.0424 5904 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/23 23:01:26.0471 5904 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/08/23 23:01:26.0502 5904 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/23 23:01:26.0518 5904 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/23 23:01:26.0565 5904 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/08/23 23:01:26.0658 5904 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/23 23:01:26.0752 5904 IntcAzAudAddService (c03463214d23b46b991f582821c8df69) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/23 23:01:26.0830 5904 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/23 23:01:26.0845 5904 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/23 23:01:26.0908 5904 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/23 23:01:27.0064 5904 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/23 23:01:27.0142 5904 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/23 23:01:27.0173 5904 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/23 23:01:27.0204 5904 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/23 23:01:27.0251 5904 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/23 23:01:27.0282 5904 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/23 23:01:27.0298 5904 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/23 23:01:27.0329 5904 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/23 23:01:27.0360 5904 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/23 23:01:27.0407 5904 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/23 23:01:27.0469 5904 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/23 23:01:27.0532 5904 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/23 23:01:27.0563 5904 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/23 23:01:27.0594 5904 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/23 23:01:27.0625 5904 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/23 23:01:27.0672 5904 LS

Edited by nadtribble, 29 August 2011 - 10:27 PM.

  • 0

#8
nadtribble
Posted 29 August 2011 - 10:29 PM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
that last one was part II here is part I
All processes killed SERVICES/DRIVER
PROCESSES
OTL
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TaskTray deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
ADS C:\ProgramData\TEMP:ECF54A0E deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< type "C:\TDSSKiller*.txt" /c >
2011/08/23 23:01:02.0275 1984 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/23 23:01:02.0728 1984
2011/08/23 23:01:02.0728 1984 SystemInfo:
2011/08/23 23:01:02.0728 1984
2011/08/23 23:01:02.0728 1984 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/23 23:01:02.0728 1984 Product type: Workstation
2011/08/23 23:01:02.0728 1984 ComputerName: EASYHOME-PC
2011/08/23 23:01:02.0728 1984 UserName: easyhome
2011/08/23 23:01:02.0728 1984 Windows directory: C:\Windows
2011/08/23 23:01:02.0728 1984 System windows directory: C:\Windows
2011/08/23 23:01:02.0728 1984 Running under WOW64
2011/08/23 23:01:02.0728 1984 Processor architecture: Intel x64
2011/08/23 23:01:02.0728 1984 Number of processors: 4
2011/08/23 23:01:02.0728 1984 Page size: 0x1000
2011/08/23 23:01:02.0728 1984 Boot type: Normal boot
2011/08/23 23:01:02.0728 1984
2011/08/23 23:01:04.0366 1984 Initialize success
2011/08/23 23:01:22.0774 5904 =
2011/08/23 23:01:22.0774 5904 Scan started
2011/08/23 23:01:22.0774 5904 Mode: Manual;
2011/08/23 23:01:22.0774 5904
2011/08/23 23:01:23.0242 5904 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/23 23:01:23.0273 5904 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/23 23:01:23.0304 5904 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/23 23:01:23.0335 5904 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/23 23:01:23.0382 5904 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/23 23:01:23.0413 5904 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/23 23:01:23.0491 5904 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/08/23 23:01:23.0554 5904 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/23 23:01:23.0601 5904 akerneldrv (319b8bcdf8b49ae69be5b7588a901a50) C:\Windows\system32\Drivers\akerneldrv64.sys
2011/08/23 23:01:23.0601 5904 Suspicious file (NoAccess): C:\Windows\system32\Drivers\akerneldrv64.sys. md5: 319b8bcdf8b49ae69be5b7588a901a50
2011/08/23 23:01:23.0601 5904 akerneldrv - detected LockedFile.Multi.Generic (1)
2011/08/23 23:01:23.0632 5904 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/23 23:01:23.0647 5904 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/23 23:01:23.0663 5904 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/23 23:01:23.0710 5904 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/23 23:01:23.0757 5904 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/08/23 23:01:23.0788 5904 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/23 23:01:23.0819 5904 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/08/23 23:01:23.0850 5904 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/08/23 23:01:23.0913 5904 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/23 23:01:23.0928 5904 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/23 23:01:23.0975 5904 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/23 23:01:23.0991 5904 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/23 23:01:24.0053 5904 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/23 23:01:24.0084 5904 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/23 23:01:24.0147 5904 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/23 23:01:24.0162 5904 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/23 23:01:24.0209 5904 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/23 23:01:24.0240 5904 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/23 23:01:24.0271 5904 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/23 23:01:24.0303 5904 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/23 23:01:24.0334 5904 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/23 23:01:24.0349 5904 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/23 23:01:24.0381 5904 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/23 23:01:24.0412 5904 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/23 23:01:24.0490 5904 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/23 23:01:24.0521 5904 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/23 23:01:24.0568 5904 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/23 23:01:24.0599 5904 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/23 23:01:24.0646 5904 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/23 23:01:24.0661 5904 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/23 23:01:24.0739 5904 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/08/23 23:01:24.0771 5904 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/23 23:01:24.0833 5904 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/23 23:01:24.0942 5904 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/23 23:01:25.0036 5904 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/08/23 23:01:25.0083 5904 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/23 23:01:25.0098 5904 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/23 23:01:25.0145 5904 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/23 23:01:25.0192 5904 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/23 23:01:25.0285 5904 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/23 23:01:25.0379 5904 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/23 23:01:25.0410 5904 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/23 23:01:25.0473 5904 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/23 23:01:25.0504 5904 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/23 23:01:25.0535 5904 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/23 23:01:25.0582 5904 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/23 23:01:25.0597 5904 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/23 23:01:25.0613 5904 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/23 23:01:25.0660 5904 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/08/23 23:01:25.0722 5904 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/23 23:01:25.0753 5904 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/23 23:01:25.0831 5904 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/23 23:01:26.0003 5904 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/23 23:01:26.0097 5904 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/23 23:01:26.0143 5904 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/08/23 23:01:26.0190 5904 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/23 23:01:26.0221 5904 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/23 23:01:26.0268 5904 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/23 23:01:26.0315 5904 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/23 23:01:26.0362 5904 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/23 23:01:26.0424 5904 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/23 23:01:26.0471 5904 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/08/23 23:01:26.0502 5904 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/23 23:01:26.0518 5904 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/23 23:01:26.0565 5904 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/08/23 23:01:26.0658 5904 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/23 23:01:26.0752 5904 IntcAzAudAddService (c03463214d23b46b991f582821c8df69) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/23 23:01:26.0830 5904 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/23 23:01:26.0845 5904 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/23 23:01:26.0908 5904 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/23 23:01:27.0064 5904 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/23 23:01:27.0142 5904 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/23 23:01:27.0173 5904 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/23 23:01:27.0204 5904 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/23 23:01:27.0251 5904 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/23 23:01:27.0282 5904 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/23 23:01:27.0298 5904 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/23 23:01:27.0329 5904 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/23 23:01:27.0360 5904 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/23 23:01:27.0407 5904 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/23 23:01:27.0469 5904 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/23 23:01:27.0532 5904 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/23 23:01:27.0563 5904 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/23 23:01:27.0594 5904 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/23 23:01:27.0625 5904 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/23 23:01:27.0672 5904 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/23 23:01:27.0719 5904 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/08/23 23:01:27.0781 5904 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
2011/08/23 23:01:27.0813 5904 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/23 23:01:27.0844 5904 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/23 23:01:27.0891 5904 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/23 23:01:27.0953 5904 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/23 23:01:28.0000 5904 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/23 23:01:28.0031 5904 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/23 23:01:28.0078 5904 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/08/23 23:01:28.0156 5904 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/23 23:01:28.0203 5904 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/23 23:01:28.0234 5904 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/23 23:01:28.0265 5904 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/23 23:01:28.0312 5904 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/23 23:01:28.0359 5904 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/23 23:01:28.0390 5904 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/23 23:01:28.0421 5904 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/23 23:01:28.0452 5904 msahci (94a5023d130bf79a4e54875f6e88a69f) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/23 23:01:28.0483 5904 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/23 23:01:28.0546 5904 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/23 23:01:28.0577 5904 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/23 23:01:28.0608 5904 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/23 23:01:28.0671 5904 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/23 23:01:28.0749 5904 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/23 23:01:28.0764 5904 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/23 23:01:28.0827 5904 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/08/23 23:01:28.0889 5904 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/23 23:01:28.0936 5904 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/23 23:01:28.0967 5904 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/23 23:01:28.0998 5904 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/23 23:01:29.0061 5904 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/23 23:01:29.0139 5904 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/08/23 23:01:29.0217 5904 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/23 23:01:29.0279 5904 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/23 23:01:29.0341 5904 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/23 23:01:29.0373 5904 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/23 23:01:29.0404 5904 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/08/23 23:01:29.0435 5904 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/23 23:01:29.0466 5904 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/23 23:01:29.0544 5904 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/23 23:01:29.0591 5904 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/23 23:01:29.0669 5904 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/23 23:01:29.0731 5904 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/23 23:01:29.0841 5904 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/08/23 23:01:29.0903 5904 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/23 23:01:29.0934 5904 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/08/23 23:01:30.0215 5904 nvlddmkm (4628fa8f0cc0d509bc14a223e99d36f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/23 23:01:30.0496 5904 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
2011/08/23 23:01:30.0558 5904 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/08/23 23:01:30.0605 5904 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/08/23 23:01:30.0667 5904 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/08/23 23:01:30.0745 5904 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
2011/08/23 23:01:30.0777 5904 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/23 23:01:30.0823 5904 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/23 23:01:30.0870 5904 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/23 23:01:30.0901 5904 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/08/23 23:01:30.0964 5904 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
2011/08/23 23:01:31.0011 5904 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/08/23 23:01:31.0026 5904 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/23 23:01:31.0151 5904 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/23 23:01:31.0213 5904 pcrasys (91bbb4dfcfccd3ac1ce9c3d50e2d38dc) C:\Windows\system32\Drivers\pcrasys64.sys
2011/08/23 23:01:31.0213 5904 Suspicious file (NoAccess): C:\Windows\system32\Drivers\pcrasys64.sys. md5: 91bbb4dfcfccd3ac1ce9c3d50e2d38dc
2011/08/23 23:01:31.0213 5904 pcrasys - detected LockedFile.Multi.Generic (1)
2011/08/23 23:01:31.0245 5904 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/23 23:01:31.0291 5904 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/23 23:01:31.0401 5904 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/23 23:01:31.0447 5904 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/23 23:01:31.0541 5904 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/23 23:01:31.0603 5904 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/23 23:01:31.0666 5904 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/23 23:01:31.0728 5904 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/23 23:01:31.0759 5904 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/23 23:01:31.0806 5904 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/23 23:01:31.0853 5904 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/23 23:01:31.0915 5904 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/23 23:01:31.0962 5904 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/23 23:01:31.0993 5904 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/23 23:01:32.0040 5904 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/23 23:01:32.0118 5904 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/23 23:01:32.0181 5904 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/23 23:01:32.0227 5904 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/23 23:01:32.0274 5904 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/08/23 23:01:32.0305 5904 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
