Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Are WiFi Network Names Protected by the First Amendment?

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Photo

possible rootkit infection

Started by saminjapan , Jan 11 2011 06:31 PM

  • This topic is locked This topic is locked
15 replies to this topic

#1 saminjapan

saminjapan

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:07:27 AM

Posted 11 January 2011 - 06:31 PM

Computer is stalling at every command. Opera web-pages display odd HTML instead of clean web sites. My preferences to show hidden files and folders reverted back to defaults. I am running Windows 7 64 bit, and I do have access to a Windows Installation DVD if need be. Please advise.


HiJack This log also included . Thanks in advance.

DDS (Ver_10-12-12.02) - FAT32_AMD64
Run by Monster at 7:54:26.46 on Wed 01/12/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.3637 [GMT 9:00]

AV: Trend Micro Titanium *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\conhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x64\RaMaint.exe
C:\Program Files\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\ASUS.SYS\CONFIG\DVMExportService.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files (x86)\No-IP\DUC30.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Everest\everest.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDockTray.exe
C:\Program Files\UltraMon\UltraMonUiAcc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Monster\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://espn.com/
uInternet Settings,ProxyOverride = *.local
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [KeePass Password Safe 2] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Monster\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NO-IPD~1.LNK - C:\Program Files (x86)\No-IP\DUC30.exe
StartupFolder: C:\Users\Monster\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
StartupFolder: C:\Users\Monster\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOO!~1.LNK - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: {C35DBCF7-195E-4D66-BAE4-ABF051B9E9BE} = 192.168.11.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll
BHO-X64: TmBpIeBHO - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [LogMeIn GUI] "C:\Program Files\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
mRun-x64: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
mRun-x64: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
IE-X64: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
STS-X64: ObjectDockShlExt Class: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\chriawlm.NEW_AUg28,2010\
FF - prefs.js: browser.search.selectedEngine - Demonoid
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - component: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\components\TmFFExt.dll
FF - component: C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\chriawlm.NEW_AUg28,2010\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\chriawlm.NEW_AUg28,2010\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Users\Monster\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\chriawlm.NEW_AUg28,2010\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\npSlingPlayer.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Foxdie: Foxdie@tanjihay.com - %profile%\extensions\Foxdie@tanjihay.com
FF - Ext: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - %profile%\extensions\foxdie_ext_ocelot@foxdie.us
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension

============= SERVICES / DRIVERS ===============

R0 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2010-10-8 14592]
R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2009-5-12 178728]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-18 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-18 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-30 128752]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-5 203776]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2010-11-24 267480]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-6-30 90112]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files\LogMeIn\x64\LMIGuardianSvc.exe [2010-11-11 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x64\rainfo.sys [2010-11-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-11-11 72216]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-25 363344]
R2 MDES;DVM Meta Data Export Service;C:\ASUS.SYS\CONFIG\DVMExportService.exe [2009-3-24 319488]
R2 SlingAgentService;SlingAgentService;C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2009-9-25 93960]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2010-11-24 67664]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-27 8012288]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-27 287232]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-9-24 116752]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files (x86)\Everest\kerneld.amd64 [2010-11-10 26752]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-11-10 341856]
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-11-10 4162784]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-7-4 24152]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2010-9-22 63696]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-9-23 394528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Overclocking\RealTemp_340\WinRing0x64.sys [2010-6-30 14544]
S4 uvnc_service;uvnc_service;C:\Program Files\UltraVNC\winvnc.exe [2010-11-12 1772472]

=============== Created Last 30 ================

2011-01-10 17:00:50 0 ----a-w- C:\SDT6150.tmp
2011-01-10 04:09:12 388096 ----a-r- C:\Users\Monster\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-10 03:19:21 -------- d-----w- C:\Users\Monster\AppData\Roaming\KeePass
2011-01-10 03:17:52 -------- d-----w- C:\Program Files (x86)\KeePass Password Safe 2
2011-01-03 17:01:30 0 ----a-w- C:\SDTFF23.tmp
2010-12-27 17:01:29 0 ----a-w- C:\SDT73E6.tmp
2010-12-16 22:20:34 -------- d-----w- C:\Program Files\iTunes
2010-12-16 22:20:34 -------- d-----w- C:\Program Files\iPod
2010-12-16 22:20:34 -------- d-----w- C:\Program Files (x86)\iTunes

==================== Find3M ====================

2011-01-11 03:38:45 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-12-20 09:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-16 06:16:09 3764 --sha-w- C:\PROGRA~3\KGyGaAvL.sys
2010-12-15 21:57:11 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2010-12-15 21:57:11 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2010-12-15 21:57:11 33152 ----a-w- C:\Windows\System32\LMIport.dll
2010-11-29 08:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 08:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-24 11:11:02 90704 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2010-11-24 11:11:02 67664 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2010-11-24 11:11:02 144464 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2010-11-24 11:11:02 105552 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2010-11-10 14:44:30 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2010-11-09 17:49:26 539232 ----a-w- C:\Windows\SysWow64\LVUI2RC.dll
2010-11-09 17:49:02 543328 ----a-w- C:\Windows\SysWow64\LVUI2.dll
2010-11-09 17:47:14 416352 ----a-w- C:\Windows\SysWow64\lvcodec2.dll
2010-11-09 17:45:54 4162784 ----a-w- C:\Windows\System32\drivers\lvuvc64.sys
2010-11-09 17:45:32 559712 ----a-w- C:\Windows\System32\LVUIRC64.dll
2010-11-09 17:45:32 102744 ----a-w- C:\Windows\SysWow64\LogiDPPApp.exe
2010-11-09 17:45:32 102744 ----a-w- C:\Windows\System32\LogiDPPApp.exe
2010-11-09 17:45:30 10871128 ----a-w- C:\Windows\SysWow64\LogiDPP.dll
2010-11-09 17:45:30 10871128 ----a-w- C:\Windows\System32\LogiDPP.dll
2010-11-09 17:45:20 316248 ----a-w- C:\Windows\SysWow64\DevManagerCore.dll
2010-11-09 17:45:20 316248 ----a-w- C:\Windows\System32\DevManagerCore.dll
2010-11-09 17:45:02 767584 ----a-w- C:\Windows\System32\LVUI64.dll
2010-11-09 17:44:24 341856 ----a-w- C:\Windows\System32\drivers\lvrs64.sys
2010-11-09 17:43:32 259680 ----a-w- C:\Windows\System32\lvco13101216.dll
2010-11-09 17:43:12 400480 ----a-w- C:\Windows\System32\lvcod64.dll
2010-11-09 17:32:14 38238 ----a-w- C:\Windows\System32\Repository.reg
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-26 19:00:16 8012288 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-10-26 18:25:38 21422592 ----a-w- C:\Windows\System32\atio6axx.dll
2010-10-26 18:08:18 16281600 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-10-26 17:55:32 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-10-26 17:55:24 547328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-10-26 17:54:24 645120 ----a-w- C:\Windows\System32\aticfx64.dll
2010-10-26 17:52:18 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-10-26 17:52:14 478208 ----a-w- C:\Windows\System32\atieclxx.exe
2010-10-26 17:51:38 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-10-26 17:50:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-10-26 17:50:16 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2010-10-26 17:50:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-10-26 17:49:58 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-10-26 17:49:54 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2010-10-26 17:49:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-10-26 17:49:46 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-10-26 17:46:58 4020736 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-10-26 17:38:04 4744704 ----a-w- C:\Windows\System32\atidxx64.dll
2010-10-26 17:35:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-10-26 17:35:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-10-26 17:35:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-10-26 17:35:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-10-26 17:35:08 6815744 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-10-26 17:33:52 5441536 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-10-26 17:28:22 4094464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-10-26 17:22:04 5218304 ----a-w- C:\Windows\System32\atiumd64.dll
2010-10-26 17:15:00 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-10-26 17:14:58 349184 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-10-26 17:14:52 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-10-26 17:14:44 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-10-26 17:14:42 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-10-26 17:14:42 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-10-26 17:14:38 31744 ----a-w- C:\Windows\System32\atig6txx.dll
2010-10-26 17:14:32 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-10-26 17:14:24 287232 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-10-26 17:13:44 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-10-26 17:13:36 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-10-26 17:13:30 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-10-26 17:13:24 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-10-26 17:12:56 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-10-26 16:57:04 3221504 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-10-26 16:50:10 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-10-26 16:37:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-10-26 16:37:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-10-26 16:37:14 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-10-26 16:37:14 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