2011/08/23 23:01:32.0399 5904 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/23 23:01:32.0477 5904 RTL8192su (4629c5c4772d223b0ecd1ea8ba7a2a33) C:\Windows\system32\DRIVERS\RTL8192su.sys
2011/08/23 23:01:32.0524 5904 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/23 23:01:32.0586 5904 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/23 23:01:32.0633 5904 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/23 23:01:32.0680 5904 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/23 23:01:32.0711 5904 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/23 23:01:32.0742 5904 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/23 23:01:32.0805 5904 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/23 23:01:32.0820 5904 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/23 23:01:32.0945 5904 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/23 23:01:33.0007 5904 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/23 23:01:33.0070 5904 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/23 23:01:33.0101 5904 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/23 23:01:33.0132 5904 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/23 23:01:33.0179 5904 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/23 23:01:33.0257 5904 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/08/23 23:01:33.0335 5904 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/23 23:01:33.0413 5904 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/23 23:01:33.0475 5904 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/23 23:01:33.0538 5904 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/23 23:01:33.0569 5904 Suspicious service (NoAccess): systemCheck
2011/08/23 23:01:33.0663 5904 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
2011/08/23 23:01:33.0725 5904 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/23 23:01:33.0787 5904 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/23 23:01:33.0834 5904 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/23 23:01:33.0865 5904 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/23 23:01:33.0897 5904 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/23 23:01:33.0928 5904 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/23 23:01:34.0021 5904 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/23 23:01:34.0084 5904 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/23 23:01:34.0115 5904 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/23 23:01:34.0177 5904 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/23 23:01:34.0224 5904 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/23 23:01:34.0255 5904 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/23 23:01:34.0287 5904 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/23 23:01:34.0333 5904 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/08/23 23:01:34.0380 5904 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/23 23:01:34.0411 5904 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/23 23:01:34.0474 5904 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/23 23:01:34.0552 5904 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/23 23:01:34.0630 5904 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/23 23:01:34.0692 5904 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/23 23:01:34.0739 5904 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/08/23 23:01:34.0786 5904 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
2011/08/23 23:01:34.0848 5904 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/23 23:01:34.0911 5904 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/23 23:01:34.0957 5904 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/23 23:01:35.0004 5904 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/23 23:01:35.0035 5904 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/23 23:01:35.0082 5904 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/23 23:01:35.0098 5904 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/23 23:01:35.0145 5904 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/08/23 23:01:35.0191 5904 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/23 23:01:35.0223 5904 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/23 23:01:35.0332 5904 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/08/23 23:01:35.0363 5904 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/23 23:01:35.0425 5904 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/23 23:01:35.0457 5904 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/23 23:01:35.0472 5904 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/23 23:01:35.0535 5904 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/23 23:01:35.0581 5904 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/23 23:01:35.0675 5904 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/23 23:01:35.0722 5904 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/23 23:01:35.0831 5904 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/23 23:01:35.0893 5904 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/23 23:01:35.0956 5904 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/08/23 23:01:36.0018 5904 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/23 23:01:36.0065 5904 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/08/23 23:01:36.0081 5904 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/23 23:01:36.0096 5904 Boot (0x1200) (b7caec7c8bc77644351f08c502c2cb2a) \Device\Harddisk0\DR0\Partition0
2011/08/23 23:01:36.0112 5904 Boot (0x1200) (6eeeab7df56d1c71ee6100f538862ef9) \Device\Harddisk0\DR0\Partition1
2011/08/23 23:01:36.0127 5904
2011/08/23 23:01:36.0127 5904 Scan finished
2011/08/23 23:01:36.0127 5904
2011/08/23 23:01:36.0127 5512 Detected object count: 3
2011/08/23 23:01:36.0127 5512 Actual detected object count: 3
2011/08/23 23:01:54.0364 5512 LockedFile.Multi.Generic(akerneldrv) - User select action: Skip
2011/08/23 23:01:54.0364 5512 LockedFile.Multi.Generic(pcrasys) - User select action: Skip
2011/08/23 23:01:54.0395 5512 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/23 23:01:54.0395 5512 \Device\Harddisk0\DR0 - ok
2011/08/23 23:01:54.0395 5512 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/23 23:02:01.0353 5696 Deinitialize success
2011/08/23 23:04:59.0689 4508 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/23 23:05:00.0095 4508 ================================================================================
2011/08/23 23:05:00.0095 4508 SystemInfo:
2011/08/23 23:05:00.0095 4508
2011/08/23 23:05:00.0095 4508 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/23 23:05:00.0095 4508 Product type: Workstation
2011/08/23 23:05:00.0095 4508 ComputerName: EASYHOME-PC
2011/08/23 23:05:00.0095 4508 UserName: easyhome
2011/08/23 23:05:00.0095 4508 Windows directory: C:\Windows
2011/08/23 23:05:00.0095 4508 System windows directory: C:\Windows
2011/08/23 23:05:00.0095 4508 Running under WOW64
2011/08/23 23:05:00.0095 4508 Processor architecture: Intel x64
2011/08/23 23:05:00.0095 4508 Number of processors: 4
2011/08/23 23:05:00.0095 4508 Page size: 0x1000
2011/08/23 23:05:00.0095 4508 Boot type: Normal boot
2011/08/23 23:05:00.0095 4508 ================================================================================
2011/08/23 23:05:03.0121 4508 Initialize success
2011/08/23 23:05:34.0695 4700 ================================================================================
2011/08/23 23:05:34.0695 4700 Scan started
2011/08/23 23:05:34.0695 4700 Mode: Manual;
2011/08/23 23:05:34.0695 4700 ================================================================================
2011/08/23 23:05:36.0021 4700 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/23 23:05:36.0068 4700 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/23 23:05:36.0099 4700 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/23 23:05:36.0146 4700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/23 23:05:36.0193 4700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/23 23:05:36.0209 4700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/23 23:05:36.0302 4700 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/08/23 23:05:36.0333 4700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/23 23:05:36.0380 4700 akerneldrv (319b8bcdf8b49ae69be5b7588a901a50) C:\Windows\system32\Drivers\akerneldrv64.sys
2011/08/23 23:05:36.0380 4700 Suspicious file (NoAccess): C:\Windows\system32\Drivers\akerneldrv64.sys. md5: 319b8bcdf8b49ae69be5b7588a901a50
2011/08/23 23:05:36.0380 4700 akerneldrv - detected LockedFile.Multi.Generic (1)
2011/08/23 23:05:36.0411 4700 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/23 23:05:36.0443 4700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/23 23:05:36.0458 4700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/23 23:05:36.0474 4700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/23 23:05:36.0521 4700 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/08/23 23:05:36.0536 4700 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/23 23:05:36.0567 4700 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/08/23 23:05:36.0599 4700 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/08/23 23:05:36.0645 4700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/23 23:05:36.0661 4700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/23 23:05:36.0692 4700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/23 23:05:36.0723 4700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/23 23:05:36.0755 4700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/23 23:05:36.0801 4700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/23 23:05:36.0833 4700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/23 23:05:36.0864 4700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/23 23:05:36.0911 4700 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/23 23:05:36.0942 4700 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/23 23:05:36.0973 4700 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/23 23:05:36.0989 4700 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/23 23:05:37.0020 4700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/23 23:05:37.0035 4700 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/23 23:05:37.0067 4700 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/23 23:05:37.0082 4700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/23 23:05:37.0160 4700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/23 23:05:37.0191 4700 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/23 23:05:37.0223 4700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/23 23:05:37.0254 4700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/23 23:05:37.0285 4700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/23 23:05:37.0301 4700 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/23 23:05:37.0347 4700 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/08/23 23:05:37.0394 4700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/23 23:05:37.0425 4700 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/23 23:05:37.0535 4700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/23 23:05:37.0628 4700 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/08/23 23:05:37.0675 4700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/23 23:05:37.0706 4700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/23 23:05:37.0722 4700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/23 23:05:37.0784 4700 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/23 23:05:37.0862 4700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/23 23:05:37.0956 4700 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/23 23:05:37.0971 4700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/23 23:05:38.0034 4700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/23 23:05:38.0096 4700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/23 23:05:38.0127 4700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/23 23:05:38.0190 4700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/23 23:05:38.0205 4700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/23 23:05:38.0221 4700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/23 23:05:38.0268 4700 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/08/23 23:05:38.0315 4700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/23 23:05:38.0330 4700 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/23 23:05:38.0408 4700 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/23 23:05:38.0549 4700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/23 23:05:38.0642 4700 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/23 23:05:38.0673 4700 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/08/23 23:05:38.0705 4700 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/23 23:05:38.0736 4700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/23 23:05:38.0767 4700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/23 23:05:38.0814 4700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/23 23:05:38.0829 4700 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/23 23:05:38.0876 4700 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/23 23:05:38.0923 4700 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/08/23 23:05:38.0939 4700 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/23 23:05:38.0954 4700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/23 23:05:39.0001 4700 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/08/23 23:05:39.0032 4700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/23 23:05:39.0110 4700 IntcAzAudAddService (c03463214d23b46b991f582821c8df69) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/23 23:05:39.0141 4700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/23 23:05:39.0157 4700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/23 23:05:39.0204 4700 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/23 23:05:39.0235 4700 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/23 23:05:39.0282 4700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/23 23:05:39.0313 4700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/23 23:05:39.0329 4700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/23 23:05:39.0375 4700 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/23 23:05:39.0391 4700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/23 23:05:39.0407 4700 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/23 23:05:39.0453 4700 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/23 23:05:39.0485 4700 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/23 23:05:39.0516 4700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/23 23:05:39.0594 4700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/23 23:05:39.0672 4700 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/23 23:05:39.0719 4700 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/23 23:05:39.0750 4700 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/23 23:05:39.0797 4700 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/23 23:05:39.0828 4700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/23 23:05:39.0890 4700 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/08/23 23:05:39.0937 4700 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
2011/08/23 23:05:39.0968 4700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/23 23:05:39.0999 4700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/23 23:05:40.0109 4700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/23 23:05:40.0155 4700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/23 23:05:40.0187 4700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/23 23:05:40.0249 4700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/23 23:05:40.0296 4700 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/08/23 23:05:40.0358 4700 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/23 23:05:40.0389 4700 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/23 23:05:40.0421 4700 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/23 23:05:40.0452 4700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/23 23:05:40.0483 4700 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/23 23:05:40.0530 4700 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/23 23:05:40.0545 4700 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/23 23:05:40.0577 4700 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/23 23:05:40.0701 4700 msahci (94a5023d130bf79a4e54875f6e88a69f) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/23 23:05:40.0748 4700 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/23 23:05:40.0779 4700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/23 23:05:40.0826 4700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/23 23:05:40.0842 4700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/23 23:05:40.0904 4700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/23 23:05:40.0951 4700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/23 23:05:40.0967 4700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/23 23:05:40.0998 4700 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/08/23 23:05:41.0029 4700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/23 23:05:41.0045 4700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/23 23:05:41.0076 4700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/23 23:05:41.0123 4700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/23 23:05:41.0154 4700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/23 23:05:41.0232 4700 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/08/23 23:05:41.0279 4700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/23 23:05:41.0310 4700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/23 23:05:41.0357 4700 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/23 23:05:41.0388 4700 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/23 23:05:41.0419 4700 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/08/23 23:05:41.0450 4700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/23 23:05:41.0497 4700 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/23 23:05:41.0575 4700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/23 23:05:41.0606 4700 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/23 23:05:41.0669 4700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/23 23:05:41.0715 4700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/23 23:05:41.0809 4700 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/08/23 23:05:41.0918 4700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/23 23:05:41.0949 4700 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/08/23 23:05:42.0449 4700 nvlddmkm (4628fa8f0cc0d509bc14a223e99d36f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/23 23:05:42.0573 4700 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
2011/08/23 23:05:42.0651 4700 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/08/23 23:05:42.0683 4700 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/08/23 23:05:42.0729 4700 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/08/23 23:05:42.0776 4700 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
2011/08/23 23:05:42.0823 4700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/23 23:05:42.0854 4700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/23 23:05:42.0885 4700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/23 23:05:42.0917 4700 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/08/23 23:05:42.0963 4700 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
2011/08/23 23:05:43.0135 4700 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/08/23 23:05:43.0166 4700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/23 23:05:43.0197 4700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/23 23:05:43.0244 4700 pcrasys (91bbb4dfcfccd3ac1ce9c3d50e2d38dc) C:\Windows\system32\Drivers\pcrasys64.sys
2011/08/23 23:05:43.0244 4700 Suspicious file (NoAccess): C:\Windows\system32\Drivers\pcrasys64.sys. md5: 91bbb4dfcfccd3ac1ce9c3d50e2d38dc
2011/08/23 23:05:43.0244 4700 pcrasys - detected LockedFile.Multi.Generic (1)
2011/08/23 23:05:43.0291 4700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/23 23:05:43.0431 4700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/23 23:05:43.0587 4700 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/23 23:05:43.0619 4700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/23 23:05:43.0665 4700 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/23 23:05:43.0712 4700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/23 23:05:43.0759 4700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/23 23:05:43.0806 4700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/23 23:05:43.0837 4700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/23 23:05:43.0884 4700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/23 23:05:43.0915 4700 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/23 23:05:43.0962 4700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/23 23:05:44.0009 4700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/23 23:05:44.0040 4700 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/23 23:05:44.0055 4700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/23 23:05:44.0087 4700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/23 23:05:44.0133 4700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/23 23:05:44.0165 4700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/23 23:05:44.0196 4700 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/08/23 23:05:44.0243 4700 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
2011/08/23 23:05:44.0305 4700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/23 23:05:44.0367 4700 RTL8192su (4629c5c4772d223b0ecd1ea8ba7a2a33) C:\Windows\system32\DRIVERS\RTL8192su.sys
2011/08/23 23:05:44.0430 4700 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/23 23:05:44.0492 4700 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/23 23:05:44.0539 4700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/23 23:05:44.0570 4700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/23 23:05:44.0601 4700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/23 23:05:44.0633 4700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/23 23:05:44.0679 4700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/23 23:05:44.0695 4700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/23 23:05:44.0726 4700 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/23 23:05:44.0742 4700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/23 23:05:44.0773 4700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/23 23:05:44.0804 4700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/23 23:05:44.0835 4700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/23 23:05:44.0882 4700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/23 23:05:44.0945 4700 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/08/23 23:05:45.0007 4700 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/23 23:05:45.0054 4700 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/23 23:05:45.0085 4700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/23 23:05:45.0116 4700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/23 23:05:45.0147 4700 Suspicious service (NoAccess): systemCheck
2011/08/23 23:05:45.0257 4700 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
2011/08/23 23:05:45.0335 4700 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/23 23:05:45.0381 4700 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/23 23:05:45.0413 4700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/23 23:05:45.0444 4700 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/23 23:05:45.0506 4700 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/23 23:05:45.0522 4700 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/23 23:05:45.0615 4700 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/23 23:05:45.0662 4700 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/23 23:05:45.0678 4700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/23 23:05:45.0725 4700 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/23 23:05:45.0756 4700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/23 23:05:45.0787 4700 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/23 23:05:45.0818 4700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/23 23:05:45.0849 4700 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/08/23 23:05:45.0896 4700 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/23 23:05:45.0912 4700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/23 23:05:45.0959 4700 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/23 23:05:46.0005 4700 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/23 23:05:46.0052 4700 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/23 23:05:46.0099 4700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/23 23:05:46.0146 4700 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/08/23 23:05:46.0193 4700 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
2011/08/23 23:05:46.0239 4700 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/23 23:05:46.0271 4700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/23 23:05:46.0302 4700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/23 23:05:46.0333 4700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/23 23:05:46.0364 4700 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/23 23:05:46.0380 4700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/23 23:05:46.0411 4700 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/23 23:05:46.0442 4700 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/08/23 23:05:46.0473 4700 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/23 23:05:46.0505 4700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/23 23:05:46.0551 4700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/08/23 23:05:46.0567 4700 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/23 23:05:46.0614 4700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/23 23:05:46.0645 4700 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/23 23:05:46.0661 4700 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/23 23:05:46.0707 4700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/23 23:05:46.0739 4700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/23 23:05:46.0817 4700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/23 23:05:46.0832 4700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/23 23:05:46.0895 4700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/23 23:05:46.0973 4700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/23 23:05:47.0019 4700 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/08/23 23:05:47.0051 4700 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/23 23:05:47.0082 4700 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/23 23:05:47.0113 4700 Boot (0x1200) (b7caec7c8bc77644351f08c502c2cb2a) \Device\Harddisk0\DR0\Partition0
2011/08/23 23:05:47.0129 4700 Boot (0x1200) (6eeeab7df56d1c71ee6100f538862ef9) \Device\Harddisk0\DR0\Partition1
2011/08/23 23:05:47.0129 4700 ================================================================================
2011/08/23 23:05:47.0129 4700 Scan finished
2011/08/23 23:05:47.0129 4700 ================================================================================
2011/08/23 23:05:47.0144 4652 Detected object count: 2
2011/08/23 23:05:47.0144 4652 Actual detected object count: 2
2011/08/23 23:06:04.0663 4652 akerneldrv (319b8bcdf8b49ae69be5b7588a901a50) C:\Windows\system32\Drivers\akerneldrv64.sys
2011/08/23 23:06:04.0663 4652 Suspicious file (NoAccess): C:\Windows\system32\Drivers\akerneldrv64.sys. md5: 319b8bcdf8b49ae69be5b7588a901a50
2011/08/23 23:06:04.0679 4652 C:\Windows\system32\Drivers\akerneldrv64.sys - copied to quarantine
2011/08/23 23:06:04.0694 4652 LockedFile.Multi.Generic(akerneldrv) - User select action: Quarantine
2011/08/23 23:06:04.0710 4652 pcrasys (91bbb4dfcfccd3ac1ce9c3d50e2d38dc) C:\Windows\system32\Drivers\pcrasys64.sys
2011/08/23 23:06:04.0710 4652 Suspicious file (NoAccess): C:\Windows\system32\Drivers\pcrasys64.sys. md5: 91bbb4dfcfccd3ac1ce9c3d50e2d38dc
2011/08/23 23:06:04.0725 4652 C:\Windows\system32\Drivers\pcrasys64.sys - copied to quarantine
2011/08/23 23:06:04.0725 4652 LockedFile.Multi.Generic(pcrasys) - User select action: Quarantine
2011/08/23 23:06:14.0756 0716 ================================================================================
2011/08/23 23:06:14.0756 0716 Scan started
2011/08/23 23:06:14.0756 0716 Mode: Manual;
2011/08/23 23:06:14.0756 0716 ================================================================================
2011/08/23 23:06:15.0240 0716 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/23 23:06:15.0271 0716 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/23 23:06:15.0302 0716 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/23 23:06:15.0349 0716 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/23 23:06:15.0380 0716 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/23 23:06:15.0396 0716 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/23 23:06:15.0474 0716 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/08/23 23:06:15.0489 0716 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/23 23:06:15.0505 0716 akerneldrv (319b8bcdf8b49ae69be5b7588a901a50) C:\Windows\system32\Drivers\akerneldrv64.sys
2011/08/23 23:06:15.0505 0716 Suspicious file (NoAccess): C:\Windows\system32\Drivers\akerneldrv64.sys. md5: 319b8bcdf8b49ae69be5b7588a901a50
2011/08/23 23:06:15.0505 0716 akerneldrv - detected LockedFile.Multi.Generic (1)
2011/08/23 23:06:15.0583 0716 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/23 23:06:15.0614 0716 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/23 23:06:15.0630 0716 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/23 23:06:15.0661 0716 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/23 23:06:15.0708 0716 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/08/23 23:06:15.0739 0716 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/23 23:06:15.0755 0716 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/08/23 23:06:15.0786 0716 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/08/23 23:06:15.0817 0716 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/23 23:06:15.0833 0716 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/23 23:06:15.0879 0716 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/23 23:06:15.0895 0716 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/23 23:06:15.0942 0716 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/23 23:06:15.0957 0716 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/23 23:06:16.0004 0716 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/23 23:06:16.0020 0716 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/23 23:06:16.0067 0716 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/23 23:06:16.0098 0716 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/23 23:06:16.0129 0716 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/23 23:06:16.0145 0716 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/23 23:06:16.0176 0716 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/23 23:06:16.0191 0716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/23 23:06:16.0223 0716 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/23 23:06:16.0238 0716 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/23 23:06:16.0301 0716 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/23 23:06:16.0332 0716 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/23 23:06:16.0347 0716 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/23 23:06:16.0379 0716 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/23 23:06:16.0425 0716 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/23 23:06:16.0441 0716 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/23 23:06:16.0488 0716 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/08/23 23:06:16.0519 0716 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/23 23:06:16.0535 0716 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/23 23:06:16.0659 0716 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/23 23:06:16.0753 0716 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/08/23 23:06:16.0784 0716 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/23 23:06:16.0800 0716 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/23 23:06:16.0831 0716 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/23 23:06:16.0893 0716 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/23 23:06:17.0018 0716 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/23 23:06:17.0081 0716 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/23 23:06:17.0096 0716 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/23 23:06:17.0159 0716 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/23 23:06:17.0205 0716 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/23 23:06:17.0221 0716 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/23 23:06:17.0268 0716 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/23 23:06:17.0299 0716 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/23 23:06:17.0315 0716 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/23 23:06:17.0346 0716 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/08/23 23:06:17.0393 0716 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/23 23:06:17.0408 0716 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/23 23:06:17.0455 0716 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/23 23:06:17.0611 0716 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/23 23:06:17.0720 0716 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/23 23:06:17.0751 0716 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/08/23 23:06:17.0767 0716 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/23 23:06:17.0798 0716 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/23 23:06:17.0845 0716 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/23 23:06:17.0876 0716 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/23 23:06:17.0907 0716 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/23 23:06:17.0970 0716 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/23 23:06:18.0001 0716 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/08/23 23:06:18.0017 0716 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/23 23:06:18.0048 0716 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/23 23:06:18.0095 0716 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/08/23 23:06:18.0141 0716 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/23 23:06:18.0219 0716 IntcAzAudAddService (c03463214d23b46b991f582821c8df69) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/23 23:06:18.0251 0716 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/23 23:06:18.0266 0716 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/23 23:06:18.0313 0716 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/23 23:06:18.0344 0716 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/23 23:06:18.0391 0716 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/23 23:06:18.0407 0716 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/23 23:06:18.0438 0716 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/23 23:06:18.0469 0716 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/23 23:06:18.0500 0716 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/23 23:06:18.0516 0716 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/23 23:06:18.0531 0716 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/23 23:06:18.0563 0716 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/23 23:06:18.0609 0716 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/23 23:06:18.0641 0716 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/23 23:06:18.0687 0716 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/23 23:06:18.0719 0716 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/23 23:06:18.0750 0716 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/23 23:06:18.0781 0716 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/23 23:06:18.0812 0716 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/23 23:06:18.0859 0716 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/08/23 23:06:18.0890 0716 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