============= FINISH: 7:55:26.96 ===============

Attached Files


Edited by saminjapan, 11 January 2011 - 06:33 PM.

BC AdBot (Login to Remove)

 

#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:The Collective
  • Local time:06:27 PM

Posted 17 January 2011 - 09:26 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL Report

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Best Regards,
oneof4.

Best Regards,
oneof4.

#3 saminjapan

saminjapan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:07:27 AM

Posted 18 January 2011 - 08:26 AM

The file Extra.txt was not given after the scan.

OTL logfile created on: 1/18/2011 12:58:47 PM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Monster\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 52.00% Memory free
12.00 Gb Paging File | 8.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.24 Gb Total Space | 47.21 Gb Free Space | 39.59% Space Free | Partition Type: NTFS
Drive D: | 139.73 Gb Total Space | 130.59 Gb Free Space | 93.46% Space Free | Partition Type: NTFS
Drive E: | 69.24 Gb Total Space | 50.09 Gb Free Space | 72.34% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 288.75 Gb Free Space | 31.00% Space Free | Partition Type: NTFS
Drive G: | 1021.00 Mb Total Space | 899.06 Mb Free Space | 88.06% Space Free | Partition Type: NTFS

Computer Name: MONSTER-PC | User Name: Monster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Monster\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)
PRC - C:\Program Files (x86)\No-IP\DUC30.exe ()
PRC - C:\Program Files (x86)\Everest\everest.exe (Lavalys, Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (Realtime Soft Ltd)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe (Sling Media Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
PRC - C:\ASUS.SYS\CONFIG\DVMExportService.exe (DeviceVM)
PRC - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Monster\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\UltraMon\RTSUltraMonHookX32.dll (Realtime Soft Ltd)
MOD - C:\Program Files\UltraMon\UltraMonResButtons.dll (Realtime Soft Ltd)
MOD - C:\Windows\SysWOW64\msi.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (LMIMaint) -- C:\Program Files\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV:64bit: - (LogMeIn) -- C:\Program Files\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV:64bit: - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (uvnc_service) -- C:\Program Files\UltraVNC\WinVNC.exe (UltraVNC)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SlingAgentService) -- C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe (Sling Media Inc.)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (MDES) -- C:\ASUS.SYS\CONFIG\DVMExportService.exe (DeviceVM)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV:64bit: - (LVUVC64) Logitech QuickCam Pro 9000(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (RAMDiskVE) -- C:\Windows\SysNative\drivers\RAMDiskVE.sys ()
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (vncmirror) -- C:\Windows\SysNative\drivers\vncmirror.sys (RealVNC Ltd.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (LMIInfo) -- C:\Program Files\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (HabuFltr) -- C:\Windows\SysNative\drivers\habu.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV - (EverestDriver) -- C:\Program Files (x86)\Everest\kerneld.amd64 ()
DRV - (UltraMonUtility) -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys (Realtime Soft Ltd)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows ® Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2370920451-2532975763-3602438379-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://espn.com/
IE - HKU\S-1-5-21-2370920451-2532975763-3602438379-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2370920451-2532975763-3602438379-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 8F 4A FC E4 17 CB 01 [binary data]
IE - HKU\S-1-5-21-2370920451-2532975763-3602438379-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2370920451-2532975763-3602438379-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "espn.com"
FF - prefs.js..extensions.enabledItems: foxdie_ext_ocelot@foxdie.us:3.6.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: speeddns@gmail.com:0.2
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.4.0.90
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: Foxdie@tanjihay.com:3.6.1
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2010/11/24 20:17:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/08 12:10:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/01/13 21:47:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2010/12/10 07:19:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/01/16 07:47:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/01/13 21:47:34 | 000,000,000 | ---D | M]