2011/08/23 23:06:18.0921 0716 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/23 23:06:18.0937 0716 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/23 23:06:18.0984 0716 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/23 23:06:19.0015 0716 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/23 23:06:19.0062 0716 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/23 23:06:19.0077 0716 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/23 23:06:19.0109 0716 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/08/23 23:06:19.0155 0716 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/23 23:06:19.0202 0716 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/23 23:06:19.0218 0716 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/23 23:06:19.0249 0716 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/23 23:06:19.0280 0716 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/23 23:06:19.0311 0716 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/23 23:06:19.0343 0716 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/23 23:06:19.0358 0716 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/23 23:06:19.0483 0716 msahci (94a5023d130bf79a4e54875f6e88a69f) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/23 23:06:19.0514 0716 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/23 23:06:19.0561 0716 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/23 23:06:19.0592 0716 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/23 23:06:19.0623 0716 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/23 23:06:19.0670 0716 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/23 23:06:19.0686 0716 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/23 23:06:19.0717 0716 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/23 23:06:19.0748 0716 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/08/23 23:06:19.0764 0716 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/23 23:06:19.0842 0716 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/23 23:06:19.0873 0716 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/23 23:06:19.0904 0716 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/23 23:06:19.0951 0716 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/23 23:06:19.0998 0716 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/08/23 23:06:20.0029 0716 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/23 23:06:20.0076 0716 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/23 23:06:20.0123 0716 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/23 23:06:20.0154 0716 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/23 23:06:20.0185 0716 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/08/23 23:06:20.0216 0716 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/23 23:06:20.0263 0716 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/23 23:06:20.0310 0716 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/23 23:06:20.0357 0716 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/23 23:06:20.0403 0716 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/23 23:06:20.0435 0716 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/23 23:06:20.0513 0716 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/08/23 23:06:20.0544 0716 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/23 23:06:20.0575 0716 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/08/23 23:06:20.0840 0716 nvlddmkm (4628fa8f0cc0d509bc14a223e99d36f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/23 23:06:20.0949 0716 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
2011/08/23 23:06:21.0012 0716 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/08/23 23:06:21.0043 0716 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/08/23 23:06:21.0090 0716 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/08/23 23:06:21.0137 0716 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
2011/08/23 23:06:21.0168 0716 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/23 23:06:21.0199 0716 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/23 23:06:21.0230 0716 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/23 23:06:21.0246 0716 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/08/23 23:06:21.0293 0716 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
2011/08/23 23:06:21.0324 0716 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/08/23 23:06:21.0355 0716 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/23 23:06:21.0464 0716 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/23 23:06:21.0495 0716 pcrasys (91bbb4dfcfccd3ac1ce9c3d50e2d38dc) C:\Windows\system32\Drivers\pcrasys64.sys
2011/08/23 23:06:21.0511 0716 Suspicious file (NoAccess): C:\Windows\system32\Drivers\pcrasys64.sys. md5: 91bbb4dfcfccd3ac1ce9c3d50e2d38dc
2011/08/23 23:06:21.0511 0716 pcrasys - detected LockedFile.Multi.Generic (1)
2011/08/23 23:06:21.0558 0716 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/23 23:06:21.0589 0716 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/23 23:06:21.0698 0716 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/23 23:06:21.0729 0716 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/23 23:06:21.0823 0716 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/23 23:06:21.0870 0716 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/23 23:06:21.0917 0716 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/23 23:06:21.0948 0716 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/23 23:06:21.0979 0716 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/23 23:06:22.0010 0716 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/23 23:06:22.0057 0716 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/23 23:06:22.0088 0716 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/23 23:06:22.0119 0716 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/23 23:06:22.0151 0716 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/23 23:06:22.0182 0716 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/23 23:06:22.0213 0716 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/23 23:06:22.0229 0716 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/23 23:06:22.0260 0716 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/23 23:06:22.0307 0716 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/08/23 23:06:22.0322 0716 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
2011/08/23 23:06:22.0385 0716 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/23 23:06:22.0447 0716 RTL8192su (4629c5c4772d223b0ecd1ea8ba7a2a33) C:\Windows\system32\DRIVERS\RTL8192su.sys
2011/08/23 23:06:22.0478 0716 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/23 23:06:22.0509 0716 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/23 23:06:22.0541 0716 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/23 23:06:22.0587 0716 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/23 23:06:22.0603 0716 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/23 23:06:22.0634 0716 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/23 23:06:22.0759 0716 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/23 23:06:22.0837 0716 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/23 23:06:22.0868 0716 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/23 23:06:22.0899 0716 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/23 23:06:22.0915 0716 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/23 23:06:22.0946 0716 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/23 23:06:22.0962 0716 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/23 23:06:23.0009 0716 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/23 23:06:23.0087 0716 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/08/23 23:06:23.0118 0716 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/23 23:06:23.0165 0716 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/23 23:06:23.0196 0716 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/23 23:06:23.0227 0716 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/23 23:06:23.0258 0716 Suspicious service (NoAccess): systemCheck
2011/08/23 23:06:23.0367 0716 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
2011/08/23 23:06:23.0414 0716 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/23 23:06:23.0477 0716 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/23 23:06:23.0508 0716 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/23 23:06:23.0539 0716 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/23 23:06:23.0570 0716 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/23 23:06:23.0601 0716 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/23 23:06:23.0679 0716 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/23 23:06:23.0711 0716 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/23 23:06:23.0726 0716 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/23 23:06:23.0820 0716 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/23 23:06:23.0867 0716 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/23 23:06:23.0913 0716 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/23 23:06:23.0945 0716 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/23 23:06:23.0976 0716 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/08/23 23:06:24.0007 0716 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/23 23:06:24.0023 0716 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/23 23:06:24.0069 0716 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/23 23:06:24.0101 0716 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/23 23:06:24.0147 0716 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/23 23:06:24.0179 0716 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/23 23:06:24.0210 0716 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/08/23 23:06:24.0241 0716 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
2011/08/23 23:06:24.0272 0716 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/23 23:06:24.0303 0716 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/23 23:06:24.0335 0716 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/23 23:06:24.0366 0716 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/23 23:06:24.0397 0716 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/23 23:06:24.0413 0716 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/23 23:06:24.0444 0716 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/23 23:06:24.0475 0716 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/08/23 23:06:24.0506 0716 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/23 23:06:24.0537 0716 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/23 23:06:24.0569 0716 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/08/23 23:06:24.0584 0716 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/23 23:06:24.0615 0716 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/23 23:06:24.0647 0716 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/23 23:06:24.0662 0716 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/23 23:06:24.0709 0716 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/23 23:06:24.0740 0716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/23 23:06:24.0803 0716 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/23 23:06:24.0834 0716 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/23 23:06:24.0896 0716 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/23 23:06:24.0943 0716 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/23 23:06:24.0990 0716 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/08/23 23:06:25.0005 0716 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/23 23:06:25.0052 0716 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/23 23:06:25.0083 0716 Boot (0x1200) (b7caec7c8bc77644351f08c502c2cb2a) \Device\Harddisk0\DR0\Partition0
2011/08/23 23:06:25.0099 0716 Boot (0x1200) (6eeeab7df56d1c71ee6100f538862ef9) \Device\Harddisk0\DR0\Partition1
2011/08/23 23:06:25.0099 0716 ================================================================================
2011/08/23 23:06:25.0099 0716 Scan finished
2011/08/23 23:06:25.0099 0716 ================================================================================
2011/08/23 23:06:25.0115 1620 Detected object count: 2
2011/08/23 23:06:25.0115 1620 Actual detected object count: 2
2011/08/23 23:06:56.0081 1620 HKLM\SYSTEM\ControlSet001\services\akerneldrv - will be deleted after reboot
2011/08/23 23:06:56.0096 1620 HKLM\SYSTEM\ControlSet002\services\akerneldrv - will be deleted after reboot
2011/08/23 23:06:56.0112 1620 C:\Windows\system32\Drivers\akerneldrv64.sys - will be deleted after reboot
2011/08/23 23:06:56.0112 1620 LockedFile.Multi.Generic(akerneldrv) - User select action: Delete
2011/08/23 23:06:56.0127 1620 HKLM\SYSTEM\ControlSet001\services\pcrasys - will be deleted after reboot
2011/08/23 23:06:56.0127 1620 HKLM\SYSTEM\ControlSet002\services\pcrasys - will be deleted after reboot
2011/08/23 23:06:56.0127 1620 C:\Windows\system32\Drivers\pcrasys64.sys - will be deleted after reboot
2011/08/23 23:06:56.0127 1620 LockedFile.Multi.Generic(pcrasys) - User select action: Delete
2011/08/23 23:07:26.0703 4500 Deinitialize success
2011/08/23 23:10:21.0972 4684 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/23 23:10:22.0393 4684 ================================================================================
2011/08/23 23:10:22.0393 4684 SystemInfo:
2011/08/23 23:10:22.0393 4684
2011/08/23 23:10:22.0393 4684 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/23 23:10:22.0393 4684 Product type: Workstation
2011/08/23 23:10:22.0393 4684 ComputerName: EASYHOME-PC
2011/08/23 23:10:22.0393 4684 UserName: easyhome
2011/08/23 23:10:22.0393 4684 Windows directory: C:\Windows
2011/08/23 23:10:22.0393 4684 System windows directory: C:\Windows
2011/08/23 23:10:22.0393 4684 Running under WOW64
2011/08/23 23:10:22.0393 4684 Processor architecture: Intel x64
2011/08/23 23:10:22.0393 4684 Number of processors: 4
2011/08/23 23:10:22.0393 4684 Page size: 0x1000
2011/08/23 23:10:22.0393 4684 Boot type: Normal boot
2011/08/23 23:10:22.0393 4684 ================================================================================
2011/08/23 23:10:24.0375 4684 Initialize success
2011/08/23 23:10:25.0747 4884 ================================================================================
2011/08/23 23:10:25.0747 4884 Scan started
2011/08/23 23:10:25.0747 4884 Mode: Manual;
2011/08/23 23:10:25.0747 4884 ================================================================================