[2010/06/30 09:29:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monster\AppData\Roaming\Mozilla\Extensions
[2010/05/21 16:51:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monster\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/12/09 07:31:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\adhloy59.SLING\extensions
[2010/09/03 20:17:13 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\adhloy59.SLING\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/01/16 16:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\chriawlm.NEW_AUg28,2010\extensions
[2011/01/04 13:57:13 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\chriawlm.NEW_AUg28,2010\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/12/05 09:38:27 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\chriawlm.NEW_AUg28,2010\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2010/12/03 07:21:11 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\chriawlm.NEW_AUg28,2010\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/12/31 05:39:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\chriawlm.NEW_AUg28,2010\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/29 20:56:12 | 000,000,000 | ---D | M] ("SearchStatus") -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\chriawlm.NEW_AUg28,2010\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/08/29 20:56:13 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\chriawlm.NEW_AUg28,2010\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/31 17:46:53 | 000,000,000 | ---D | M] (Foxdie) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\chriawlm.NEW_AUg28,2010\extensions\Foxdie@tanjihay.com
[2010/08/31 17:46:53 | 000,000,000 | ---D | M] (Foxdie for Firefox) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\chriawlm.NEW_AUg28,2010\extensions\foxdie_ext_ocelot@foxdie.us
[2010/07/16 23:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\extensions
[2010/06/30 09:29:57 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2010/06/30 20:59:20 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2010/06/30 09:29:57 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/07/12 10:48:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/30 09:29:57 | 000,000,000 | ---D | M] ("SearchStatus") -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/06/30 09:29:57 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/30 09:29:57 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/06/30 09:29:57 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\extensions\DeviceDetection@logitech.com
[2010/06/30 09:29:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\extensions\elemhidehelper@adblockplus.org
[2010/06/30 09:29:57 | 000,000,000 | ---D | M] (Foxdie) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\extensions\Foxdie@tanjihay.com
[2010/06/30 09:29:57 | 000,000,000 | ---D | M] (Foxdie for Firefox) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\extensions\foxdie_ext_ocelot@foxdie.us
[2010/06/30 09:29:57 | 000,000,000 | ---D | M] (Speed DNS) -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\extensions\speeddns@gmail.com
[2010/07/09 19:52:37 | 000,001,651 | ---- | M] () -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\searchplugins\cookscom.xml
[2010/07/09 19:52:37 | 000,002,660 | ---- | M] () -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\searchplugins\demonoid.xml
[2010/07/09 19:52:37 | 000,002,231 | ---- | M] () -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\searchplugins\deviantart.xml
[2010/07/09 19:52:37 | 000,001,994 | ---- | M] () -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\searchplugins\food-network---recipes.xml
[2010/05/21 16:41:13 | 000,002,431 | ---- | M] () -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\searchplugins\googlecom-in-english.xml
[2010/06/03 18:29:50 | 000,001,504 | ---- | M] () -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\searchplugins\imdb.xml
[2010/06/03 18:31:05 | 000,002,687 | ---- | M] () -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\searchplugins\opensubtitles.xml
[2010/07/09 19:52:37 | 000,002,307 | ---- | M] () -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\searchplugins\rotten-tomatoes.xml
[2010/06/03 18:30:55 | 000,003,514 | ---- | M] () -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\searchplugins\subscene.xml
[2010/06/03 18:30:22 | 000,001,679 | ---- | M] () -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\searchplugins\thepiratebayorg.xml
[2010/05/21 16:57:40 | 000,000,705 | ---- | M] () -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\searchplugins\webster.xml
[2010/07/09 19:52:37 | 000,005,684 | ---- | M] () -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\searchplugins\williams-sonoma.xml
[2010/05/21 16:56:59 | 000,004,140 | ---- | M] () -- C:\Users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\oxoypubu.default\searchplugins\youtube.xml
[2011/01/13 21:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/12 10:42:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/18 13:46:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/13 17:26:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/13 17:25:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/04 21:31:18 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2007/03/10 08:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2009/06/10 16:39:38 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O3 - HKU\S-1-5-21-2370920451-2532975763-3602438379-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2370920451-2532975763-3602438379-1001..\Run: [KeePass Password Safe 2] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - Startup: C:\Users\Monster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk = C:\Program Files (x86)\No-IP\DUC30.exe ()
O4 - Startup: C:\Users\Monster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)
O4 - Startup: C:\Users\Monster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2370920451-2532975763-3602438379-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2370920451-2532975763-3602438379-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2370920451-2532975763-3602438379-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O22:64bit: - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll (Stardock)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/18 12:38:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Monster\Desktop\OTL.exe
[2011/01/17 05:03:33 | 007,466,152 | ---- | C] (Opera Software ASA) -- C:\Users\Monster\Desktop\Opera_1100_en_Setup.exe
[2011/01/17 03:55:01 | 000,000,000 | ---D | C] -- C:\Users\Monster\Desktop\Old Hosts
[2011/01/17 03:49:19 | 000,000,000 | ---D | C] -- C:\Users\Monster\Desktop\MVPS
[2011/01/16 12:13:39 | 947,070,088 | ---- | C] (Microsoft Corporation) -- C:\Users\Monster\Desktop\windows6.1-KB976932-X64.exe
[2011/01/16 07:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird
[2011/01/15 23:48:59 | 000,000,000 | ---D | C] -- C:\Users\Monster\Desktop\Thunderbird
[2011/01/13 22:28:00 | 000,000,000 | ---D | C] -- C:\Users\Monster\AppData\Local\Diagnostics
[2011/01/13 17:26:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/01/13 17:25:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/01/13 17:25:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/01/13 17:25:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/01/13 17:25:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2011/01/12 21:49:32 | 000,000,000 | ---D | C] -- C:\Users\Monster\AppData\Roaming\Opera
[2011/01/12 15:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RogueRemover FREE