2011/08/23 23:10:26.0668 4884 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/23 23:10:26.0699 4884 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/23 23:10:26.0746 4884 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/23 23:10:26.0793 4884 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/23 23:10:26.0839 4884 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/23 23:10:26.0855 4884 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/23 23:10:26.0949 4884 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/08/23 23:10:26.0995 4884 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/23 23:10:27.0058 4884 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/23 23:10:27.0073 4884 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/23 23:10:27.0089 4884 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/23 23:10:27.0120 4884 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/23 23:10:27.0167 4884 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/08/23 23:10:27.0183 4884 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/23 23:10:27.0198 4884 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/08/23 23:10:27.0245 4884 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/08/23 23:10:27.0276 4884 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/23 23:10:27.0292 4884 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/23 23:10:27.0339 4884 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/23 23:10:27.0370 4884 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/23 23:10:27.0432 4884 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/23 23:10:27.0463 4884 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/23 23:10:27.0510 4884 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/23 23:10:27.0526 4884 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/23 23:10:27.0573 4884 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/23 23:10:27.0604 4884 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/23 23:10:27.0635 4884 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/23 23:10:27.0666 4884 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/23 23:10:27.0682 4884 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/23 23:10:27.0713 4884 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/23 23:10:27.0729 4884 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/23 23:10:27.0760 4884 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/23 23:10:27.0838 4884 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/23 23:10:27.0853 4884 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/23 23:10:27.0916 4884 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/23 23:10:27.0947 4884 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/23 23:10:27.0994 4884 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/23 23:10:28.0009 4884 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/23 23:10:28.0056 4884 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/08/23 23:10:28.0087 4884 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/23 23:10:28.0119 4884 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/23 23:10:28.0228 4884 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/23 23:10:28.0337 4884 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/08/23 23:10:28.0368 4884 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/23 23:10:28.0384 4884 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/23 23:10:28.0431 4884 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/23 23:10:28.0509 4884 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/23 23:10:28.0633 4884 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/23 23:10:28.0758 4884 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/23 23:10:28.0789 4884 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/23 23:10:28.0836 4884 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/23 23:10:28.0899 4884 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/23 23:10:28.0930 4884 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/23 23:10:28.0992 4884 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/23 23:10:29.0008 4884 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/23 23:10:29.0039 4884 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/23 23:10:29.0070 4884 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/08/23 23:10:29.0133 4884 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/23 23:10:29.0148 4884 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/23 23:10:29.0226 4884 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/23 23:10:29.0257 4884 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/23 23:10:29.0320 4884 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/23 23:10:29.0351 4884 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/08/23 23:10:29.0398 4884 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/23 23:10:29.0429 4884 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/23 23:10:29.0460 4884 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/23 23:10:29.0476 4884 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/23 23:10:29.0507 4884 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/23 23:10:29.0554 4884 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/23 23:10:29.0601 4884 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/08/23 23:10:29.0616 4884 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/23 23:10:29.0679 4884 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/23 23:10:29.0741 4884 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/08/23 23:10:29.0772 4884 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/23 23:10:29.0866 4884 IntcAzAudAddService (c03463214d23b46b991f582821c8df69) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/23 23:10:29.0897 4884 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/23 23:10:29.0913 4884 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/23 23:10:29.0959 4884 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/23 23:10:30.0006 4884 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/23 23:10:30.0053 4884 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/23 23:10:30.0084 4884 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/23 23:10:30.0100 4884 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/23 23:10:30.0131 4884 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/23 23:10:30.0162 4884 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/23 23:10:30.0178 4884 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/23 23:10:30.0225 4884 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/23 23:10:30.0256 4884 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/23 23:10:30.0303 4884 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/23 23:10:30.0396 4884 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/23 23:10:30.0459 4884 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/23 23:10:30.0474 4884 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/23 23:10:30.0505 4884 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/23 23:10:30.0537 4884 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/23 23:10:30.0583 4884 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/23 23:10:30.0630 4884 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/08/23 23:10:30.0661 4884 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
2011/08/23 23:10:30.0693 4884 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/23 23:10:30.0724 4884 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/23 23:10:30.0771 4884 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/23 23:10:30.0817 4884 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/23 23:10:30.0833 4884 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/23 23:10:30.0849 4884 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/23 23:10:30.0895 4884 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/08/23 23:10:30.0958 4884 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/23 23:10:30.0989 4884 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/23 23:10:31.0020 4884 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/23 23:10:31.0036 4884 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/23 23:10:31.0067 4884 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/23 23:10:31.0098 4884 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/23 23:10:31.0129 4884 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/23 23:10:31.0161 4884 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/23 23:10:31.0192 4884 msahci (94a5023d130bf79a4e54875f6e88a69f) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/23 23:10:31.0223 4884 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/23 23:10:31.0254 4884 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/23 23:10:31.0285 4884 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/23 23:10:31.0317 4884 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/23 23:10:31.0363 4884 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/23 23:10:31.0395 4884 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/23 23:10:31.0410 4884 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/23 23:10:31.0457 4884 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/08/23 23:10:31.0473 4884 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/23 23:10:31.0504 4884 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/23 23:10:31.0535 4884 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/23 23:10:31.0566 4884 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/23 23:10:31.0613 4884 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/23 23:10:31.0660 4884 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/08/23 23:10:31.0707 4884 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/23 23:10:31.0753 4884 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/23 23:10:31.0785 4884 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/23 23:10:31.0816 4884 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/23 23:10:31.0847 4884 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/08/23 23:10:31.0878 4884 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/23 23:10:31.0909 4884 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/23 23:10:31.0972 4884 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/23 23:10:32.0019 4884 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/23 23:10:32.0065 4884 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/23 23:10:32.0112 4884 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/23 23:10:32.0315 4884 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/08/23 23:10:32.0377 4884 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/23 23:10:32.0565 4884 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/08/23 23:10:32.0892 4884 nvlddmkm (4628fa8f0cc0d509bc14a223e99d36f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/23 23:10:32.0986 4884 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
2011/08/23 23:10:33.0048 4884 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/08/23 23:10:33.0095 4884 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/08/23 23:10:33.0157 4884 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/08/23 23:10:33.0189 4884 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
2011/08/23 23:10:33.0220 4884 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/23 23:10:33.0235 4884 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/23 23:10:33.0267 4884 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/23 23:10:33.0298 4884 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/08/23 23:10:33.0360 4884 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
2011/08/23 23:10:33.0391 4884 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/08/23 23:10:33.0423 4884 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/23 23:10:33.0454 4884 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/23 23:10:33.0469 4884 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/23 23:10:33.0516 4884 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/23 23:10:33.0610 4884 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/23 23:10:33.0641 4884 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/23 23:10:33.0703 4884 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/23 23:10:33.0750 4884 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/23 23:10:33.0797 4884 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/23 23:10:33.0844 4884 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/23 23:10:33.0891 4884 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/23 23:10:33.0922 4884 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/23 23:10:33.0969 4884 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/23 23:10:34.0000 4884 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/23 23:10:34.0047 4884 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/23 23:10:34.0078 4884 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/23 23:10:34.0109 4884 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/23 23:10:34.0140 4884 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/23 23:10:34.0187 4884 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/23 23:10:34.0218 4884 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/23 23:10:34.0249 4884 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/08/23 23:10:34.0281 4884 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
2011/08/23 23:10:34.0374 4884 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/23 23:10:34.0452 4884 RTL8192su (4629c5c4772d223b0ecd1ea8ba7a2a33) C:\Windows\system32\DRIVERS\RTL8192su.sys
2011/08/23 23:10:34.0499 4884 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/23 23:10:34.0546 4884 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/23 23:10:34.0577 4884 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/23 23:10:34.0624 4884 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/23 23:10:34.0639 4884 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/23 23:10:34.0671 4884 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/23 23:10:34.0733 4884 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/23 23:10:34.0764 4884 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/23 23:10:34.0795 4884 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/23 23:10:34.0811 4884 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/23 23:10:34.0842 4884 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/23 23:10:34.0873 4884 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/23 23:10:34.0920 4884 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/23 23:10:34.0951 4884 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/23 23:10:35.0029 4884 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/08/23 23:10:35.0076 4884 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/23 23:10:35.0123 4884 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/23 23:10:35.0154 4884 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/23 23:10:35.0185 4884 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/23 23:10:35.0217 4884 Suspicious service (NoAccess): systemCheck
2011/08/23 23:10:35.0295 4884 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
2011/08/23 23:10:35.0357 4884 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/23 23:10:35.0404 4884 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/23 23:10:35.0451 4884 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/23 23:10:35.0466 4884 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/23 23:10:35.0513 4884 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/23 23:10:35.0544 4884 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/23 23:10:35.0607 4884 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/23 23:10:35.0653 4884 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/23 23:10:35.0669 4884 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/23 23:10:35.0716 4884 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/23 23:10:35.0747 4884 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/23 23:10:35.0778 4884 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/23 23:10:35.0809 4884 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/23 23:10:35.0841 4884 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/08/23 23:10:35.0887 4884 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/23 23:10:35.0903 4884 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/23 23:10:35.0950 4884 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/23 23:10:35.0981 4884 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/23 23:10:36.0028 4884 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/23 23:10:36.0059 4884 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/23 23:10:36.0106 4884 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/08/23 23:10:36.0137 4884 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
2011/08/23 23:10:36.0184 4884 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/23 23:10:36.0262 4884 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/23 23:10:36.0324 4884 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/23 23:10:36.0371 4884 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/23 23:10:36.0402 4884 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/23 23:10:36.0418 4884 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/23 23:10:36.0449 4884 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/23 23:10:36.0480 4884 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/08/23 23:10:36.0511 4884 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/23 23:10:36.0543 4884 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/23 23:10:36.0589 4884 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/08/23 23:10:36.0621 4884 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/23 23:10:36.0667 4884 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/23 23:10:36.0699 4884 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/23 23:10:36.0714 4884 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/23 23:10:36.0761 4884 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/23 23:10:36.0792 4884 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/23 23:10:36.0855 4884 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/23 23:10:36.0886 4884 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/23 23:10:36.0948 4884 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/23 23:10:37.0011 4884 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/23 23:10:37.0042 4884 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/08/23 23:10:37.0073 4884 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/23 23:10:37.0135 4884 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/23 23:10:37.0151 4884 Boot (0x1200) (b7caec7c8bc77644351f08c502c2cb2a) \Device\Harddisk0\DR0\Partition0
2011/08/23 23:10:37.0167 4884 Boot (0x1200) (6eeeab7df56d1c71ee6100f538862ef9) \Device\Harddisk0\DR0\Partition1
2011/08/23 23:10:37.0182 4884 ================================================================================
2011/08/23 23:10:37.0182 4884 Scan finished
2011/08/23 23:10:37.0182 4884 ================================================================================
2011/08/23 23:10:37.0182 3680 Detected object count: 0
2011/08/23 23:10:37.0182 3680 Actual detected object count: 0
2011/08/23 23:10:41.0223 4692 Deinitialize success
2011/08/23 23:11:03.0960 5104 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/23 23:11:04.0288 5104 ================================================================================
  • 0