[2011/01/12 15:06:12 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/01/12 15:06:12 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/01/12 15:06:12 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/01/12 15:06:12 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/01/12 15:06:12 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/01/12 15:06:12 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/01/12 15:06:12 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/01/12 15:06:12 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/01/12 15:06:12 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/01/12 15:06:12 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/01/12 15:06:12 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/01/12 15:06:11 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/01/12 15:06:11 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/01/12 15:06:11 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/01/12 15:06:11 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/01/12 15:06:11 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/01/12 15:06:11 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/01/12 15:06:11 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/12 15:06:11 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/01/12 15:06:11 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/01/12 15:06:11 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/01/12 15:06:11 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/01/12 15:06:11 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/01/12 15:06:11 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/01/12 15:06:11 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/01/12 15:06:11 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/12 15:06:11 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/01/12 15:05:53 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/12 15:05:53 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/10 13:09:12 | 000,000,000 | ---D | C] -- C:\Users\Monster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/01/10 12:19:21 | 000,000,000 | ---D | C] -- C:\Users\Monster\AppData\Roaming\KeePass
[2011/01/10 12:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2011/01/08 18:52:22 | 000,000,000 | ---D | C] -- C:\Users\Monster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/01/08 18:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/01/08 18:52:19 | 000,000,000 | ---D | C] -- C:\Users\Monster\AppData\Roaming\Notepad++
[2011/01/08 18:52:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2010/08/16 06:51:45 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Monster\AppData\Roaming\pcouffin.sys
[3 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/18 12:56:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2370920451-2532975763-3602438379-1001UA.job
[2011/01/18 12:38:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Monster\Desktop\OTL.exe
[2011/01/18 12:32:17 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011/01/17 13:56:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2370920451-2532975763-3602438379-1001Core.job
[2011/01/17 05:03:42 | 007,466,152 | ---- | M] (Opera Software ASA) -- C:\Users\Monster\Desktop\Opera_1100_en_Setup.exe
[2011/01/17 04:17:51 | 001,305,826 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/17 04:17:51 | 000,659,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/17 04:17:51 | 000,415,140 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2011/01/17 04:17:51 | 000,120,634 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2011/01/17 04:17:51 | 000,120,634 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/17 04:16:59 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/17 04:16:59 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/17 04:12:16 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\everest_cpl.ini
[2011/01/17 04:11:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/17 04:11:43 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/17 04:10:55 | 1073,741,824 | ---- | M] () -- C:\RAMDisk.img
[2011/01/17 04:09:44 | 000,000,038 | ---- | M] () -- C:\dvmaccounts.ini
[2011/01/16 12:40:33 | 947,070,088 | ---- | M] (Microsoft Corporation) -- C:\Users\Monster\Desktop\windows6.1-KB976932-X64.exe
[2011/01/16 12:18:56 | 000,003,764 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/01/16 07:47:19 | 000,002,040 | ---- | M] () -- C:\Users\Monster\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/01/16 07:20:39 | 1073,741,824 | ---- | M] () -- C:\RAMDisk.img.bak
[2011/01/14 16:58:19 | 264,265,304 | ---- | M] () -- C:\Users\Monster\Desktop\saved.reg
[2011/01/14 15:26:31 | 414,754,984 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/14 08:41:47 | 000,003,342 | ---- | M] () -- C:\Users\Monster\Documents\KayPass.kdbx
[2011/01/13 17:25:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/01/13 17:25:46 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/01/13 17:25:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/01/13 17:25:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/01/13 07:39:11 | 000,010,118 | ---- | M] () -- C:\Users\Monster\Documents\card form.xlsx
[2011/01/12 21:38:58 | 077,545,723 | ---- | M] () -- C:\Users\Monster\Desktop\SmartBar_2nd_Hr.mp3
[2011/01/12 20:26:45 | 000,000,132 | ---- | M] () -- C:\Users\Monster\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/01/11 22:11:06 | 000,000,351 | ---- | M] () -- C:\Users\Monster\Desktop\partypeople.csv
[2011/01/07 16:23:37 | 000,009,102 | ---- | M] () -- C:\Users\Monster\Desktop\charliePC.xlsx
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[3 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/16 07:47:19 | 000,002,040 | ---- | C] () -- C:\Users\Monster\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/01/14 16:56:51 | 264,265,304 | ---- | C] () -- C:\Users\Monster\Desktop\saved.reg
[2011/01/14 15:26:31 | 414,754,984 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/13 22:04:04 | 000,003,342 | ---- | C] () -- C:\Users\Monster\Documents\KayPass.kdbx
[2011/01/13 21:53:00 | 1073,741,824 | ---- | C] () -- C:\RAMDisk.img.bak
[2011/01/13 21:53:00 | 1073,741,824 | ---- | C] () -- C:\RAMDisk.img
[2011/01/13 07:39:11 | 000,010,118 | ---- | C] () -- C:\Users\Monster\Documents\card form.xlsx
[2011/01/12 21:38:17 | 077,545,723 | ---- | C] () -- C:\Users\Monster\Desktop\SmartBar_2nd_Hr.mp3
[2011/01/11 22:11:06 | 000,000,351 | ---- | C] () -- C:\Users\Monster\Desktop\partypeople.csv
[2011/01/07 16:23:37 | 000,009,102 | ---- | C] () -- C:\Users\Monster\Desktop\charliePC.xlsx
[2010/12/01 08:30:33 | 000,000,132 | ---- | C] () -- C:\Users\Monster\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/11/10 23:39:29 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\everest_cpl.ini
[2010/11/10 02:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/11/10 02:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/11/06 22:45:05 | 000,000,000 | ---- | C] () -- C:\Windows\TMonitor64.INI
[2010/11/05 19:40:04 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2010/10/20 14:01:40 | 000,000,600 | ---- | C] () -- C:\Users\Monster\AppData\Local\PUTTY.RND
[2010/10/14 21:51:34 | 000,000,600 | ---- | C] () -- C:\Users\Monster\AppData\Roaming\winscp.rnd
[2010/08/21 22:30:35 | 000,000,917 | ---- | C] () -- C:\Users\Monster\AppData\Roaming\coreavc.ini
[2010/08/16 06:53:15 | 000,001,189 | ---- | C] () -- C:\Users\Monster\AppData\Roaming\vso_ts_preview.xml
[2010/08/16 06:52:03 | 000,000,034 | ---- | C] () -- C:\Users\Monster\AppData\Roaming\pcouffin.log
[2010/08/16 06:51:45 | 000,007,859 | ---- | C] () -- C:\Users\Monster\AppData\Roaming\pcouffin.cat
[2010/08/16 06:51:45 | 000,001,167 | ---- | C] () -- C:\Users\Monster\AppData\Roaming\pcouffin.inf
[2010/08/15 13:57:32 | 001,301,244 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/02 23:54:21 | 000,000,017 | ---- | C] () -- C:\Users\Monster\AppData\Local\resmon.resmoncfg
[2010/06/30 23:08:32 | 000,000,135 | ---- | C] () -- C:\Windows\SysWow64\prio.ini
[2010/06/30 16:19:22 | 000,000,760 | ---- | C] () -- C:\Users\Monster\AppData\Roaming\setup_ldm.iss
[2010/06/30 09:53:36 | 000,005,120 | ---- | C] () -- C:\Users\Monster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/30 09:53:13 | 000,003,764 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/06/30 09:53:13 | 000,000,088 | RHS- | C] () -- C:\ProgramData\871C789280.sys
[2010/06/30 09:17:10 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/06/30 09:17:10 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/06/30 09:17:07 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/06/30 09:17:07 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/06/30 08:37:16 | 000,039,147 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/06/30 08:36:45 | 000,027,056 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/14 08:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 06:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/12/01 18:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2007/12/28 16:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/02/09 18:25:06 | 000,230,424 | ---- | C] () -- C:\Windows\ptm_nt.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:C6B34D36

< End of report >

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 AM

Posted 19 January 2011 - 03:46 AM

Hello and sorry for the delay.

Lets first check for rootkits here.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

#5 saminjapan

saminjapan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:07:27 AM

Posted 19 January 2011 - 06:17 AM

perhaps its not a rootkit. That tool found nothing out of the ordinary. The computer just locks up at times, HTML pages display strangely even after deleting the program, wiping the reg keys and then reinstalling the program (Opera 11).

2011/01/19 20:15:05.0929 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/19 20:15:05.0929 ================================================================================
2011/01/19 20:15:05.0929 SystemInfo:
2011/01/19 20:15:05.0929
2011/01/19 20:15:05.0929 OS Version: 6.1.7601 ServicePack: 1.0
2011/01/19 20:15:05.0929 Product type: Workstation
2011/01/19 20:15:05.0929 ComputerName: MONSTER-PC
2011/01/19 20:15:05.0929 UserName: Monster
2011/01/19 20:15:05.0929 Windows directory: C:\Windows
2011/01/19 20:15:05.0929 System windows directory: C:\Windows
2011/01/19 20:15:05.0929 Running under WOW64
2011/01/19 20:15:05.0929 Processor architecture: Intel x64
2011/01/19 20:15:05.0929 Number of processors: 8
2011/01/19 20:15:05.0929 Page size: 0x1000
2011/01/19 20:15:05.0929 Boot type: Normal boot
2011/01/19 20:15:05.0929 ================================================================================
2011/01/19 20:15:05.0930 Utility is running under WOW64
2011/01/19 20:15:06.0908 Initialize success
2011/01/19 20:15:09.0724 ================================================================================
2011/01/19 20:15:09.0724 Scan started
2011/01/19 20:15:09.0724 Mode: Manual;
2011/01/19 20:15:09.0724 ================================================================================
2011/01/19 20:15:10.0903 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/01/19 20:15:10.0920 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/01/19 20:15:10.0935 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/01/19 20:15:10.0953 ADIHdAudAddService (1c090e86afd15231377ad37436c3c719) C:\Windows\system32\drivers\ADIHdAud.sys
2011/01/19 20:15:10.0974 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/01/19 20:15:10.0994 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/01/19 20:15:11.0010 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/01/19 20:15:11.0037 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/01/19 20:15:11.0054 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/01/19 20:15:11.0072 AiCharger (254a19686e9c8e1b59ac06b7fd1e753c) C:\Windows\system32\DRIVERS\AiCharger.sys
2011/01/19 20:15:11.0087 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/01/19 20:15:11.0107 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/01/19 20:15:11.0121 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/19 20:15:11.0200 amdkmdag (522a8bd1414cc7517faec907f138db9c) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/19 20:15:11.0655 amdkmdap (f712c26d40bf3cd2c020bb518e8150b1) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/01/19 20:15:11.0677 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/01/19 20:15:11.0691 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/01/19 20:15:11.0707 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/01/19 20:15:11.0721 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/01/19 20:15:11.0738 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/01/19 20:15:11.0760 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/01/19 20:15:11.0774 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/01/19 20:15:11.0802 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/19 20:15:11.0816 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/01/19 20:15:11.0833 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys
2011/01/19 20:15:11.0847 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2011/01/19 20:15:11.0923 atikmdag (522a8bd1414cc7517faec907f138db9c) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/19 20:15:11.0966 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/01/19 20:15:11.0986 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/01/19 20:15:12.0007 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/01/19 20:15:12.0024 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/01/19 20:15:12.0041 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/19 20:15:12.0055 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/01/19 20:15:12.0068 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/01/19 20:15:12.0086 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/01/19 20:15:12.0101 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/19 20:15:12.0114 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/19 20:15:12.0127 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/19 20:15:12.0140 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/19 20:15:12.0164 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/19 20:15:12.0178 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/01/19 20:15:12.0194 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/19 20:15:12.0209 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/01/19 20:15:12.0236 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/19 20:15:12.0249 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/01/19 20:15:12.0266 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/01/19 20:15:12.0312 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/19 20:15:13.0098 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/01/19 20:15:13.0120 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/01/19 20:15:13.0141 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/01/19 20:15:13.0166 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/01/19 20:15:13.0182 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/01/19 20:15:13.0196 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/01/19 20:15:13.0216 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/01/19 20:15:13.0238 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/19 20:15:13.0261 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/01/19 20:15:13.0306 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/01/19 20:15:13.0361 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/01/19 20:15:13.0379 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/01/19 20:15:13.0394 EverestDriver (1caf5070493459ba029d988dbb2c7422) C:\Program Files (x86)\Everest\kerneld.amd64
2011/01/19 20:15:13.0412 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/01/19 20:15:13.0429 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/01/19 20:15:13.0444 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/19 20:15:13.0462 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/01/19 20:15:13.0475 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/01/19 20:15:13.0524 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/19 20:15:13.0838 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/01/19 20:15:13.0862 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/01/19 20:15:13.0874 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/19 20:15:13.0889 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/19 20:15:13.0904 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/01/19 20:15:13.0918 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/19 20:15:13.0940 HabuFltr (a0ede833055e6a9f2f99d0aaf717244a) C:\Windows\system32\drivers\habu.sys
2011/01/19 20:15:13.0954 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/19 20:15:13.0970 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/01/19 20:15:13.0988 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/01/19 20:15:14.0002 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/01/19 20:15:14.0016 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/01/19 20:15:14.0030 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/19 20:15:14.0047 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/01/19 20:15:14.0067 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/01/19 20:15:14.0086 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/01/19 20:15:14.0106 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/19 20:15:14.0122 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/01/19 20:15:14.0143 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/01/19 20:15:14.0164 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/01/19 20:15:14.0183 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/01/19 20:15:14.0200 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/01/19 20:15:14.0214 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/19 20:15:14.0231 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/19 20:15:14.0247 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/01/19 20:15:14.0261 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/01/19 20:15:14.0357 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/01/19 20:15:14.0370 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/01/19 20:15:14.0388 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/01/19 20:15:14.0404 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/01/19 20:15:14.0417 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/01/19 20:15:14.0432 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/19 20:15:14.0447 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/19 20:15:14.0461 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/01/19 20:15:14.0487 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/01/19 20:15:14.0503 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/19 20:15:14.0540 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files\LogMeIn\x64\RaInfo.sys
2011/01/19 20:15:14.0825 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
2011/01/19 20:15:14.0847 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/01/19 20:15:14.0863 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/01/19 20:15:14.0879 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/01/19 20:15:14.0894 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/01/19 20:15:14.0909 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/01/19 20:15:14.0924 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/01/19 20:15:14.0930 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/01/19 20:15:14.0951 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
2011/01/19 20:15:15.0002 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
2011/01/19 20:15:15.0048 MBAMProtector (3d3c4b63f11f63f50253e734f0ace9f2) C:\Windows\system32\drivers\mbam.sys
2011/01/19 20:15:15.0071 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/01/19 20:15:15.0088 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/01/19 20:15:15.0115 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/01/19 20:15:15.0144 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/19 20:15:15.0158 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/01/19 20:15:15.0173 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/19 20:15:15.0192 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/01/19 20:15:15.0209 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/01/19 20:15:15.0224 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/19 20:15:15.0242 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/01/19 20:15:15.0259 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/19 20:15:15.0276 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/19 20:15:15.0293 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/19 20:15:15.0318 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/01/19 20:15:15.0333 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/01/19 20:15:15.0353 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/01/19 20:15:15.0366 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/19 20:15:15.0379 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/01/19 20:15:15.0397 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/19 20:15:15.0410 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/19 20:15:15.0424 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/01/19 20:15:15.0440 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/01/19 20:15:15.0458 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/01/19 20:15:15.0472 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/01/19 20:15:15.0484 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/01/19 20:15:15.0498 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/01/19 20:15:15.0511 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/01/19 20:15:15.0545 mv61xx (42ab117ab98ac93f487b2913ee4fbdd8) C:\Windows\system32\DRIVERS\mv61xx.sys
2011/01/19 20:15:15.0567 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/19 20:15:15.0608 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/01/19 20:15:15.0631 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/19 20:15:15.0646 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/19 20:15:15.0660 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/19 20:15:15.0684 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/19 20:15:15.0699 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/01/19 20:15:15.0714 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/19 20:15:15.0736 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/19 20:15:15.0767 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/01/19 20:15:15.0785 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/01/19 20:15:15.0800 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/19 20:15:15.0839 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/01/19 20:15:15.0868 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/01/19 20:15:15.0885 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/01/19 20:15:15.0903 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/01/19 20:15:15.0920 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/01/19 20:15:15.0934 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/01/19 20:15:15.0960 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/01/19 20:15:15.0975 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/01/19 20:15:15.0995 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/01/19 20:15:16.0008 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/01/19 20:15:16.0038 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/19 20:15:16.0055 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2011/01/19 20:15:16.0075 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/01/19 20:15:16.0094 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/01/19 20:15:16.0146 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/19 20:15:16.0163 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/01/19 20:15:16.0185 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/19 20:15:16.0223 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/01/19 20:15:16.0249 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/01/19 20:15:16.0266 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/19 20:15:16.0322 RAMDiskVE (0a6392a70a6cdda261c0fba0b8ec952e) C:\Windows\system32\Drivers\RAMDiskVE.sys
2011/01/19 20:15:16.0343 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/19 20:15:16.0358 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/19 20:15:16.0374 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/19 20:15:16.0390 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/19 20:15:16.0405 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/19 20:15:16.0430 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/19 20:15:16.0446 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/01/19 20:15:16.0461 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/19 20:15:16.0481 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/01/19 20:15:16.0497 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/19 20:15:16.0514 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/19 20:15:16.0912 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/01/19 20:15:16.0966 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/01/19 20:15:16.0984 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/01/19 20:15:17.0018 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/19 20:15:17.0036 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/01/19 20:15:17.0049 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/01/19 20:15:17.0060 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/01/19 20:15:17.0076 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/01/19 20:15:17.0092 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/19 20:15:17.0112 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/01/19 20:15:17.0132 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/19 20:15:17.0146 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/01/19 20:15:17.0159 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/01/19 20:15:17.0181 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/01/19 20:15:17.0195 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/01/19 20:15:17.0208 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/01/19 20:15:17.0221 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/01/19 20:15:17.0239 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/01/19 20:15:17.0253 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/01/19 20:15:17.0270 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/01/19 20:15:17.0297 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/01/19 20:15:17.0320 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
2011/01/19 20:15:17.0340 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/19 20:15:17.0358 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/19 20:15:17.0376 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/01/19 20:15:17.0392 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/01/19 20:15:17.0417 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/01/19 20:15:17.0448 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/01/19 20:15:17.0509 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/01/19 20:15:17.0555 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/19 20:15:17.0581 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/19 20:15:17.0599 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/01/19 20:15:17.0614 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/01/19 20:15:17.0628 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/19 20:15:17.0642 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/01/19 20:15:17.0687 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
2011/01/19 20:15:17.0752 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
2011/01/19 20:15:17.0848 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
2011/01/19 20:15:17.0906 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
2011/01/19 20:15:18.0670 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/19 20:15:18.0698 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/01/19 20:15:18.0738 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/19 20:15:18.0752 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/01/19 20:15:18.0769 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/19 20:15:18.0840 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/01/19 20:15:18.0851 UltraMonUtility (694bcf23662f97d987cf4c6739c35f8b) C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
2011/01/19 20:15:18.0869 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/01/19 20:15:18.0886 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/01/19 20:15:18.0903 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/01/19 20:15:18.0918 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/01/19 20:15:18.0934 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/01/19 20:15:18.0948 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/01/19 20:15:18.0964 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/19 20:15:18.0982 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/01/19 20:15:18.0997 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/19 20:15:19.0011 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/19 20:15:19.0024 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/01/19 20:15:19.0039 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
2011/01/19 20:15:19.0053 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/19 20:15:19.0068 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/01/19 20:15:19.0090 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
2011/01/19 20:15:19.0104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/01/19 20:15:19.0120 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/19 20:15:19.0133 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/01/19 20:15:19.0160 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/01/19 20:15:19.0175 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/01/19 20:15:19.0190 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/01/19 20:15:19.0205 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/01/19 20:15:19.0241 vncmirror (93f279a2c172562050700a18fa84be2e) C:\Windows\system32\DRIVERS\vncmirror.sys
2011/01/19 20:15:19.0260 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/01/19 20:15:19.0278 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/01/19 20:15:19.0299 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/01/19 20:15:19.0320 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/01/19 20:15:19.0341 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/01/19 20:15:19.0369 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/01/19 20:15:19.0385 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/19 20:15:19.0393 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/19 20:15:19.0416 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/01/19 20:15:19.0437 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/19 20:15:19.0471 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/19 20:15:19.0489 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/01/19 20:15:19.0522 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/01/19 20:15:19.0540 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/01/19 20:15:19.0571 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/19 20:15:19.0596 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/01/19 20:15:19.0613 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/19 20:15:19.0641 yukonw7 (e793283bdec1af93e00ca71767b9934c) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/01/19 20:15:19.0712 ================================================================================
2011/01/19 20:15:19.0712 Scan finished
2011/01/19 20:15:19.0712 ================================================================================

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 AM

Posted 19 January 2011 - 07:31 AM

Hello again, luckily nothing found there. :)

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

#7 saminjapan

saminjapan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:07:27 AM

Posted 19 January 2011 - 08:05 AM

I thought I had heard that combofix wouldn't work on 64 bit OS machines? I got an invalid OS message when I started Combofix, but ran it anyways. Here's the log.

ComboFix 11-01-18.04 - Monster 01/19/2011 21:54:32.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.3956 [GMT 9:00]
Running from: c:\users\Monster\Desktop\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\KeePass Password Safe 2\KeePass.exe
C:\SDT6150.tmp
C:\SDT73E6.tmp
C:\SDTFF23.tmp
c:\users\Monster\AppData\Roaming\inst.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete

.
((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))
.

2011-01-19 12:58 . 2011-01-19 12:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-01-19 12:58 . 2011-01-19 12:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-19 07:26 . 2011-01-19 07:27 -------- d-----w- c:\program files (x86)\BUFFALO
2011-01-18 14:02 . 2011-01-18 14:02 -------- d-----w- c:\users\Monster\AppData\Roaming\Thunderbird
2011-01-18 13:15 . 2011-01-19 02:45 -------- d-----w- c:\program files (x86)\Hard Disk Sentinel
2011-01-18 08:45 . 2011-01-18 08:45 -------- d-----w- c:\windows\system32\SPReview
2011-01-18 08:11 . 2010-11-19 20:13 6144 ----a-w- c:\windows\system32\drivers\en-US\rdvgkmd.sys.mui
2011-01-18 08:11 . 2010-11-19 20:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2011-01-18 08:10 . 2010-11-19 19:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2011-01-18 08:10 . 2010-11-19 20:11 4096 ----a-w- c:\windows\system32\drivers\en-US\tsusbhub.sys.mui
2011-01-18 08:08 . 2010-11-19 20:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2011-01-18 08:08 . 2010-11-19 20:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2011-01-18 08:00 . 2010-11-19 20:10 5120 ----a-w- c:\windows\system32\drivers\ja-JP\rdvgkmd.sys.mui
2011-01-18 08:00 . 2010-11-19 20:05 2560 ----a-w- c:\windows\system32\drivers\ja-JP\rdpwd.sys.mui
2011-01-18 07:58 . 2010-11-19 19:59 3584 ----a-w- c:\windows\system32\drivers\ja-JP\tsusbhub.sys.mui
2011-01-18 07:58 . 2010-11-19 20:06 3072 ----a-w- c:\windows\system32\drivers\ja-JP\tsusbflt.sys.mui
2011-01-18 07:52 . 2010-11-19 20:27 287744 ----a-w- c:\windows\system32\lzhfldr2.dll
2011-01-18 07:52 . 2010-11-19 19:20 266240 ----a-w- c:\windows\SysWow64\lzhfldr2.dll
2011-01-18 07:08 . 2010-11-19 20:27 244224 ----a-w- c:\windows\system32\spp.dll
2011-01-18 07:07 . 2010-11-19 20:34 215936 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2011-01-18 07:06 . 2010-11-19 20:27 403968 ----a-w- c:\windows\system32\untfs.dll
2011-01-18 07:05 . 2010-11-19 20:26 166912 ----a-w- c:\windows\system32\inetpp.dll
2011-01-18 07:04 . 2010-11-19 19:20 22528 ----a-w- c:\windows\SysWow64\netutils.dll
2011-01-18 07:03 . 2010-11-19 19:21 270848 ----a-w- c:\windows\SysWow64\tsmf.dll
2011-01-18 07:02 . 2010-11-19 20:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-01-18 07:01 . 2010-11-19 20:27 324096 ----a-w- c:\windows\system32\netdiagfx.dll
2011-01-18 06:55 . 2011-01-18 06:55 -------- d-----w- c:\windows\system32\EventProviders
2011-01-13 13:28 . 2011-01-19 06:07 -------- d-----w- c:\users\Monster\AppData\Local\Diagnostics
2011-01-13 08:26 . 2011-01-13 08:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-01-13 08:25 . 2011-01-13 08:25 -------- d-----w- c:\windows\SysWow64\Adobe
2011-01-12 06:21 . 2011-01-12 06:33 -------- d-----w- c:\program files (x86)\RogueRemover FREE
2011-01-10 04:09 . 2011-01-10 04:09 388096 ----a-r- c:\users\Monster\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-10 03:19 . 2011-01-19 12:33 -------- d-----w- c:\users\Monster\AppData\Roaming\KeePass
2011-01-10 03:17 . 2011-01-19 12:58 -------- d-----w- c:\program files (x86)\KeePass Password Safe 2
2011-01-08 09:52 . 2011-01-08 10:11 -------- d-----w- c:\users\Monster\AppData\Roaming\Notepad++
2011-01-08 09:52 . 2011-01-08 09:52 -------- d-----w- c:\program files (x86)\Notepad++

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-18 23:13 . 2010-06-30 00:53 3764 --sha-w- c:\programdata\KGyGaAvL.sys
2011-01-18 13:35 . 2010-08-15 21:51 82816 ----a-w- c:\users\Monster\AppData\Roaming\pcouffin.sys
2011-01-18 08:30 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-01-18 08:29 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-01-13 08:25 . 2010-07-12 01:42 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-20 09:09 . 2010-12-08 01:00 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 09:08 . 2010-07-04 13:50 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 21:57 . 2010-11-11 12:39 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-15 21:57 . 2010-11-11 12:39 80768 ----a-w- c:\windows\system32\LMIinit.dll
2010-12-15 21:57 . 2010-11-11 12:39 33152 ----a-w- c:\windows\system32\LMIport.dll
2010-11-29 08:38 . 2010-11-29 08:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 08:38 . 2010-11-29 08:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-24 11:11 . 2010-11-24 11:17 105552 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-11-24 11:11 . 2010-11-24 11:17 90704 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-11-24 11:11 . 2010-11-24 11:17 67664 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-11-24 11:11 . 2010-11-24 11:17 144464 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-11-19 20:25 . 2011-01-18 07:09 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2010-11-19 19:18 . 2011-01-18 07:09 2175488 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-11-19 19:18 . 2011-01-18 07:08 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-11-10 14:44 . 2010-06-30 14:47 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-11-09 17:49 . 2010-11-09 17:49 539232 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2010-11-09 17:49 . 2010-11-09 17:49 543328 ----a-w- c:\windows\SysWow64\LVUI2.dll
2010-11-09 17:47 . 2010-11-09 17:47 416352 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2010-11-09 17:45 . 2010-11-09 17:45 4162784 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
2010-11-09 17:45 . 2010-11-09 17:45 559712 ----a-w- c:\windows\system32\LVUIRC64.dll
2010-11-09 17:45 . 2010-11-09 17:45 102744 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
2010-11-09 17:45 . 2010-11-09 17:45 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-11-09 17:45 . 2010-11-09 17:45 10871128 ----a-w- c:\windows\SysWow64\LogiDPP.dll
2010-11-09 17:45 . 2010-11-09 17:45 10871128 ----a-w- c:\windows\system32\LogiDPP.dll
2010-11-09 17:45 . 2010-11-09 17:45 316248 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
2010-11-09 17:45 . 2010-11-09 17:45 316248 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-11-09 17:45 . 2010-11-09 17:45 767584 ----a-w- c:\windows\system32\LVUI64.dll
2010-11-09 17:44 . 2010-11-09 17:44 341856 ----a-w- c:\windows\system32\drivers\lvrs64.sys
2010-11-09 17:43 . 2010-11-09 17:43 259680 ----a-w- c:\windows\system32\lvco13101216.dll
2010-11-09 17:43 . 2010-11-09 17:43 400480 ----a-w- c:\windows\system32\lvcod64.dll
2010-11-09 17:32 . 2010-11-09 17:32 38238 ----a-w- c:\windows\system32\Repository.reg
2010-10-26 19:00 . 2010-10-26 19:00 8012288 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-10-26 18:25 . 2010-10-26 18:25 21422592 ----a-w- c:\windows\system32\atio6axx.dll
2010-10-26 18:08 . 2010-10-26 18:08 16281600 ----a-w- c:\windows\SysWow64\atioglxx.dll
2010-10-26 17:55 . 2010-10-26 17:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-26 17:55 . 2010-10-26 17:55 547328 ----a-w- c:\windows\SysWow64\aticfx32.dll
2010-10-26 17:54 . 2010-08-03 16:54 645120 ----a-w- c:\windows\system32\aticfx64.dll
2010-10-26 17:52 . 2010-10-26 17:52 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-10-26 17:52 . 2009-11-04 15:45 478208 ----a-w- c:\windows\system32\atieclxx.exe
2010-10-26 17:51 . 2009-11-04 15:45 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2010-10-26 17:50 . 2010-10-26 17:50 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-10-26 17:50 . 2009-11-04 15:43 423424 ----a-w- c:\windows\system32\atipdl64.dll
2010-10-26 17:50 . 2010-10-26 17:50 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2010-10-26 17:49 . 2010-10-26 17:49 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2010-10-26 17:49 . 2010-10-26 17:49 16384 ----a-w- c:\windows\system32\atimuixx.dll
2010-10-26 17:49 . 2010-10-26 17:49 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-10-26 17:49 . 2010-10-26 17:49 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2010-10-26 17:46 . 2010-10-26 17:46 4020736 ----a-w- c:\windows\SysWow64\atidxx32.dll
2010-10-26 17:38 . 2009-11-04 15:31 4744704 ----a-w- c:\windows\system32\atidxx64.dll
2010-10-26 17:35 . 2010-10-26 17:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2010-10-26 17:35 . 2010-10-26 17:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2010-10-26 17:35 . 2010-10-26 17:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2010-10-26 17:35 . 2010-10-26 17:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2010-10-26 17:35 . 2010-10-26 17:35 6815744 ----a-w- c:\windows\system32\aticaldd64.dll
2010-10-26 17:33 . 2010-10-26 17:33 5441536 ----a-w- c:\windows\SysWow64\aticaldd.dll
2010-10-26 17:28 . 2010-10-26 17:28 4094464 ----a-w- c:\windows\SysWow64\atiumdag.dll
2010-10-26 17:22 . 2010-10-26 17:22 5218304 ----a-w- c:\windows\system32\atiumd64.dll
2010-10-26 17:15 . 2010-08-03 16:23 58880 ----a-w- c:\windows\system32\coinst.dll
2010-10-26 17:14 . 2009-11-04 14:52 349184 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-26 17:14 . 2010-10-26 17:14 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2010-10-26 17:14 . 2010-10-26 17:14 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-10-26 17:14 . 2010-10-26 17:14 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2010-10-26 17:14 . 2010-10-26 17:14 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-10-26 17:14 . 2010-10-26 17:14 31744 ----a-w- c:\windows\system32\atig6txx.dll
2010-10-26 17:14 . 2010-10-26 17:14 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
2010-10-26 17:14 . 2010-10-26 17:14 287232 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-10-26 17:13 . 2010-08-03 16:15 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2010-10-26 17:13 . 2010-10-26 17:13 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2010-10-26 17:13 . 2010-08-03 16:14 37888 ----a-w- c:\windows\system32\atiu9p64.dll
2010-10-26 17:13 . 2010-10-26 17:13 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2010-10-26 17:12 . 2010-10-26 17:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-10-26 16:57 . 2010-10-26 16:57 3221504 ----a-w- c:\windows\system32\atiumd6a.dll
2010-10-26 16:50 . 2010-10-26 16:50 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
2010-10-26 16:37 . 2010-10-26 16:37 53760 ----a-w- c:\windows\system32\atimpc64.dll
2010-10-26 16:37 . 2010-10-26 16:37 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2010-10-26 16:37 . 2010-10-26 16:37 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2010-10-26 16:37 . 2010-10-26 16:37 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-19 19:20 442880 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-04 465536]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

c:\users\Monster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
No-IP DUC.lnk - c:\program files (x86)\No-IP\DUC30.exe [2010-6-19 1423520]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe [2010-8-14 4142448]
Yahoo! Widgets.lnk - c:\program files (x86)\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-11-11 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-11-19 12800]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 491088]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 339536]
R3 ALSysIO;ALSysIO;g:\temp\ALSysIO64.sys [x]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-11-19 107904]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 194128]
R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2010-11-19 61440]
R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 97856]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys [2009-06-10 468480]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [2009-06-10 270848]
R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-06-10 18432]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-06-10 8704]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 286720]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-06-10 47104]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-06-10 14976]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-14 45568]
R3 cpuz134;cpuz134;g:\temp\cpuz134\cpuz134_x64.sys [x]
R3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;c:\windows\system32\DRIVERS\E1G6032E.sys [2009-06-10 145792]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys [2009-06-10 3286016]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 530496]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 34304]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 55376]
R3 GPU-Z;GPU-Z;g:\temp\GPU-Z.sys [x]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-06-10 31232]
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [2010-11-19 78720]
R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-11-19 410496]
R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-11-19 78848]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-11-19 273792]
R3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 31232]
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 114752]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 106560]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 65600]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 115776]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 24152]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 35392]
R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-11-19 155008]
R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-11-19 140672]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-14 8192]
R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-14 15360]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-14 318976]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-14 35328]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 51264]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-11-19 166272]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PerfHost;Performance Counter DLL Host;c:\windows\SysWow64\perfhost.exe [2009-07-14 20992]
R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1524816]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 128592]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-19 20992]
R3 s3cap;s3cap;c:\windows\system32\drivers\vms3cap.sys [2010-11-19 6656]
R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-11-19 29696]
R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-14 13824]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 80464]
R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-14 93184]
R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 24656]
R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-11-19 34688]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-19 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 40960]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 64592]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-14 100352]
R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 31232]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-11-19 215936]
R3 VMBusHID;VMBusHID;c:\windows\system32\drivers\VMBusHID.sys [2010-11-19 21760]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 161872]
R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [2009-07-14 24576]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-14 27776]
R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2010-11-19 1504256]
R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 21056]
R3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 22096]
R3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136]
R4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
R4 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 27136]
R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R4 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 27136]
R4 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2009-08-15 1772472]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-05-05 14592]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-11-19 27008]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 367696]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2010-11-19 459248]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 70224]
S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-11-19 223248]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-11-19 14720]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2010-11-19 152960]
S0 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-11-19 31104]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 15424]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-05-11 178728]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 50768]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-11-19 213888]
S0 spldr;Security Processor Loader Driver; [x]
S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [2010-11-19 46464]
S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 36432]
S0 vmbus;Virtual Machine Bus;c:\windows\system32\drivers\vmbus.sys [2010-11-19 199552]
S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-11-19 71552]
S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2010-11-19 363392]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 45056]
S1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [2010-11-19 514560]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-11-19 102400]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 40448]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 24576]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 7680]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 8192]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-11-19 119296]
S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-11-19 88576]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-14 12800]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-26 203776]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 CscService;Offline Files;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-14 60928]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-15 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 113152]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
S2 MDES;DVM Meta Data Export Service;c:\asus.sys\CONFIG\DVMExportService.exe [2009-03-24 319488]
S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 651264]
S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2009-09-25 93960]
S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-11-19 3524608]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-11-19 45056]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-11-24 67664]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-13 20512]
S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-11-19 229888]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-26 8012288]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-26 287232]
S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 90624]
S3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [2010-11-19 38912]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-11-19 982912]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Everest\kerneld.amd64 [2010-05-21 26752]
S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-11-09 341856]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-09 4162784]
S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 30208]
S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-14 77312]
S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-11-19 287744]
S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-11-19 128000]
S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys [2010-09-22 63696]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 60416]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 24064]
S3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-11-19 413184]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-11-19 167936]
S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-19 194048]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-11-19 39424]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-11-19 125440]
S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-11-19 48640]
S3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-09-23 394528]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
wcssvc REG_MULTI_SZ WcsPlugInService

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
msiscsi
schedule
SessionEnv
winmgmt
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv

.
Contents of the 'Scheduled Tasks' folder

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2370920451-2532975763-3602438379-1001Core.job
- c:\users\Monster\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-16 04:51]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2370920451-2532975763-3602438379-1001UA.job
- c:\users\Monster\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-16 04:51]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-19 20:27 509952 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-11-24 192008]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2010-11-24 1062224]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll" [2010-03-24 633200]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
winmgmt
SessionEnv
browser
EapHost
schedule
hkmsvc
wercplsupport
ProfSvc
Themes
BDESVC
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://espn.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: {C35DBCF7-195E-4D66-BAE4-ABF051B9E9BE} = 192.168.11.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Monster\AppData\Roaming\Mozilla\Firefox\Profiles\chriawlm.NEW_AUg28,2010\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Foxdie: Foxdie@tanjihay.com - %profile%\extensions\Foxdie@tanjihay.com
FF - Ext: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - %profile%\extensions\foxdie_ext_ocelot@foxdie.us
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
.
- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-KeePass Password Safe 2 - c:\program files (x86)\KeePass Password Safe 2\KeePass.exe
Wow6432Node-HKLM-Run-KeePass 2 PreLoad - c:\program files (x86)\KeePass Password Safe 2\KeePass.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Impulse - c:\programdata\{6AA53D5D-4235-46F9-BAB3-3C1AF08F4C1A}\Impulse_setup.exe
AddRemove-YInstHelper - c:\windows\system32\regsvr32



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\Everest\kerneld.amd64"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Hard Disk Sentinel\HDSentinel.exe
c:\program files (x86)\Everest\everest.exe
c:\program files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
c:\program files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
.
**************************************************************************
.
Completion time: 2011-01-19 22:03:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-19 13:03

Pre-Run: 57,471,528,960 bytes free
Post-Run: 57,287,008,256 bytes free

- - End Of File - - E767EBF2D205EFE1D84A4CDC908A9E04

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 AM

Posted 19 January 2011 - 08:22 AM

Combofix is 64 bit compatible now. Please let me know how things are running.

I'd also like to know how many RAM you have on this computer (you can see this by right-clicking Computer and selecting Properties, on the first tab). You have a huge amount of programs running.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

#9 saminjapan

saminjapan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:07:27 AM

Posted 19 January 2011 - 08:39 AM

6 GB of RAM onboard
DIMM1: Corsair CMT6GX3M3A1600C7 2 GB DDR3-1333 DDR3 SDRAM (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 592 MHz) (6-6-6-16 @ 444 MHz)
DIMM3: Corsair CMT6GX3M3A1600C7 2 GB DDR3-1333 DDR3 SDRAM (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 592 MHz) (6-6-6-16 @ 444 MHz)
DIMM5: Corsair CMT6GX3M3A1600C7 2 GB DDR3-1333 DDR3 SDRAM (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 592 MHz) (6-6-6-16 @ 444 MHz)

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 AM

Posted 19 January 2011 - 08:42 AM

That should be more than enough. Can you reboot in safe mode and see how things run htere?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

#11 saminjapan

saminjapan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:07:27 AM

Posted 19 January 2011 - 09:04 AM

Safe mode appears to run a bit better. deleting messages from Thunderbird do not freeze up my machine like they do without safe mode. My issues with Opera come and go and are only related to espn.com which doesn't display properly about 60% of the time. I have inquired about it on other forums and it appears to be only me experiencing the problem.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 AM

Posted 19 January 2011 - 09:29 AM

Do you have the espn.com problems also when using other browsers? If not, did you clean the cache (this is sometimes unrelated to reinstalling Opera).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

#13 saminjapan

saminjapan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:07:27 AM

Posted 19 January 2011 - 06:03 PM

NO. other browsers work fine. I have cleared the cache. I use a folder on my RamDisk as my browser cache for Opera, but changing the cache back to defaults won't fix the issue either.

as for Thunderbird, I am not sure what's causing it to lock up and freeze windows whenever I choose to delete or move an email between folders/accounts.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 AM

Posted 20 January 2011 - 03:15 AM

Please try the steps here: http://support.microsoft.com/kb/331796 and let me know how things are running then.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 AM

Posted 01 February 2011 - 11:30 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·