#9
SweetTech
Posted 30 August 2011 - 09:12 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

It looks like when you ran TDSSKiller it found an infection known as TDL4.

You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Do you recognize these entries?

[2011/08/09 09:01:30 | 000,003,535 | RHS- | M] () -- C:\Windows\SysNative\{master}(1)avg.enu
[2011/08/09 09:01:30 | 000,001,786 | RHS- | M] () -- C:\Windows\SysNative\masterlock.enu
[2011/08/09 09:01:26 | 000,069,762 | -H-- | M] () -- C:\Windows\SysWow64\masteraclini.enu
[2011/08/09 09:01:26 | 000,004,697 | RHS- | M] () -- C:\Windows\SysNative\{master}(0)nrt.enu
[2011/08/09 09:01:26 | 000,003,618 | RHS- | M] () -- C:\Windows\SysNative\{master}(99)misc.enu
[2011/08/09 09:01:26 | 000,003,445 | RHS- | M] () -- C:\Windows\SysNative\{master}(9)com.enu
[2011/08/09 09:01:26 | 000,003,439 | RHS- | M] () -- C:\Windows\SysNative\{master}(2)cas.enu
[2011/08/09 09:01:26 | 000,003,427 | RHS- | M] () -- C:\Windows\SysNative\{master}(8)pro.enu
[2011/08/09 09:01:26 | 000,003,391 | RHS- | M] () -- C:\Windows\SysNative\{master}(3)pan.enu
[2011/08/09 09:01:26 | 000,003,354 | RHS- | M] () -- C:\Windows\SysNative\{master}(zz)Template.enu
[2011/08/09 09:01:26 | 000,003,347 | RHS- | M] () -- C:\Windows\SysNative\{master}(1a)avgi.enu
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\suspendoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\spynetkeepon
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\restorerunoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\rebootoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\overridenomonitor
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\nukeoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\firewalloff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SuspendOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SpyNetKeepOn
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\RestoreRunOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\RebootOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\OverrideNoMonitor
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\NukeOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\FireWallOff
[2011/08/09 09:01:26 | 000,000,116 | R--- | C] () -- C:\Windows\SysNative\masteraclbini.enu
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\suspendoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\spynetkeepon
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\restorerunoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\rebootoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\overridenomonitor
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\nukeoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\firewalloff
[2011/08/09 09:01:26 | 000,000,038 | RHS- | C] () -- C:\Windows\SysNative\masteracl.enu
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SuspendOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SpyNetKeepOn
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\RestoreRunOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\RebootOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\OverrideNoMonitor
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\NukeOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\FireWallOff
[2011/08/09 05:05:47 | 000,069,762 | -H-- | C] () -- C:\Windows\SysWow64\masteraclini.enu



NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

  • 0

#10
nadtribble
Posted 30 August 2011 - 06:19 PM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
I had avg installed when I first got the computer but switched to MSE afterwards otherwise I don't recognize any of them. This computer is a rent to own (leased one). will do the combo-fix later.
  • 0

Advertisements

#11
nadtribble
Posted 30 August 2011 - 07:35 PM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
And to be Brutally honest, I have cracked a few games. probably where I picked it up in the first place. But have learned my lesson and won't download any cracks any more. I know you guys don't like cracks. But have promised my wife I won't do it anymore. So still would like your help to remove it will paste the log later.
  • 0

#12
nadtribble
Posted 30 August 2011 - 07:56 PM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
ComboFix 11-08-30.02 - easyhome 30/08/2011 19:44:28.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3839.2423 [GMT -6:00]
Running from: c:\users\easyhome\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\system32\settings.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-31 )))))))))))))))))))))))))))))))
.
.
2011-08-31 01:50 . 2011-08-31 01:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-31 01:50 . 2011-08-31 01:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-31 01:50 . 2011-08-31 01:50 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-08-31 01:50 . 2011-08-31 01:50 -------- d-----w- c:\users\Administrator.000\AppData\Local\temp
2011-08-30 19:34 . 2011-08-30 19:34 -------- d-----w- c:\users\easyhome\AppData\Roaming\WildTangent
2011-08-30 02:25 . 2011-08-30 02:25 -------- d-----w- C:\_OTL
2011-08-29 18:31 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C02A6691-6CA6-4B58-8FBD-C059D7CCA326}\mpengine.dll
2011-08-26 22:32 . 2011-08-26 22:32 -------- d-----w- c:\windows\system32\Macromed
2011-08-26 02:36 . 2011-08-26 02:36 -------- d-----w- c:\users\easyhome\AppData\Roaming\SUPERAntiSpyware.com
2011-08-26 02:35 . 2011-08-26 02:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-26 02:35 . 2011-08-26 02:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-25 05:01 . 2011-08-26 22:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-25 05:00 . 2011-08-25 05:00 -------- d-----w- c:\program files\Google
2011-08-25 04:20 . 2011-08-25 04:20 -------- d-----w- c:\windows\system32\SPReview
2011-08-25 04:19 . 2011-08-25 04:19 -------- d-----w- c:\windows\system32\EventProviders
2011-08-24 05:06 . 2011-08-24 05:06 -------- d-----w- C:\TDSSKiller_Quarantine
2011-08-24 05:05 . 2011-08-24 05:05 110896 ----a-w- c:\windows\system32\drivers\90402989.sys
2011-08-24 04:14 . 2011-08-24 04:14 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\56440ea41cc621403\MeshBetaRemover.exe
2011-08-24 02:48 . 2011-08-24 02:48 -------- d-----w- c:\program files (x86)\Acer
2011-08-24 01:50 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 01:50 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-24 01:48 . 2011-02-05 17:06 605552 ----a-w- c:\windows\system32\winload.exe
2011-08-24 01:48 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2011-08-24 01:48 . 2011-02-05 17:10 19328 ----a-w- c:\windows\system32\kd1394.dll
2011-08-24 01:48 . 2011-02-05 17:06 566208 ----a-w- c:\windows\system32\winresume.efi
2011-08-24 01:48 . 2011-02-05 17:06 518672 ----a-w- c:\windows\system32\winresume.exe
2011-08-24 01:48 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll
2011-08-24 01:48 . 2011-02-05 17:10 17792 ----a-w- c:\windows\system32\kdcom.dll
2011-08-24 01:48 . 2010-11-20 13:27 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2011-08-23 01:23 . 2011-08-23 01:23 -------- d-----w- c:\users\easyhome\AppData\Roaming\CleanMyPC Software
2011-08-23 01:22 . 2011-08-23 01:22 -------- d-----w- c:\program files (x86)\CleanMyPC
2011-08-23 01:21 . 2011-08-23 01:33 -------- d-----w- C:\registrycleaner
2011-08-23 00:09 . 2011-08-23 00:09 -------- d-----w- c:\users\easyhome\AppData\Roaming\GetRightToGo
2011-08-21 15:17 . 2011-08-21 17:27 -------- d-----w- c:\users\UpdatusUser
2011-08-21 15:16 . 2011-08-21 15:16 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-08-19 01:53 . 2011-08-19 01:53 -------- d-----w- c:\program files (x86)\Driver-Soft
2011-08-19 01:51 . 2011-08-19 01:51 -------- d-----w- C:\drivergenius
2011-08-19 00:39 . 2011-08-29 04:09 -------- d-----w- C:\processexp
2011-08-18 20:30 . 2010-11-20 13:26 828416 ----a-w- c:\windows\system32\MPSSVC.dll
2011-08-18 20:29 . 2010-11-20 13:27 1363968 ----a-w- c:\windows\system32\wdc.dll
2011-08-18 20:28 . 2010-11-20 13:44 133632 ----a-w- c:\windows\system32\NAPHLPR.DLL
2011-08-18 20:27 . 2010-11-20 13:14 7680 ----a-w- c:\windows\system32\spwizres.dll
2011-08-18 20:24 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2011-08-18 20:24 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-08-18 20:24 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2011-08-18 19:52 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-08-18 19:52 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-08-18 19:52 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-08-18 19:52 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-08-18 19:52 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-08-18 19:26 . 2011-08-18 19:26 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-08-18 19:26 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-18 19:23 . 2011-08-18 19:23 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-08-17 04:01 . 2011-08-17 04:01 -------- d-----w- c:\programdata\Kaspersky Lab
2011-08-17 03:53 . 2009-06-30 16:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys
2011-08-17 03:53 . 2011-08-17 03:53 -------- d-----w- c:\program files (x86)\Panda Security
2011-08-16 02:17 . 2011-08-24 03:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-16 02:17 . 2011-08-16 02:19 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-08-15 04:54 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-08-15 04:54 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-08-15 04:54 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-08-15 04:54 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-08-15 04:54 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-08-12 03:17 . 2011-08-12 03:17 -------- d-----w- c:\program files (x86)\Trend Micro
2011-08-11 13:42 . 2011-08-10 03:31 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-11 13:42 . 2011-08-10 03:31 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46C2C686-46C7-4DDD-B8CF-69E7C20B9A90}\gapaengine.dll
2011-08-11 03:42 . 2011-08-24 03:01 -------- d-----w- c:\program files (x86)\PopCap Games
2011-08-11 03:41 . 2011-08-11 03:41 -------- d-----w- C:\bjblitxcrack
2011-08-11 03:38 . 2011-05-04 10:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-11 03:18 . 2011-08-11 03:18 -------- d-----w- c:\program files (x86)\The KMPlayer
2011-08-11 01:44 . 2006-06-19 19:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll
2011-08-11 01:44 . 2006-05-25 21:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll
2011-08-11 01:44 . 2005-08-26 07:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll
2011-08-11 01:44 . 2003-02-03 02:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2011-08-11 01:44 . 2002-03-06 07:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2011-08-11 01:44 . 2011-08-11 01:45 -------- d-----w- c:\program files (x86)\Trojan Remover
2011-08-11 01:44 . 2011-08-11 01:44 -------- d-----w- c:\users\easyhome\AppData\Roaming\Simply Super Software
2011-08-11 01:44 . 2011-08-11 01:44 -------- d-----w- c:\programdata\Simply Super Software
2011-08-11 01:42 . 2011-08-11 01:44 -------- d-----w- C:\trojanremover
2011-08-11 01:41 . 2011-08-11 01:41 -------- d-----w- c:\programdata\ConeXware
2011-08-11 01:40 . 2011-08-11 01:40 -------- d-----w- c:\program files (x86)\PatchBeam
2011-08-11 01:40 . 2011-08-11 01:41 -------- d-----w- c:\program files (x86)\PowerArchiver
2011-08-10 13:16 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 13:16 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-10 13:16 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-10 13:16 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-08-10 06:42 . 2011-08-10 06:42 -------- d-----w- c:\windows\Sun
2011-08-10 04:27 . 2011-08-11 03:10 -------- d-----w- c:\users\easyhome\AppData\Local\Conduit
2011-08-10 04:27 . 2011-08-10 04:27 -------- d-----w- c:\program files (x86)\uTorrent
2011-08-10 04:27 . 2011-08-10 04:27 -------- d-----w- c:\users\easyhome\AppData\Local\uTorrent
2011-08-10 04:13 . 2011-08-25 05:00 -------- d-----w- c:\program files (x86)\Google
2011-08-10 03:31 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-10 02:33 . 2011-08-23 00:13 -------- d-----w- c:\programdata\PopCap Games
2011-08-10 02:33 . 2011-08-11 03:20 -------- d-----w- c:\program files (x86)\Bejeweled Blitz
2011-08-10 00:39 . 2011-07-07 01:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-10 00:39 . 2011-08-10 00:39 -------- d-----w- c:\programdata\Malwarebytes
2011-08-10 00:39 . 2011-08-10 00:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-10 00:39 . 2011-07-07 01:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-09 17:28 . 2011-08-09 17:28 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-08-09 14:19 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll
2011-08-09 14:19 . 2010-12-17 07:07 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-08-09 14:17 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-08-09 14:17 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-08-09 14:15 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-08-09 12:53 . 2011-08-18 19:39 -------- d-----w- c:\windows\SysWow64\Wat
2011-08-09 12:53 . 2011-08-18 19:39 -------- d-----w- c:\windows\system32\Wat
2011-08-09 11:05 . 2011-08-09 11:05 -------- d-----w- C:\book
2011-08-09 10:01 . 2011-08-10 00:51 -------- d-----w- c:\users\easyhome\AppData\Roaming\Diik
2011-08-09 10:01 . 2011-08-09 14:05 -------- d-----w- c:\users\easyhome\AppData\Roaming\Vaco
2011-08-09 09:56 . 2011-08-18 19:39 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-09 09:43 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-08-09 09:39 . 2011-08-09 09:39 8007680 ----a-w- c:\windows\SysWow64\Microsoft.mshtml.dll
2011-08-09 09:39 . 2011-08-09 09:39 126976 ----a-w- c:\windows\SysWow64\Interop.SHDocVw.dll
2011-08-09 09:18 . 2009-07-14 05:20 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll
2011-08-02 18:56 . 2011-08-09 09:51 -------- d-----w- c:\users\easyhome\AppData\Local\assembly
2011-08-02 18:56 . 2011-08-02 18:56 -------- d-----w- c:\users\easyhome\AppData\Local\IsolatedStorage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-25 04:35 . 2009-07-14 06:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-25 04:35 . 2009-07-14 06:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-12 03:17 . 2011-03-04 02:30 388096 ----a-r- c:\users\easyhome\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-09 14:59 . 2011-02-08 16:03 199944 ----a-w- c:\windows\system32\CNGKeyLock.exe.vir
2011-08-09 09:39 . 2010-06-24 20:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-16 04:26 . 2011-08-10 13:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-02-08 16:11 14039304 --sha-r- c:\windows\System32\BackupSys.exe
2011-02-08 16:11 405504 --sha-r- c:\windows\System32\vshadow.exe
2011-02-08 16:11 364032 --sha-r- c:\windows\System32\vshadowamd64.exe
2011-02-08 16:11 352256 --sha-r- c:\windows\System32\vshadowXP.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="c:\users\easyhome\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2010-09-21 309104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2010-11-10 613992]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PRO\THXAudioCP\THXAudio.exe" [2009-07-07 1346048]
"UpdReg"="c:\windows\UpdReg.EXE" [2009-07-07 90112]
"TouchPortalV3Launcher"="c:\program files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe" [2009-07-07 438376]
"MDS_Menu"="c:\program files (x86)\Gateway\Gateway TouchPortal\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"TouchMovieService"="c:\program files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe" [2010-09-28 124136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CNGKeyLock;CNG Key Isolation Service; [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10 136176]
R2 MicrosoftHardwareDriver;MicrosoftHardwareDriver; [x]
R2 SysCacheDriver;SysCacheDriver; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S2 systemCheck;SystemWindows;c:\windows\system32\servicescache.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-09-09 243232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 17396428
*Deregistered* - 17396428
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10 04:13]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10 04:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchORB"="c:\program files (x86)\TouchSettings\TouchPortalOBR.exe" [2010-09-09 155752]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-07 11474024]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"TouchPortalV3Launcher"="c:\program files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe" [2009-07-07 438376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.shaw.ca/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://gateway.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 172.16.1.254
FF - ProfilePath - c:\users\easyhome\AppData\Roaming\Mozilla\Firefox\Profiles\jb57vp1e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.shaw.ca/start/enCA/
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-93835962.sys
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\systemCheck]
"ImagePath"="system32\servicescache.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EAEE5C74-6D0D-4ACA-9232-0DA4A7B866BA}"=hex:51,66,7a,6c,4c,1d,38,12,1a,5f,fd,
ee,3f,23,a4,0f,ed,24,4e,e4,a2,e6,22,ae
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:28,13,f3,2d,d4,5b,cc,01
.
[HKEY_USERS\S-1-5-21-2873827063-2861724936-3205004613-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2873827063-2861724936-3205004613-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-30 19:53:45
ComboFix-quarantined-files.txt 2011-08-31 01:53
ComboFix2.txt 2011-08-15 04:58
.
Pre-Run: 807,896,752,128 bytes free
Post-Run: 807,801,298,944 bytes free
.
- - End Of File - - 1C30546652630AA9D1E10992D38988E1
  • 0

#13
SweetTech
Posted 31 August 2011 - 03:03 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

And to be Brutally honest, I have cracked a few games. probably where I picked it up in the first place. But have learned my lesson and won't download any cracks any more. I know you guys don't like cracks. But have promised my wife I won't do it anymore. So still would like your help to remove it will paste the log later.

I appreciate the honesty, that goes a long way with me!

You more than likely were infected from an infected file that you downloaded.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Suspect::[102]
C:\Windows\system32\servicescache.exe
C:\Windows\SysNative\{master}(1)avg.enu
C:\Windows\SysNative\masterlock.enu
C:\Windows\SysWow64\masteraclini.enu
C:\Windows\SysNative\{master}(0)nrt.enu
C:\Windows\SysNative\{master}(99)misc.enu
C:\Windows\SysNative\{master}(9)com.enu
C:\Windows\SysNative\{master}(2)cas.enu
C:\Windows\SysNative\{master}(8)pro.enu
C:\Windows\SysNative\{master}(3)pan.enu
C:\Windows\SysNative\{master}(zz)Template.enu
C:\Windows\SysNative\{master}(1a)avgi.enu
C:\Windows\suspendoff
C:\Windows\spynetkeepon
C:\Windows\restorerunoff
C:\Windows\rebootoff
C:\Windows\overridenomonitor
C:\Windows\nukeoff
C:\Windows\firewalloff
C:\Windows\SysNative\SuspendOff
C:\Windows\SysNative\SpyNetKeepOn
C:\Windows\SysNative\RestoreRunOff
C:\Windows\SysNative\RebootOff
C:\Windows\SysNative\OverrideNoMonitor
C:\Windows\SysNative\NukeOff
C:\Windows\SysNative\FireWallOff
C:\Windows\SysNative\masteraclbini.enu
C:\Windows\suspendoff
C:\Windows\spynetkeepon
C:\Windows\restorerunoff
C:\Windows\rebootoff
C:\Windows\overridenomonitor
C:\Windows\nukeoff
C:\Windows\firewalloff
C:\Windows\SysNative\masteracl.enu
C:\Windows\SysNative\SuspendOff
C:\Windows\SysNative\SpyNetKeepOn
C:\Windows\SysNative\RestoreRunOff
C:\Windows\SysNative\RebootOff
C:\Windows\SysNative\OverrideNoMonitor
C:\Windows\SysNative\NukeOff
C:\Windows\SysNative\FireWallOff
C:\Windows\SysWow64\masteraclini.enu


DirLook::
C:\book
c:\users\easyhome\AppData\Roaming\Diik
c:\users\easyhome\AppData\Roaming\Vaco

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

  • 0

#14
nadtribble
Posted 31 August 2011 - 10:15 PM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Here's the new log


ComboFix 11-08-31.05 - easyhome 31/08/2011 20:33:50.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3839.2181 [GMT -6:00]
Running from: c:\users\easyhome\Desktop\ComboFix.exe
Command switches used :: c:\users\easyhome\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\easyhome\Desktop\Internet Explorer.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-08-01 to 2011-09-01 )))))))))))))))))))))))))))))))
.
.
2011-09-01 02:38 . 2011-09-01 02:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-09-01 02:38 . 2011-09-01 02:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-01 02:38 . 2011-09-01 02:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-09-01 02:38 . 2011-09-01 02:38 -------- d-----w- c:\users\Administrator.000\AppData\Local\temp
2011-09-01 02:37 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25A46C2A-49EE-4752-AAED-CB723466D3AA}\mpengine.dll
2011-08-30 19:34 . 2011-08-30 19:34 -------- d-----w- c:\users\easyhome\AppData\Roaming\WildTangent
2011-08-30 02:25 . 2011-08-30 02:25 -------- d-----w- C:\_OTL
2011-08-26 22:32 . 2011-08-26 22:32 -------- d-----w- c:\windows\system32\Macromed
2011-08-26 02:36 . 2011-08-26 02:36 -------- d-----w- c:\users\easyhome\AppData\Roaming\SUPERAntiSpyware.com
2011-08-26 02:35 . 2011-08-26 02:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-26 02:35 . 2011-08-26 02:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-25 05:01 . 2011-08-26 22:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-25 05:00 . 2011-08-25 05:00 -------- d-----w- c:\program files\Google
2011-08-25 04:20 . 2011-08-25 04:20 -------- d-----w- c:\windows\system32\SPReview
2011-08-25 04:19 . 2011-08-25 04:19 -------- d-----w- c:\windows\system32\EventProviders
2011-08-24 05:06 . 2011-08-24 05:06 -------- d-----w- C:\TDSSKiller_Quarantine
2011-08-24 05:05 . 2011-08-24 05:05 110896 ----a-w- c:\windows\system32\drivers\90402989.sys
2011-08-24 04:14 . 2011-08-24 04:14 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\56440ea41cc621403\MeshBetaRemover.exe
2011-08-24 02:48 . 2011-08-24 02:48 -------- d-----w- c:\program files (x86)\Acer
2011-08-24 01:50 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 01:50 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-24 01:48 . 2011-02-05 17:06 605552 ----a-w- c:\windows\system32\winload.exe
2011-08-24 01:48 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2011-08-24 01:48 . 2011-02-05 17:10 19328 ----a-w- c:\windows\system32\kd1394.dll
2011-08-24 01:48 . 2011-02-05 17:06 566208 ----a-w- c:\windows\system32\winresume.efi
2011-08-24 01:48 . 2011-02-05 17:06 518672 ----a-w- c:\windows\system32\winresume.exe
2011-08-24 01:48 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll
2011-08-24 01:48 . 2011-02-05 17:10 17792 ----a-w- c:\windows\system32\kdcom.dll
2011-08-24 01:48 . 2010-11-20 13:27 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2011-08-23 01:23 . 2011-08-23 01:23 -------- d-----w- c:\users\easyhome\AppData\Roaming\CleanMyPC Software
2011-08-23 01:22 . 2011-08-23 01:22 -------- d-----w- c:\program files (x86)\CleanMyPC
2011-08-23 01:21 . 2011-08-23 01:33 -------- d-----w- C:\registrycleaner
2011-08-23 00:09 . 2011-08-23 00:09 -------- d-----w- c:\users\easyhome\AppData\Roaming\GetRightToGo
2011-08-21 15:17 . 2011-08-21 17:27 -------- d-----w- c:\users\UpdatusUser
2011-08-21 15:16 . 2011-08-21 15:16 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-08-19 01:53 . 2011-08-19 01:53 -------- d-----w- c:\program files (x86)\Driver-Soft
2011-08-19 01:51 . 2011-08-19 01:51 -------- d-----w- C:\drivergenius
2011-08-19 00:39 . 2011-08-31 02:11 -------- d-----w- C:\processexp
2011-08-18 20:30 . 2010-11-20 13:26 828416 ----a-w- c:\windows\system32\MPSSVC.dll
2011-08-18 20:29 . 2010-11-20 13:27 1363968 ----a-w- c:\windows\system32\wdc.dll
2011-08-18 20:28 . 2010-11-20 13:44 133632 ----a-w- c:\windows\system32\NAPHLPR.DLL
2011-08-18 20:27 . 2010-11-20 13:14 7680 ----a-w- c:\windows\system32\spwizres.dll
2011-08-18 20:24 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2011-08-18 20:24 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-08-18 20:24 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2011-08-18 19:52 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-08-18 19:52 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-08-18 19:52 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-08-18 19:52 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-08-18 19:52 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-08-18 19:26 . 2011-08-18 19:26 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-08-18 19:26 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-18 19:23 . 2011-08-18 19:23 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-08-17 04:01 . 2011-08-17 04:01 -------- d-----w- c:\programdata\Kaspersky Lab
2011-08-17 03:53 . 2009-06-30 16:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys
2011-08-17 03:53 . 2011-08-17 03:53 -------- d-----w- c:\program files (x86)\Panda Security
2011-08-16 02:17 . 2011-08-24 03:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-16 02:17 . 2011-08-16 02:19 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-08-15 04:54 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-08-15 04:54 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-08-15 04:54 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-08-15 04:54 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-08-15 04:54 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-08-12 03:17 . 2011-08-12 03:17 -------- d-----w- c:\program files (x86)\Trend Micro
2011-08-11 13:42 . 2011-08-10 03:31 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-11 13:42 . 2011-08-10 03:31 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46C2C686-46C7-4DDD-B8CF-69E7C20B9A90}\gapaengine.dll
2011-08-11 03:42 . 2011-08-24 03:01 -------- d-----w- c:\program files (x86)\PopCap Games
2011-08-11 03:41 . 2011-08-11 03:41 -------- d-----w- C:\bjblitxcrack
2011-08-11 03:38 . 2011-05-04 10:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-11 03:18 . 2011-08-11 03:18 -------- d-----w- c:\program files (x86)\The KMPlayer
2011-08-11 01:44 . 2006-06-19 19:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll
2011-08-11 01:44 . 2006-05-25 21:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll
2011-08-11 01:44 . 2005-08-26 07:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll
2011-08-11 01:44 . 2003-02-03 02:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2011-08-11 01:44 . 2002-03-06 07:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2011-08-11 01:44 . 2011-08-11 01:45 -------- d-----w- c:\program files (x86)\Trojan Remover
2011-08-11 01:44 . 2011-08-11 01:44 -------- d-----w- c:\users\easyhome\AppData\Roaming\Simply Super Software
2011-08-11 01:44 . 2011-08-11 01:44 -------- d-----w- c:\programdata\Simply Super Software
2011-08-11 01:42 . 2011-08-11 01:44 -------- d-----w- C:\trojanremover
2011-08-11 01:41 . 2011-08-11 01:41 -------- d-----w- c:\programdata\ConeXware
2011-08-11 01:40 . 2011-08-11 01:40 -------- d-----w- c:\program files (x86)\PatchBeam
2011-08-11 01:40 . 2011-08-11 01:41 -------- d-----w- c:\program files (x86)\PowerArchiver
2011-08-10 13:16 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 13:16 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-10 13:16 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-10 13:16 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-08-10 06:42 . 2011-08-10 06:42 -------- d-----w- c:\windows\Sun
2011-08-10 04:27 . 2011-08-11 03:10 -------- d-----w- c:\users\easyhome\AppData\Local\Conduit
2011-08-10 04:27 . 2011-08-10 04:27 -------- d-----w- c:\program files (x86)\uTorrent
2011-08-10 04:27 . 2011-08-10 04:27 -------- d-----w- c:\users\easyhome\AppData\Local\uTorrent
2011-08-10 04:13 . 2011-08-31 02:12 -------- d-----w- c:\program files (x86)\Google
2011-08-10 03:31 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-10 02:33 . 2011-08-23 00:13 -------- d-----w- c:\programdata\PopCap Games
2011-08-10 02:33 . 2011-08-11 03:20 -------- d-----w- c:\program files (x86)\Bejeweled Blitz
2011-08-10 00:39 . 2011-07-07 01:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-10 00:39 . 2011-08-10 00:39 -------- d-----w- c:\programdata\Malwarebytes
2011-08-10 00:39 . 2011-08-10 00:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-10 00:39 . 2011-07-07 01:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-09 17:28 . 2011-08-09 17:28 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-08-09 14:19 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll
2011-08-09 14:19 . 2010-12-17 07:07 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-08-09 14:17 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-08-09 14:17 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-08-09 14:15 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-08-09 12:53 . 2011-08-18 19:39 -------- d-----w- c:\windows\SysWow64\Wat
2011-08-09 12:53 . 2011-08-18 19:39 -------- d-----w- c:\windows\system32\Wat
2011-08-09 11:05 . 2011-08-09 11:05 -------- d-----w- C:\book
2011-08-09 10:01 . 2011-08-10 00:51 -------- d-----w- c:\users\easyhome\AppData\Roaming\Diik
2011-08-09 10:01 . 2011-08-09 14:05 -------- d-----w- c:\users\easyhome\AppData\Roaming\Vaco
2011-08-09 09:56 . 2011-08-18 19:39 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-09 09:43 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-08-09 09:39 . 2011-08-09 09:39 8007680 ----a-w- c:\windows\SysWow64\Microsoft.mshtml.dll
2011-08-09 09:39 . 2011-08-09 09:39 126976 ----a-w- c:\windows\SysWow64\Interop.SHDocVw.dll
2011-08-09 09:18 . 2009-07-14 05:20 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll
2011-08-02 18:56 . 2011-08-09 09:51 -------- d-----w- c:\users\easyhome\AppData\Local\assembly
2011-08-02 18:56 . 2011-08-02 18:56 -------- d-----w- c:\users\easyhome\AppData\Local\IsolatedStorage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-25 04:35 . 2009-07-14 06:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-25 04:35 . 2009-07-14 06:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-12 03:17 . 2011-03-04 02:30 388096 ----a-r- c:\users\easyhome\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-09 14:59 . 2011-02-08 16:03 199944 ----a-w- c:\windows\system32\CNGKeyLock.exe.vir
2011-08-09 09:39 . 2010-06-24 20:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-16 04:26 . 2011-08-10 13:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-02-08 16:11 14039304 --sha-r- c:\windows\System32\BackupSys.exe
2011-02-08 16:11 405504 --sha-r- c:\windows\System32\vshadow.exe
2011-02-08 16:11 364032 --sha-r- c:\windows\System32\vshadowamd64.exe
2011-02-08 16:11 352256 --sha-r- c:\windows\System32\vshadowXP.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\book ----
.
2011-02-04 16:14 . 2011-02-04 16:14 5854130 ----a-w- c:\book\Quick_Guide.pdf
.
---- Directory of c:\users\easyhome\AppData\Roaming\Diik ----
.
.
---- Directory of c:\users\easyhome\AppData\Roaming\Vaco ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-31_01.51.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-08-09 09:26 . 2011-08-31 01:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-09 09:26 . 2011-09-01 01:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-09 09:26 . 2011-08-31 01:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-09 09:26 . 2011-09-01 01:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-09 09:26 . 2011-09-01 01:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-09 09:26 . 2011-08-31 01:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="c:\users\easyhome\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2010-09-21 309104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2010-11-10 613992]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PRO\THXAudioCP\THXAudio.exe" [2009-07-07 1346048]
"UpdReg"="c:\windows\UpdReg.EXE" [2009-07-07 90112]
"TouchPortalV3Launcher"="c:\program files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe" [2009-07-07 438376]
"MDS_Menu"="c:\program files (x86)\Gateway\Gateway TouchPortal\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"TouchMovieService"="c:\program files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe" [2010-09-28 124136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CNGKeyLock;CNG Key Isolation Service; [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10 136176]
R2 MicrosoftHardwareDriver;MicrosoftHardwareDriver; [x]
R2 SysCacheDriver;SysCacheDriver; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S2 systemCheck;SystemWindows;c:\windows\system32\servicescache.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-09-09 243232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 17396428
*Deregistered* - 17396428
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10 04:13]
.
2011-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10 04:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchORB"="c:\program files (x86)\TouchSettings\TouchPortalOBR.exe" [2010-09-09 155752]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-07 11474024]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"TouchPortalV3Launcher"="c:\program files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe" [2009-07-07 438376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.shaw.ca/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://gateway.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 172.16.1.254
FF - ProfilePath - c:\users\easyhome\AppData\Roaming\Mozilla\Firefox\Profiles\jb57vp1e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.shaw.ca/start/enCA/
FF - user.js: general.useragent.extra.brc -
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\systemCheck]
"ImagePath"="system32\servicescache.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EAEE5C74-6D0D-4ACA-9232-0DA4A7B866BA}"=hex:51,66,7a,6c,4c,1d,38,12,1a,5f,fd,
ee,3f,23,a4,0f,ed,24,4e,e4,a2,e6,22,ae
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:28,13,f3,2d,d4,5b,cc,01
.
[HKEY_USERS\S-1-5-21-2873827063-2861724936-3205004613-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2873827063-2861724936-3205004613-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-31 20:41:25
ComboFix-quarantined-files.txt 2011-09-01 02:41
ComboFix2.txt 2011-08-31 01:53
ComboFix3.txt 2011-08-15 04:58
.
Pre-Run: 807,741,362,176 bytes free
Post-Run: 807,950,917,632 bytes free
.
- - End Of File - - 7FAD53CC2EB5B7D8474FF78BC898ECC3
Upload was successful
  • 0

#15
SweetTech
Posted 01 September 2011 - 04:33 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Do you recognize these two folders?

c:\users\easyhome\AppData\Roaming\Vaco
c:\users\easyhome\AppData\Roaming\Diik


Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP