Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

olmarik trojan


  • Please log in to reply
5 replies to this topic

#1 ehammer85

ehammer85

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 25 February 2011 - 11:18 AM

hello....i'm having trouble removing olmarik trojan....it is still present after 2 reformats....i'll include a few logs to let you know whats going on

ESET nod
Combofix
MBR Check
OTL
TDSSKiller

scaned w/ malaware bytes and didn't find anything....so help me out oh wise ones....

BC AdBot (Login to Remove)

 


#2 ehammer85

ehammer85
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 25 February 2011 - 11:20 AM

ESET

Scan Log
Version of virus signature database: 3948 (20090319)
Date: 2/24/2011 Time: 3:48:56 PM
Scanned disks, folders and files: C:\Boot sector;C:\;D:\Boot sector;D:\
MBR sector of the 1. physical disk - probably unknown TSR.BOOT virus [7] - unable to clean
C:\pagefile.sys - error opening [4]
C:\Boot\BCD - error opening [4]
C:\Boot\BCD.LOG - error opening [4]
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Mozilla Firefox\chrome\toolkit.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Nero\Nero 9\Nero Burning ROM\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Nero\Nero 9\Nero Express\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Opera\styles\m2_welcome_message.mbs » MIME - is OK (internal scanning not performed)
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0430845f886ab2b4f1f6da72720b2958_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07d95af6f475b4a23b895fc1eb3a5da6_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0fe65a13462efb131885f052c7fb331c_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3b1213e8bf842a85c19568f6087a41af_4ef0ed91-7bac-430a-86a7-6d91bdebcd5a - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\43929af2bccb3c2998ca91203a76e9f4_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4a436de49ae8be01d70b76dd8d543014_4ef0ed91-7bac-430a-86a7-6d91bdebcd5a - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5a89df99e7da60ffeb06f65928af2bb1_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5cf36cc24611742a122084dc607f64fc_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\76ff4574a1bb4211ca86521d2fedec67_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7d7b96bac15eaa89fd40d79dcb1a32b3_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\86f77345b7537be468969c595592a8e5_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a99b4b0f915db1102591841fe634f31b_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b553533ed7f3b4ca105f40eb725efd99_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cc5ebdf05293883d33a9e1ae86d4a158_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cda2e34cc303d805f9eab37aafd42c06_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d2aeb55010deebfd011c079c893d6021_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e69452511afecf2e4cb30425e47d9717_4ef0ed91-7bac-430a-86a7-6d91bdebcd5a - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee9985f24d75649e39cfd6739de9fd58_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fa7d47c997e27a215c9a31e7caf12a47_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat - error opening [4]
C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0430845f886ab2b4f1f6da72720b2958_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\07d95af6f475b4a23b895fc1eb3a5da6_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0fe65a13462efb131885f052c7fb331c_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3b1213e8bf842a85c19568f6087a41af_4ef0ed91-7bac-430a-86a7-6d91bdebcd5a - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\43929af2bccb3c2998ca91203a76e9f4_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4a436de49ae8be01d70b76dd8d543014_4ef0ed91-7bac-430a-86a7-6d91bdebcd5a - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5a89df99e7da60ffeb06f65928af2bb1_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5cf36cc24611742a122084dc607f64fc_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\76ff4574a1bb4211ca86521d2fedec67_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7d7b96bac15eaa89fd40d79dcb1a32b3_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\86f77345b7537be468969c595592a8e5_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a99b4b0f915db1102591841fe634f31b_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b553533ed7f3b4ca105f40eb725efd99_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cc5ebdf05293883d33a9e1ae86d4a158_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cda2e34cc303d805f9eab37aafd42c06_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d2aeb55010deebfd011c079c893d6021_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e69452511afecf2e4cb30425e47d9717_4ef0ed91-7bac-430a-86a7-6d91bdebcd5a - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ee9985f24d75649e39cfd6739de9fd58_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fa7d47c997e27a215c9a31e7caf12a47_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
C:\Users\All Users\Microsoft\RAC\StateData\RacMetaData.dat - error opening [4]
C:\Users\All Users\Microsoft\RAC\StateData\RacWmiEventData.dat - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\Users\All Users\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - error opening [4]
C:\Users\ethan\NTUSER.DAT - error opening [4]
C:\Users\ethan\ntuser.dat.LOG1 - error opening [4]
C:\Users\ethan\ntuser.dat.LOG2 - error opening [4]
C:\Users\ethan\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Users\ethan\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]
C:\Users\ethan\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]
C:\Users\Public\Desktop\Windows7 Activators(optional)\Windows_Loader_4.9.7_-_Activate_Win_7__Server__Vista__XP.rar » RAR » Windows_Loader_4.9.7_-_Activate_Win_7__Server__Vista__XP\Windows Loader 4.9.7 - Activate Win 7, Server, Vista, XP [Meera] [x32-x64]\Key Finder\Key Finder2009.exe - a variant of Win32/PSW.Tacsasi.AA trojan
C:\Users\Public\Desktop\Windows7 Activators(optional)\Windows_Loader_4.9.7_-_Activate_Win_7__Server__Vista__XP.rar » RAR » Windows_Loader_4.9.7_-_Activate_Win_7__Server__Vista__XP\Windows Loader 4.9.7 - Activate Win 7, Server, Vista, XP [Meera] [x32-x64]\Windows Activator.exe - a variant of Win32/PSW.Tacsasi.AA trojan
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Audio/Cling.ogg - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Audio/Cool (short).ogg - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Audio/Rabble.ogg - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Audio/too_late.ogg - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/autorun.cdd - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Buttons/Kapat_1.Btn - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Buttons/Task_6.Btn - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Buttons/Vista Start Big.Btn - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/data/pktokens/pkeyconfig.xrm-ms - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/data/pktokens/Readme.txt - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/data/pktokens/tokens.dat - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/get_debuglog.cmd - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Icons/Se7ven Activator101.ico - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Images/630_1.png - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Images/Untitled_1.png - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Images/Untitled-1_2.gif - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Images/Untitled-3.gif - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/install_w7ldr.exe - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/README.txt - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/remove_w7ldr.exe - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/test.bat - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » autorun.exe - error - password-protected file
C:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » Se7ven Activator101.ico - error - password-protected file
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - error opening [4]
C:\Windows\SoftwareDistribution\DataStore\DataStore.edb - error opening [4]
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log - error opening [4]
C:\Windows\SoftwareDistribution\DataStore\Logs\edbtmp.log - error opening [4]
C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb - error opening [4]
C:\Windows\System32\catroot2\edb.log - error opening [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]
C:\Windows\Temp\TMP000000011441B35C000E079A - error opening [4]
C:\Windows\Temp\TMP00000001C83F8A3BA5F5DA14 - error opening [4]
C:\Windows\Temp\TMP0000000C929B4E40CE834F98 - error opening [4]
MBR sector of the 1. physical disk - Win32/Olmarik.AJL trojan - action selection postponed until scan completion
D:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
D:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
D:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
D:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
D:\Program Files (x86)\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
D:\Program Files (x86)\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
D:\Program Files (x86)\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
D:\Program Files (x86)\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
D:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
D:\Program Files (x86)\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
D:\Program Files (x86)\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
D:\Program Files (x86)\Mozilla Firefox\chrome\toolkit.manifest » MIME - is OK (internal scanning not performed)
D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)
D:\Program Files (x86)\Nero\Nero 9\Nero Burning ROM\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed)
D:\Program Files (x86)\Nero\Nero 9\Nero Express\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed)
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0430845f886ab2b4f1f6da72720b2958_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07d95af6f475b4a23b895fc1eb3a5da6_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0fe65a13462efb131885f052c7fb331c_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1259e4238d27027c3d505fc6582865d3_925a4fb4-66df-46e7-b77f-cc33e7c5bdf6 - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\21425c721bfa736fd14e0d5a3b994327_925a4fb4-66df-46e7-b77f-cc33e7c5bdf6 - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\43929af2bccb3c2998ca91203a76e9f4_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\59359397d5c8358f5cb09edb09577af1_925a4fb4-66df-46e7-b77f-cc33e7c5bdf6 - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5a89df99e7da60ffeb06f65928af2bb1_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5cf36cc24611742a122084dc607f64fc_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\608282ae91758f6a0c8ca241b1a3c186_925a4fb4-66df-46e7-b77f-cc33e7c5bdf6 - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\752c9c2167d5c9a397d91c7c345ee0fb_925a4fb4-66df-46e7-b77f-cc33e7c5bdf6 - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\76ff4574a1bb4211ca86521d2fedec67_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7d7b96bac15eaa89fd40d79dcb1a32b3_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\86f77345b7537be468969c595592a8e5_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a99b4b0f915db1102591841fe634f31b_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b060c3b14239dcfe18cf4b7ada2a73b2_925a4fb4-66df-46e7-b77f-cc33e7c5bdf6 - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b553533ed7f3b4ca105f40eb725efd99_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b81c372e18c296254c67d82225b5a001_925a4fb4-66df-46e7-b77f-cc33e7c5bdf6 - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cc5ebdf05293883d33a9e1ae86d4a158_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cda2e34cc303d805f9eab37aafd42c06_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d2aeb55010deebfd011c079c893d6021_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\deafa6a697828a679c486a3154ed9d24_925a4fb4-66df-46e7-b77f-cc33e7c5bdf6 - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e07096b4508b8beadc1947d176537414_925a4fb4-66df-46e7-b77f-cc33e7c5bdf6 - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee9985f24d75649e39cfd6739de9fd58_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fa7d47c997e27a215c9a31e7caf12a47_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fb90ce6832067751e7ba31c30f6c1b68_925a4fb4-66df-46e7-b77f-cc33e7c5bdf6 - error opening [4]
D:\System Volume Information\{03fe6b96-4052-11e0-9739-1c6f658039cf}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
D:\System Volume Information\{2ab80707-4044-11e0-bd29-1c6f658039cf}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
D:\System Volume Information\{357fbd12-4050-11e0-9df4-1c6f658039cf}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
D:\System Volume Information\{bb08081a-405e-11e0-9862-1c6f658039cf}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
D:\System Volume Information\{bb080820-405e-11e0-9862-1c6f658039cf}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0430845f886ab2b4f1f6da72720b2958_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\07d95af6f475b4a23b895fc1eb3a5da6_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0fe65a13462efb131885f052c7fb331c_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3b1213e8bf842a85c19568f6087a41af_4ef0ed91-7bac-430a-86a7-6d91bdebcd5a - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\43929af2bccb3c2998ca91203a76e9f4_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4a436de49ae8be01d70b76dd8d543014_4ef0ed91-7bac-430a-86a7-6d91bdebcd5a - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5a89df99e7da60ffeb06f65928af2bb1_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5cf36cc24611742a122084dc607f64fc_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\76ff4574a1bb4211ca86521d2fedec67_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7d7b96bac15eaa89fd40d79dcb1a32b3_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\86f77345b7537be468969c595592a8e5_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a99b4b0f915db1102591841fe634f31b_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b553533ed7f3b4ca105f40eb725efd99_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cc5ebdf05293883d33a9e1ae86d4a158_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cda2e34cc303d805f9eab37aafd42c06_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d2aeb55010deebfd011c079c893d6021_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e69452511afecf2e4cb30425e47d9717_4ef0ed91-7bac-430a-86a7-6d91bdebcd5a - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ee9985f24d75649e39cfd6739de9fd58_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fa7d47c997e27a215c9a31e7caf12a47_ab348962-387a-4b1a-9c3e-fd053324275e - error opening [4]
D:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
D:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]
D:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
D:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
D:\Users\All Users\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - error opening [4]
D:\Users\Ethan\AppData\Local\Temp\~DFBA1D085BE5AE787B.TMP - error opening [4]
D:\Users\Ethan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-24-2011 - 12-28-56.SBU » ZIP » backup.db - error - password-protected file
D:\Users\Ethan\Desktop\ESET Smart Security\Shahed.exe » AUTOIT » script.au3 - Win32/Packed.Autoit.D.Gen potentially unwanted application
D:\Users\Ethan\Downloads\jxpiinstall.exe » CAB » jusched - archive damaged - the file could not be extracted.
D:\Users\Ethan\Downloads\jxpiinstall.exe » CAB » task.xml - next archive volume not found
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Audio/Cling.ogg - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Audio/Cool (short).ogg - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Audio/Rabble.ogg - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Audio/too_late.ogg - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/autorun.cdd - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Buttons/Kapat_1.Btn - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Buttons/Task_6.Btn - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Buttons/Vista Start Big.Btn - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/data/pktokens/pkeyconfig.xrm-ms - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/data/pktokens/Readme.txt - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/data/pktokens/tokens.dat - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/get_debuglog.cmd - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Icons/Se7ven Activator101.ico - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Images/630_1.png - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Images/Untitled_1.png - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Images/Untitled-1_2.gif - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/Images/Untitled-3.gif - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/install_w7ldr.exe - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/README.txt - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/remove_w7ldr.exe - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » AutoPlay/test.bat - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » autorun.exe - error - password-protected file
D:\Users\Public\Desktop\Windows7 Activators(optional)\xp&vista&seven.exe » UPX v13_m14 » BAT2EXE » w7e.q37 » ZIP » Se7ven Activator101.ico - error - password-protected file
D:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat - error opening [4]
D:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1 - error opening [4]
D:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2 - error opening [4]
D:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{1388ad4e-dd81-11de-a6c8-000c293ee979}.TM.blf - error opening [4]
D:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{1388ad4e-dd81-11de-a6c8-000c293ee979}.TMContainer00000000000000000001.regtrans-ms - error opening [4]
D:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{1388ad4e-dd81-11de-a6c8-000c293ee979}.TMContainer00000000000000000002.regtrans-ms - error opening [4]
Number of scanned objects: 333714
Number of threats found: 5
Number of cleaned objects: 0
Time of completion: 6:50:11 PM Total scanning time: 10875 sec (03:01:15)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.
[7] Object is probably infected with an unknown virus.

#3 ehammer85

ehammer85
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 25 February 2011 - 11:23 AM

OTL

OTL logfile created on: 2/24/2011 23:47:01 - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Ethan\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 205.32 Gb Free Space | 88.17% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 899.32 Gb Free Space | 96.54% Space Free | Partition Type: NTFS
Drive F: | 5.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 465.76 Gb Total Space | 89.62 Gb Free Space | 19.24% Space Free | Partition Type: NTFS

Computer Name: ETHAN-PC | User Name: Ethan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/24 23:44:58 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ethan\Downloads\OTL.exe
PRC - [2009/11/02 21:23:08 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe


========== Modules (SafeList) ==========

MOD - [2011/02/24 23:44:58 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Ethan\Downloads\OTL.exe
MOD - [2009/11/25 00:15:36 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 11:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/11/04 09:45:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/04/17 02:47:50 | 001,995,544 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/23 22:28:36 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/02/17 12:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 12:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/11/25 00:17:50 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/11/25 00:17:50 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/11/25 00:17:50 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/11/25 00:17:50 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/11/04 10:17:30 | 006,088,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/10/21 14:50:24 | 000,013,872 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmmouse.sys -- (vmmouse)
DRV:64bit: - [2009/10/21 14:47:08 | 000,086,576 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm3dmp.sys -- (vm3dmp)
DRV:64bit: - [2009/10/07 12:26:24 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/09/30 08:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/24 00:47:06 | 000,175,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup)
DRV:64bit: - [2009/09/22 09:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/21 06:48:18 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/20 17:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/26 16:00:00 | 000,056,664 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2009/07/26 16:00:00 | 000,056,096 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2009/07/16 17:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/04 11:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 00:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 10:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/06/25 09:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 08:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 08:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/12 18:19:36 | 000,041,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2) Intel®
DRV:64bit: - [2009/06/12 18:19:32 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/12 06:40:42 | 000,072,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)
DRV:64bit: - [2009/05/04 22:31:00 | 000,025,752 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xfiltx64.sys -- (xfiltx64)
DRV:64bit: - [2009/05/04 22:29:34 | 000,015,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\videX64.sys -- (videX64)
DRV:64bit: - [2009/04/16 04:45:46 | 000,461,320 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR1.sys -- (MegaSR1)
DRV:64bit: - [2009/02/11 09:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/10/09 07:45:26 | 000,018,784 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2008/07/09 08:51:54 | 000,136,192 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viamrx64.sys -- (viamrx64)
DRV:64bit: - [2008/05/15 15:23:21 | 000,028,208 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2008/04/15 08:09:20 | 000,067,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViPrtX64.sys -- (ViPrtX64)
DRV:64bit: - [2008/04/15 08:05:48 | 000,025,240 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViBusX64.sys -- (ViBusX64)
DRV:64bit: - [2008/01/17 22:14:06 | 000,041,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma) Intel®
DRV:64bit: - [2007/11/13 08:47:18 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PnP680.sys -- (Pnp680)
DRV:64bit: - [2007/10/03 08:51:00 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2007/10/03 08:50:52 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2007/10/03 08:50:26 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2007/06/01 03:29:06 | 000,330,544 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3531.sys -- (Si3531)
DRV:64bit: - [2007/05/11 11:01:10 | 000,070,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2007/04/11 15:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE) Driver for Intel®
DRV:64bit: - [2007/04/11 15:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE) Driver for Intel®
DRV:64bit: - [2007/04/11 08:02:42 | 000,163,632 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114r.sys -- (SI3114r)
DRV:64bit: - [2007/02/01 09:53:08 | 000,164,656 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3112r.sys -- (SI3112r)
DRV:64bit: - [2007/01/24 10:07:08 | 000,064,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SISAGPX.SYS -- (SISAGP)
DRV:64bit: - [2006/11/10 04:48:48 | 000,099,120 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114.sys -- (SI3114)
DRV:64bit: - [2006/11/02 09:25:04 | 000,113,456 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3124.sys -- (SI3124)
DRV:64bit: - [2006/11/01 00:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006/09/20 04:38:28 | 000,334,640 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5)
DRV:64bit: - [2006/09/18 07:26:04 | 000,093,472 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hptmv.sys -- (hptmv)
DRV:64bit: - [2005/09/22 17:20:00 | 000,059,392 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\SAVRKBootTasks.sys -- (SAVRKBootTasks)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/11 06:25:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/24 15:05:33 | 000,000,000 | ---D | M]

[2011/02/23 22:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ethan\AppData\Roaming\Mozilla\Extensions
[2011/02/23 22:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ethan\AppData\Roaming\Mozilla\Firefox\Profiles\hajpm4y3.default\extensions
[2011/02/24 03:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ethan\AppData\Roaming\Mozilla\Firefox\Profiles\utk2t92d.default\extensions
[2011/02/24 15:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/24 15:05:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/02/24 14:07:55 | 000,000,050 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll (Stardock.net, Inc)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/11 22:01:17 | 000,000,045 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/02/24 22:59:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/24 20:53:13 | 000,000,000 | ---D | C] -- C:\Users\Ethan\Desktop\New folder
[2011/02/24 20:35:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/24 20:28:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/24 19:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2011/02/24 19:12:01 | 001,683,456 | ---- | C] (DVD Shrink) -- C:\Users\Ethan\Desktop\DVD Shrink 3.2.exe
[2011/02/24 15:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/02/24 15:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/02/24 15:05:33 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/02/24 15:05:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/02/24 15:05:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/02/24 15:05:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/02/24 15:01:06 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/02/24 14:07:55 | 000,000,000 | ---D | C] -- C:\_OTS
[2011/02/24 13:51:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/24 13:51:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/24 13:51:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/24 13:51:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/24 13:51:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/24 13:44:52 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2011/02/24 13:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/02/24 13:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/02/24 09:34:46 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\SUPERAntiSpyware.com
[2011/02/24 09:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/02/24 09:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/02/24 09:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/02/24 09:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/24 04:04:28 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\Malwarebytes
[2011/02/24 04:04:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/02/24 04:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/24 04:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/24 04:04:21 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/02/24 04:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/02/24 03:52:42 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\Macromedia
[2011/02/24 03:52:42 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\Adobe
[2011/02/24 00:58:19 | 000,000,000 | ---D | C] -- C:\Diskeeper
[2011/02/24 00:20:05 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/02/24 00:19:45 | 000,363,008 | R--- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011/02/24 00:19:45 | 000,198,656 | R--- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011/02/24 00:19:45 | 000,095,744 | R--- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011/02/24 00:19:45 | 000,073,216 | R--- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011/02/24 00:19:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011/02/24 00:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/02/24 00:17:46 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2011/02/23 23:46:28 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/02/23 23:19:47 | 000,000,000 | R--D | C] -- C:\Users\Ethan\Virtual Machines
[2011/02/23 23:19:47 | 000,000,000 | R--D | C] -- C:\Users\Ethan\Searches
[2011/02/23 23:19:47 | 000,000,000 | R--D | C] -- C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/02/23 23:19:36 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\Identities
[2011/02/23 23:19:33 | 000,000,000 | R--D | C] -- C:\Users\Ethan\Contacts
[2011/02/23 23:12:21 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\ElevatedDiagnostics
[2011/02/23 22:36:29 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\Mozilla
[2011/02/23 22:36:29 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\Mozilla
[2011/02/23 22:34:25 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\ESET
[2011/02/23 22:34:08 | 000,000,000 | -H-D | C] -- C:\Users\Ethan\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/02/23 22:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/23 22:29:47 | 000,000,000 | R--D | C] -- C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/02/23 22:29:46 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities
[2011/02/23 22:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Yamicsoft
[2011/02/23 22:29:28 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Manager
[2011/02/23 22:29:22 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/02/23 22:29:21 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\Notepad++
[2011/02/23 22:29:16 | 000,000,000 | R--D | C] -- C:\Users\Ethan\Videos
[2011/02/23 22:29:16 | 000,000,000 | R--D | C] -- C:\Users\Ethan\Saved Games
[2011/02/23 22:29:16 | 000,000,000 | R--D | C] -- C:\Users\Ethan\Pictures
[2011/02/23 22:29:16 | 000,000,000 | R--D | C] -- C:\Users\Ethan\Music
[2011/02/23 22:29:16 | 000,000,000 | R--D | C] -- C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/02/23 22:29:16 | 000,000,000 | R--D | C] -- C:\Users\Ethan\Links
[2011/02/23 22:29:16 | 000,000,000 | R--D | C] -- C:\Users\Ethan\Favorites
[2011/02/23 22:29:16 | 000,000,000 | R--D | C] -- C:\Users\Ethan\Downloads
[2011/02/23 22:29:16 | 000,000,000 | R--D | C] -- C:\Users\Ethan\My Documents
[2011/02/23 22:29:16 | 000,000,000 | R--D | C] -- C:\Users\Ethan\Desktop
[2011/02/23 22:29:16 | 000,000,000 | R--D | C] -- C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/02/23 22:29:16 | 000,000,000 | -HSD | C] -- C:\Users\Ethan\AppData\Local\Temporary Internet Files
[2011/02/23 22:29:16 | 000,000,000 | -HSD | C] -- C:\Users\Ethan\Templates
[2011/02/23 22:29:16 | 000,000,000 | -HSD | C] -- C:\Users\Ethan\Start Menu
[2011/02/23 22:29:16 | 000,000,000 | -HSD | C] -- C:\Users\Ethan\SendTo
[2011/02/23 22:29:16 | 000,000,000 | -HSD | C] -- C:\Users\Ethan\Recent
[2011/02/23 22:29:16 | 000,000,000 | -HSD | C] -- C:\Users\Ethan\PrintHood
[2011/02/23 22:29:16 | 000,000,000 | -HSD | C] -- C:\Users\Ethan\NetHood
[2011/02/23 22:29:16 | 000,000,000 | -HSD | C] -- C:\Users\Ethan\Documents\My Videos
[2011/02/23 22:29:16 | 000,000,000 | -HSD | C] -- C:\Users\Ethan\Documents\My Pictures
[2011/02/23 22:29:16 | 000,000,000 | -HSD | C] -- C:\Users\Ethan\Documents\My Music
[2011/02/23 22:29:16 | 000,000,000 | -HSD | C] -- C:\Users\Ethan\My Documents
[2011/02/23 22:29:16 | 000,000,000 | -HSD | C] -- C:\Users\Ethan\Local Settings
[2011/02/23 22:29:16 | 000,000,000 | -HSD | C] -- C:\Users\Ethan\AppData\Local\History
[2011/02/23 22:29:16 | 000,000,000 | -HSD | C] -- C:\Users\Ethan\Cookies
[2011/02/23 22:29:16 | 000,000,000 | -HSD | C] -- C:\Users\Ethan\Application Data
[2011/02/23 22:29:16 | 000,000,000 | -HSD | C] -- C:\Users\Ethan\AppData\Local\Application Data
[2011/02/23 22:29:16 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\Temp
[2011/02/23 22:29:16 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\Microsoft
[2011/02/23 22:29:16 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Roaming\Media Center Programs
[2011/02/23 22:29:13 | 000,000,000 | --SD | C] -- C:\Users\Ethan\AppData\Roaming\Microsoft
[2011/02/23 22:29:13 | 000,000,000 | -H-D | C] -- C:\Users\Ethan\AppData

========== Files - Modified Within 30 Days ==========

[2011/02/24 23:49:43 | 000,727,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/24 23:49:43 | 000,625,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/24 23:49:43 | 000,108,104 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/24 23:49:14 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/24 23:49:13 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/24 23:42:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/24 00:22:28 | 000,040,251 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/02/24 00:22:28 | 000,040,251 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/02/24 00:21:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/02/24 00:20:01 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2011/02/24 00:19:35 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/02/23 23:30:50 | 000,001,441 | ---- | M] () -- C:\Users\Ethan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/23 22:28:36 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011/02/02 21:40:39 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/02/02 21:40:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/02/02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/02/02 21:40:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

========== Files Created - No Company Name ==========

[2011/02/24 13:51:34 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/24 13:51:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/24 13:51:34 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/24 13:51:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/24 13:51:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/24 00:21:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/02/24 00:20:01 | 000,188,416 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2011/02/24 00:20:01 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/02/24 00:20:01 | 000,088,064 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2011/02/24 00:20:01 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/02/24 00:20:01 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2011/02/24 00:19:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/23 23:30:50 | 000,001,441 | ---- | C] () -- C:\Users\Ethan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/23 23:19:53 | 000,001,413 | ---- | C] () -- C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/02/23 23:19:50 | 000,001,447 | ---- | C] () -- C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/02/23 22:29:16 | 000,000,290 | ---- | C] () -- C:\Users\Ethan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/02/23 22:29:16 | 000,000,272 | ---- | C] () -- C:\Users\Ethan\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/02/23 22:28:36 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2009/12/11 06:25:19 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/12/11 06:25:18 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/12/11 06:25:18 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/12/11 06:25:18 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/12/11 06:25:16 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/11/29 14:30:01 | 000,745,340 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/29 12:38:10 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/11/05 23:28:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2011/02/23 22:34:25 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\ESET
[2011/02/23 22:29:22 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Notepad++
[2009/07/13 23:08:49 | 000,007,920 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/02/23 23:30:50 | 000,000,221 | -HS- | M] () -- C:\Users\Ethan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2006/03/21 12:36:16 | 001,683,456 | ---- | M] (DVD Shrink) -- C:\Users\Ethan\Desktop\DVD Shrink 3.2.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2009/11/02 21:23:07 | 000,120,280 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2009/11/02 21:23:08 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2009/11/02 21:23:20 | 000,244,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/02/23 23:19:52 | 000,000,402 | -HS- | M] () -- C:\Users\Ethan\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >
[2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) -- C:\Windows\SysWOW64\SAVRKBootTasks.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %SYSTEMDRIVE%\*.* >
[2011/02/24 20:35:46 | 000,018,679 | ---- | M] () -- C:\ComboFix.txt
[2005/09/22 13:09:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/02/24 23:41:55 | 2144,919,552 | -HS- | M] () -- C:\pagefile.sys
[2011/02/24 12:35:52 | 000,002,518 | ---- | M] () -- C:\rapport.txt

< %PROGRAMFILES%\*. >
[2009/11/29 12:42:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2009/12/11 06:22:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner
[2011/02/24 20:30:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2009/11/29 14:29:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/02/24 15:05:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2009/12/11 06:25:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\K-Lite Codec Pack
[2011/02/24 04:04:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/11/29 13:51:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Messenger Plus! Live
[2009/11/29 12:32:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2009/11/29 12:30:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/02/24 23:43:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2009/12/06 18:54:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
[2011/02/23 22:29:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Notepad++
[2009/12/11 06:26:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Opera
[2009/11/29 12:34:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reapers CPL Pack
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/02/24 13:04:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sophos
[2009/11/29 13:55:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Stardock
[2009/11/29 12:47:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\UltraISO
[2009/07/13 22:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/12/06 16:10:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Universal Extractor
[2009/11/29 14:24:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2009/11/29 12:52:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2009/11/25 00:26:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/13 23:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2009/11/25 00:18:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Virtual PC
[2009/12/08 20:34:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!

< %appdata%\*.* >


< MD5 for: AGP440.SYS >
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_e8ae2662e553ad0f\AGP440.sys
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.20551_none_16adec2ff16ac3e3\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a5210cb0540e395e\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20545_none_39e1f82254380270\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTOR.SYS >
[2009/02/11 09:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009/02/11 09:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e0c941a8b0e04b56\iaStor.sys
[2009/02/11 09:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_7009a7672ee571e2\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009/07/13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/11/25 00:20:59 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=132DFCE35CFE831BA59E6359E1673CE3 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009/11/25 00:20:59 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=132DFCE35CFE831BA59E6359E1673CE3 -- C:\Windows\SysNative\scecli.dll
[2009/11/25 00:20:59 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=132DFCE35CFE831BA59E6359E1673CE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.20527_none_94cf52d00bb79db2\scecli.dll
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 19:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2009/11/25 00:20:59 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=53B13B258970B6B5A1FE09F26EB3B3A6 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009/11/25 00:20:59 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=53B13B258970B6B5A1FE09F26EB3B3A6 -- C:\Windows\SysWOW64\scecli.dll
[2009/11/25 00:20:59 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=53B13B258970B6B5A1FE09F26EB3B3A6 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.20527_none_9f23fd2240185fad\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/13 18:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysNative\drivers\USBSTOR.SYS
[2009/07/13 18:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysNative\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009/07/13 18:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

OTL Extra

OTL Extras logfile created on: 2/24/2011 23:47:01 - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Ethan\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 205.32 Gb Free Space | 88.17% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 899.32 Gb Free Space | 96.54% Space Free | Partition Type: NTFS
Drive F: | 5.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 465.76 Gb Total Space | 89.62 Gb Free Space | 19.24% Space Free | Partition Type: NTFS

Computer Name: ETHAN-PC | User Name: Ethan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0908-000001000000}" = 7-Zip 9.08 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D86B6C32-49BD-4A02-9C43-14E497018498}" = Windows 7 Manager
"{DE849015-10C0-4B37-A712-C8419834D42F}" = Diskeeper 2009 Pro Premier
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"CPU-Z" = CPU-Z
"Gpuz" = GPU-Z
"HDTune" = HDTune
"HWMonitor" = HWMonitor
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v3.0.0
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"PC Wizard" = PC Wizard
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 24
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95e9acd7-622b-48f6-9ef8-3fa6777df9ce}" = Nero 9 Trial
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Service Pack 1 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"IconPackager" = IconPackager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Notepad++" = Notepad++
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"UltraISO_is1" = UltraISO Premium V9.35
"Universal Extractor_is1" = Universal Extractor 1.6
"uTorrent" = µTorrent
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/24/2011 17:43:56 | Computer Name = Ethan-PC | Source = MsiInstaller | ID = 11309
Description =

Error - 2/24/2011 17:43:56 | Computer Name = Ethan-PC | Source = MsiInstaller | ID = 11309
Description =

Error - 2/24/2011 17:43:56 | Computer Name = Ethan-PC | Source = MsiInstaller | ID = 11309
Description =

Error - 2/24/2011 17:43:56 | Computer Name = Ethan-PC | Source = MsiInstaller | ID = 11309
Description =

Error - 2/24/2011 17:43:56 | Computer Name = Ethan-PC | Source = MsiInstaller | ID = 11309
Description =

Error - 2/24/2011 17:43:56 | Computer Name = Ethan-PC | Source = MsiInstaller | ID = 11308
Description =

Error - 2/24/2011 17:43:57 | Computer Name = Ethan-PC | Source = MsiInstaller | ID = 11309
Description =

Error - 2/24/2011 17:43:57 | Computer Name = Ethan-PC | Source = MsiInstaller | ID = 11308
Description =

Error - 2/24/2011 21:20:03 | Computer Name = Ethan-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/24/2011 22:48:52 | Computer Name = Ethan-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 12/11/2009 15:27:27 | Computer Name = amit-PC | Source = DCOM | ID = 10010
Description =

Error - 12/11/2009 15:27:57 | Computer Name = amit-PC | Source = DCOM | ID = 10010
Description =

Error - 2/24/2011 02:17:58 | Computer Name = amit-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
johci

Error - 2/24/2011 02:22:32 | Computer Name = amit-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-2147467243.

Error - 2/24/2011 00:26:07 | Computer Name = Ethan-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
johci


< End of report >

MBRCheck

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA785GM-US2H
Logical Drives Mask: 0x0000023d

Kernel Drivers (total 199):
0x02A5F000 \SystemRoot\system32\ntoskrnl.exe
0x02A16000 \SystemRoot\system32\hal.dll
0x00BCE000 \SystemRoot\system32\kdcom.dll
0x00CAC000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CB9000 \SystemRoot\system32\PSHED.dll
0x00CCD000 \SystemRoot\system32\CLFS.SYS
0x00D2B000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DEB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00ED6000 \SystemRoot\System32\Drivers\spcq.sys
0x00E00000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00E09000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00E38000 \SystemRoot\system32\drivers\ACPI.sys
0x00E8F000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E99000 \SystemRoot\system32\drivers\vdrvroot.sys
0x010C4000 \SystemRoot\system32\DRIVERS\pci.sys
0x010F7000 \SystemRoot\System32\drivers\partmgr.sys
0x0110C000 \SystemRoot\system32\drivers\compbatt.sys
0x01115000 \SystemRoot\system32\drivers\BATTC.SYS
0x01121000 \SystemRoot\system32\drivers\volmgr.sys
0x01136000 \SystemRoot\System32\drivers\volmgrx.sys
0x01192000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01199000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x011A9000 \SystemRoot\System32\drivers\mountmgr.sys
0x011C3000 \SystemRoot\system32\drivers\nvraid.sys
0x01000000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01030000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01039000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01063000 \SystemRoot\system32\drivers\amdxata.sys
0x0106E000 \SystemRoot\system32\drivers\vsmraid.sys
0x012DE000 \SystemRoot\system32\drivers\storport.sys
0x01340000 \SystemRoot\system32\drivers\fltmgr.sys
0x0138C000 \SystemRoot\system32\drivers\fileinfo.sys
0x013A0000 \SystemRoot\system32\DRIVERS\SiWinAcc.sys
0x013A9000 \SystemRoot\system32\DRIVERS\xfiltx64.sys
0x0141B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01200000 \SystemRoot\System32\Drivers\msrpc.sys
0x015BE000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0125E000 \SystemRoot\System32\Drivers\cng.sys
0x015D8000 \SystemRoot\System32\drivers\pcw.sys
0x015E9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0162A000 \SystemRoot\system32\drivers\ndis.sys
0x0171C000 \SystemRoot\system32\drivers\NETIO.SYS
0x0177C000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01802000 \SystemRoot\System32\drivers\tcpip.sys
0x017A7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01600000 \SystemRoot\system32\drivers\vmstorfl.sys
0x013B3000 \SystemRoot\system32\drivers\volsnap.sys
0x01610000 \SystemRoot\System32\Drivers\spldr.sys
0x01ADA000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B14000 \SystemRoot\system32\DRIVERS\SiRemFil.sys
0x01B1C000 \SystemRoot\System32\Drivers\mup.sys
0x01B37000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B40000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B7A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01BC6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01BF0000 \SystemRoot\System32\Drivers\Null.SYS
0x01BF9000 \SystemRoot\System32\Drivers\Beep.SYS
0x01A00000 \SystemRoot\System32\drivers\vga.sys
0x01A0E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01A33000 \SystemRoot\System32\drivers\watchdog.sys
0x01A43000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01A4C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01A55000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01A5E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01A69000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01A7A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01A98000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02E36000 \SystemRoot\system32\drivers\afd.sys
0x02EC0000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02F05000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F0E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F34000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x02F48000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02F57000 \SystemRoot\system32\DRIVERS\serial.sys
0x02F74000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02F8F000 \SystemRoot\system32\drivers\vpcvmm.sys
0x02FE6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02E00000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x02E0A000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x04092000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x040E3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x040EF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x040FA000 \SystemRoot\System32\drivers\discache.sys
0x04109000 \SystemRoot\system32\drivers\csc.sys
0x0418C000 \SystemRoot\System32\Drivers\dfsc.sys
0x041AA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x041BB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x041E1000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x041F6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04A93000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x050B5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x051A9000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04A00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04A24000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04A63000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04000000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04A6E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x046D5000 \SystemRoot\system32\DRIVERS\RTL85n64.sys
0x04735000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04773000 \SystemRoot\system32\DRIVERS\fdc.sys
0x04780000 \SystemRoot\system32\DRIVERS\serenum.sys
0x0478C000 \SystemRoot\system32\DRIVERS\parport.sys
0x047A9000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x047B9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x047CF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x047F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04600000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0462F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0464A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0466B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04685000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04690000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0469F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x046AE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0522B000 \SystemRoot\system32\DRIVERS\ks.sys
0x0526E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05280000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x0529D000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x052AC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x052AE000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x052EA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05344000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x0534F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05364000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x05385000 \SystemRoot\system32\drivers\portcls.sys
0x053C2000 \SystemRoot\system32\drivers\drmk.sys
0x053E4000 \SystemRoot\system32\drivers\ksthunk.sys
0x0540B000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x044B9000 \SystemRoot\system32\DRIVERS\udfs.sys
0x0450E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x00070000 \SystemRoot\System32\win32k.sys
0x04529000 \SystemRoot\System32\drivers\Dxapi.sys
0x04535000 \SystemRoot\system32\DRIVERS\monitor.sys
0x04543000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04551000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0456A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04573000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04590000 \SystemRoot\System32\Drivers\RtsUStor.sys
0x045CC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x045D9000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x045E7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04400000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0440C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x04415000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00520000 \SystemRoot\System32\TSDDD.dll
0x00740000 \SystemRoot\System32\cdd.dll
0x04428000 \SystemRoot\system32\drivers\luafv.sys
0x0444B000 \SystemRoot\system32\drivers\WudfPf.sys
0x0446C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02A9E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02AF1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02B04000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02B1C000 \SystemRoot\system32\drivers\HTTP.sys
0x02A00000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02A1E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02A36000 \SystemRoot\system32\drivers\mrxdav.sys
0x02A5E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06030000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0607D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x060A0000 \SystemRoot\system32\drivers\peauth.sys
0x06146000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06151000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0617E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06190000 \SystemRoot\System32\DRIVERS\srv2.sys
0x066BF000 \SystemRoot\System32\DRIVERS\srv.sys
0x77340000 \Windows\System32\ntdll.dll
0x48470000 \Windows\System32\smss.exe
0xFF660000 \Windows\System32\apisetschema.dll
0xFFC30000 \Windows\System32\autochk.exe
0xFF4D0000 \Windows\System32\urlmon.dll
0xFF2C0000 \Windows\System32\ole32.dll
0x77510000 \Windows\System32\psapi.dll
0x77240000 \Windows\System32\user32.dll
0xFF250000 \Windows\System32\gdi32.dll
0xFF1B0000 \Windows\System32\comdlg32.dll
0xFF130000 \Windows\System32\shlwapi.dll
0x77120000 \Windows\System32\kernel32.dll
0xFE3A0000 \Windows\System32\shell32.dll
0xFE380000 \Windows\System32\imagehlp.dll
0x77500000 \Windows\System32\normaliz.dll
0xFE250000 \Windows\System32\wininet.dll
0xFE1D0000 \Windows\System32\difxapi.dll
0xFE0F0000 \Windows\System32\advapi32.dll
0xFDE90000 \Windows\System32\iertutil.dll
0xFDE80000 \Windows\System32\lpk.dll
0xFDDB0000 \Windows\System32\usp10.dll
0xFDD90000 \Windows\System32\sechost.dll
0xFDCF0000 \Windows\System32\clbcatq.dll
0xFDBC0000 \Windows\System32\rpcrt4.dll
0xFDB90000 \Windows\System32\imm32.dll
0xFDA80000 \Windows\System32\msctf.dll
0xFD9E0000 \Windows\System32\msvcrt.dll
0xFD990000 \Windows\System32\ws2_32.dll
0xFD8B0000 \Windows\System32\oleaut32.dll
0xFD860000 \Windows\System32\Wldap32.dll
0xFD850000 \Windows\System32\nsi.dll
0xFD670000 \Windows\System32\setupapi.dll
0xFD630000 \Windows\System32\cfgmgr32.dll

Processes (total 43):
0 System Idle Process
4 System
288 C:\Windows\System32\smss.exe
420 csrss.exe
516 csrss.exe
524 C:\Windows\System32\wininit.exe
572 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
628 C:\Windows\System32\winlogon.exe
744 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\atiesrxx.exe
956 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
116 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\atieclxx.exe
1308 C:\Windows\System32\dwm.exe
1332 C:\Windows\explorer.exe
1416 C:\Windows\System32\svchost.exe
1560 C:\Windows\System32\spoolsv.exe
1596 C:\Windows\System32\svchost.exe
1624 C:\Windows\System32\taskhost.exe
1776 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1804 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
1844 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1900 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1944 C:\Windows\System32\svchost.exe
2428 C:\Windows\System32\SearchIndexer.exe
2832 C:\Program Files\Windows Media Player\wmpnetwk.exe
2964 C:\Windows\System32\svchost.exe
2924 C:\Windows\System32\svchost.exe
3924 C:\Windows\System32\wuauclt.exe
2808 C:\Windows\notepad.exe
2652 C:\Windows\notepad.exe
1640 C:\Windows\System32\audiodg.exe
1816 C:\Windows\System32\SearchProtocolHost.exe
1536 C:\Windows\System32\SearchFilterHost.exe
1120 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3656 C:\Users\Ethan\Downloads\MBRCheck.exe
2016 C:\Windows\System32\conhost.exe
3140 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\J: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive1 Model Number: WDCWD2500JS-00NCB1, Rev: 10.02E02
PhysicalDrive0 Model Number: HitachiHDS721010CLA332, Rev: JP4OA3EA
PhysicalDrive2 Model Number: WD5000AAD External, Rev: 1.75

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: A7CEF36363F5C16CC311122770D0B9723F5430D3
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
465 GB \\.\PhysicalDrive2 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

TDDS Killer

2011/02/25 08:29:19.0330 2488 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/25 08:29:20.0048 2488 ================================================================================
2011/02/25 08:29:20.0048 2488 SystemInfo:
2011/02/25 08:29:20.0048 2488
2011/02/25 08:29:20.0048 2488 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/25 08:29:20.0048 2488 Product type: Workstation
2011/02/25 08:29:20.0048 2488 ComputerName: ETHAN-PC
2011/02/25 08:29:20.0048 2488 UserName: Ethan
2011/02/25 08:29:20.0048 2488 Windows directory: C:\Windows
2011/02/25 08:29:20.0048 2488 System windows directory: C:\Windows
2011/02/25 08:29:20.0048 2488 Running under WOW64
2011/02/25 08:29:20.0048 2488 Processor architecture: Intel x64
2011/02/25 08:29:20.0048 2488 Number of processors: 4
2011/02/25 08:29:20.0048 2488 Page size: 0x1000
2011/02/25 08:29:20.0048 2488 Boot type: Normal boot
2011/02/25 08:29:20.0048 2488 ================================================================================
2011/02/25 08:29:20.0313 2488 Initialize success
2011/02/25 08:29:23.0105 2624 ================================================================================
2011/02/25 08:29:23.0105 2624 Scan started
2011/02/25 08:29:23.0105 2624 Mode: Manual;
2011/02/25 08:29:23.0105 2624 ================================================================================
2011/02/25 08:29:26.0958 2624 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/25 08:29:27.0021 2624 ACPI (b17fc92e0cbce7c0c3f657b866ec7704) C:\Windows\system32\drivers\ACPI.sys
2011/02/25 08:29:27.0052 2624 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
2011/02/25 08:29:27.0099 2624 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
2011/02/25 08:29:27.0161 2624 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
2011/02/25 08:29:27.0177 2624 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
2011/02/25 08:29:27.0239 2624 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/02/25 08:29:27.0255 2624 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/02/25 08:29:27.0286 2624 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/02/25 08:29:27.0348 2624 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/02/25 08:29:27.0364 2624 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
2011/02/25 08:29:27.0411 2624 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/25 08:29:27.0442 2624 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\drivers\amdsata.sys
2011/02/25 08:29:27.0489 2624 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
2011/02/25 08:29:27.0489 2624 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\drivers\amdxata.sys
2011/02/25 08:29:27.0536 2624 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
2011/02/25 08:29:27.0551 2624 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/02/25 08:29:27.0629 2624 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
2011/02/25 08:29:27.0645 2624 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
2011/02/25 08:29:27.0676 2624 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/25 08:29:27.0707 2624 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/25 08:29:27.0754 2624 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2011/02/25 08:29:27.0957 2624 atikmdag (428e352f7cba6be1dc964dcd29de0eab) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/25 08:29:28.0160 2624 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
2011/02/25 08:29:28.0238 2624 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/02/25 08:29:28.0300 2624 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/02/25 08:29:28.0331 2624 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/25 08:29:28.0362 2624 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/25 08:29:28.0394 2624 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
2011/02/25 08:29:28.0425 2624 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
2011/02/25 08:29:28.0487 2624 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/02/25 08:29:28.0503 2624 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/25 08:29:28.0518 2624 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/25 08:29:28.0534 2624 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/25 08:29:28.0550 2624 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
2011/02/25 08:29:28.0628 2624 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/25 08:29:28.0659 2624 cdrom (ec5ae6d60673dd4874c6da1d4ba4cbcb) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/25 08:29:28.0674 2624 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
2011/02/25 08:29:28.0721 2624 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/02/25 08:29:28.0784 2624 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
2011/02/25 08:29:28.0799 2624 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/02/25 08:29:28.0830 2624 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/02/25 08:29:28.0877 2624 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
2011/02/25 08:29:28.0908 2624 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/25 08:29:28.0955 2624 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
2011/02/25 08:29:29.0002 2624 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/02/25 08:29:29.0049 2624 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/02/25 08:29:29.0096 2624 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/02/25 08:29:29.0142 2624 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/02/25 08:29:29.0189 2624 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/02/25 08:29:29.0220 2624 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/25 08:29:29.0252 2624 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/02/25 08:29:29.0361 2624 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
2011/02/25 08:29:29.0517 2624 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
2011/02/25 08:29:29.0548 2624 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/02/25 08:29:29.0626 2624 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/02/25 08:29:29.0657 2624 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/02/25 08:29:29.0688 2624 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/25 08:29:29.0720 2624 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/02/25 08:29:29.0735 2624 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/02/25 08:29:29.0751 2624 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/25 08:29:29.0782 2624 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/02/25 08:29:29.0813 2624 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/02/25 08:29:29.0829 2624 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/25 08:29:29.0860 2624 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/25 08:29:29.0876 2624 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/25 08:29:29.0907 2624 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/25 08:29:29.0938 2624 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/25 08:29:30.0000 2624 HECIx64 (3ce9668e4ad154424b39efac30c49deb) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/02/25 08:29:30.0032 2624 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
2011/02/25 08:29:30.0047 2624 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
2011/02/25 08:29:30.0078 2624 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
2011/02/25 08:29:30.0125 2624 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/25 08:29:30.0172 2624 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
2011/02/25 08:29:30.0203 2624 hptmv (93850720522b3015ce0ab56c78c2b219) C:\Windows\system32\DRIVERS\hptmv.sys
2011/02/25 08:29:30.0250 2624 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/02/25 08:29:30.0266 2624 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/25 08:29:30.0297 2624 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/02/25 08:29:30.0328 2624 IAMTVE (87a72502c8ac5e89b5a46ff6e874f5c5) C:\Windows\system32\DRIVERS\IAMTVE.sys
2011/02/25 08:29:30.0344 2624 IAMTXPE (5516f8e518a2f6a8755498f3e73957cf) C:\Windows\system32\DRIVERS\IAMTXPE.sys
2011/02/25 08:29:30.0453 2624 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\DRIVERS\iaStor.sys
2011/02/25 08:29:30.0515 2624 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\drivers\iaStorV.sys
2011/02/25 08:29:30.0578 2624 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
2011/02/25 08:29:30.0671 2624 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
2011/02/25 08:29:30.0702 2624 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/25 08:29:30.0718 2624 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
2011/02/25 08:29:30.0765 2624 ioatdma (3db35c88389e3a21adeb4a6cfc4075f9) C:\Windows\System32\Drivers\qd260x64.sys
2011/02/25 08:29:30.0780 2624 ioatdma1 (127f0a7586acec7b83131bff2b4394c1) C:\Windows\System32\Drivers\qd162x64.sys
2011/02/25 08:29:30.0796 2624 ioatdma2 (70cc19b5c076f8497cab4a77d6500e8a) C:\Windows\System32\Drivers\qd262x64.sys
2011/02/25 08:29:30.0827 2624 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/25 08:29:30.0890 2624 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
2011/02/25 08:29:30.0921 2624 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/02/25 08:29:30.0968 2624 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/02/25 08:29:30.0983 2624 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/02/25 08:29:31.0014 2624 iScsiPrt (fd05c69275922c516d814bb2a0f264ff) C:\Windows\system32\drivers\msiscsi.sys
2011/02/25 08:29:31.0046 2624 iSSetup (072cd31673f08dbf2992cccc5e78cd66) C:\Windows\system32\DRIVERS\iSSetup.sys
2011/02/25 08:29:31.0077 2624 iteraid (149965167ed18c14f6e080a781684e13) C:\Windows\system32\DRIVERS\iteraid.sys
2011/02/25 08:29:31.0108 2624 johci (148a8e14340e640aca1d316133960d64) C:\Windows\system32\DRIVERS\johci.sys
2011/02/25 08:29:31.0124 2624 JRAID (6ebe4832b1a7c063fdf87035afc1e3dc) C:\Windows\system32\DRIVERS\jraid.sys
2011/02/25 08:29:31.0155 2624 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/25 08:29:31.0155 2624 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/25 08:29:31.0186 2624 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/25 08:29:31.0217 2624 KSecPkg (a8d4f3b3f038a45bce78ce6aeeb7402c) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/25 08:29:31.0248 2624 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/02/25 08:29:31.0295 2624 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/25 08:29:31.0342 2624 LSI_FC (d7b77b486804af25838aa51734f65e2c) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/25 08:29:31.0404 2624 LSI_SAS (7e87030a627fc09f1ae54a491ad58c39) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/25 08:29:31.0420 2624 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
2011/02/25 08:29:31.0451 2624 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/25 08:29:31.0498 2624 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/02/25 08:29:31.0529 2624 megasas (e2e92687f505bf15d07b4315866b4a44) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/25 08:29:31.0560 2624 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
2011/02/25 08:29:31.0592 2624 MegaSR1 (6d884467fdd4ea15040ca0d5d34c067c) C:\Windows\system32\DRIVERS\MegaSR1.sys
2011/02/25 08:29:31.0670 2624 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/02/25 08:29:31.0685 2624 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/25 08:29:31.0701 2624 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/25 08:29:31.0732 2624 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/25 08:29:31.0748 2624 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/02/25 08:29:31.0779 2624 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
2011/02/25 08:29:31.0826 2624 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/25 08:29:31.0841 2624 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/25 08:29:31.0888 2624 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/25 08:29:31.0950 2624 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/25 08:29:31.0982 2624 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/25 08:29:32.0028 2624 msahci (aece1f4818539ed2e567f8796ad971ef) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/25 08:29:32.0060 2624 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
2011/02/25 08:29:32.0091 2624 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/02/25 08:29:32.0106 2624 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/25 08:29:32.0122 2624 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/25 08:29:32.0153 2624 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/25 08:29:32.0153 2624 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/25 08:29:32.0184 2624 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/02/25 08:29:32.0216 2624 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/02/25 08:29:32.0231 2624 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/25 08:29:32.0247 2624 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/02/25 08:29:32.0278 2624 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
2011/02/25 08:29:32.0309 2624 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/02/25 08:29:32.0340 2624 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/02/25 08:29:32.0434 2624 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/25 08:29:32.0481 2624 NDIS (467d2c33b82990603e9e90fe96b034c3) C:\Windows\system32\drivers\ndis.sys
2011/02/25 08:29:32.0543 2624 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/25 08:29:32.0559 2624 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/25 08:29:32.0574 2624 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/25 08:29:32.0606 2624 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/25 08:29:32.0621 2624 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/02/25 08:29:32.0637 2624 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/25 08:29:32.0668 2624 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/25 08:29:32.0699 2624 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
2011/02/25 08:29:32.0730 2624 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/02/25 08:29:32.0746 2624 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/25 08:29:32.0808 2624 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/02/25 08:29:32.0871 2624 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/02/25 08:29:32.0902 2624 nvamacpi (7fd5c060cb907489a5702f628226f54a) C:\Windows\system32\DRIVERS\NVAMACPI.sys
2011/02/25 08:29:32.0980 2624 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\drivers\nvraid.sys
2011/02/25 08:29:32.0996 2624 nvrd64 (694f5e9d9d624d47f432f5b2e66a0528) C:\Windows\system32\DRIVERS\nvrd64.sys
2011/02/25 08:29:33.0027 2624 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/02/25 08:29:33.0042 2624 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\drivers\nvstor.sys
2011/02/25 08:29:33.0074 2624 nvstor64 (05de5dc43afe6cab78f9c7ca044cbcbe) C:\Windows\system32\DRIVERS\nvstor64.sys
2011/02/25 08:29:33.0136 2624 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/02/25 08:29:33.0152 2624 O2MDRDR (a22332e058215eb4835ea3ae6d14bdc3) C:\Windows\system32\DRIVERS\o2mdx64.sys
2011/02/25 08:29:33.0167 2624 O2SDRDR (df014c48015b637790be3eddd1384728) C:\Windows\system32\DRIVERS\o2sdx64.sys
2011/02/25 08:29:33.0198 2624 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/02/25 08:29:33.0230 2624 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/02/25 08:29:33.0245 2624 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/02/25 08:29:33.0276 2624 pci (5aab2b170536885de70a6cba8d7ce52b) C:\Windows\system32\DRIVERS\pci.sys
2011/02/25 08:29:33.0292 2624 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/25 08:29:33.0323 2624 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
2011/02/25 08:29:33.0354 2624 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/02/25 08:29:33.0386 2624 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/02/25 08:29:33.0464 2624 Pnp680 (608a144310828c21ddf745124b10f833) C:\Windows\system32\DRIVERS\pnp680.sys
2011/02/25 08:29:33.0542 2624 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/25 08:29:33.0557 2624 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
2011/02/25 08:29:33.0620 2624 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/25 08:29:33.0698 2624 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
2011/02/25 08:29:33.0760 2624 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
2011/02/25 08:29:33.0791 2624 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/25 08:29:33.0807 2624 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/25 08:29:33.0838 2624 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/25 08:29:33.0869 2624 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/25 08:29:33.0900 2624 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/25 08:29:33.0916 2624 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/25 08:29:33.0947 2624 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/25 08:29:33.0963 2624 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/25 08:29:33.0978 2624 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/25 08:29:34.0010 2624 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/02/25 08:29:34.0041 2624 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/25 08:29:34.0056 2624 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/25 08:29:34.0088 2624 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/02/25 08:29:34.0150 2624 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/02/25 08:29:34.0212 2624 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
2011/02/25 08:29:34.0244 2624 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
2011/02/25 08:29:34.0259 2624 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
2011/02/25 08:29:34.0275 2624 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys
2011/02/25 08:29:34.0290 2624 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
2011/02/25 08:29:34.0322 2624 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
2011/02/25 08:29:34.0353 2624 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/25 08:29:34.0384 2624 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
2011/02/25 08:29:34.0431 2624 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/02/25 08:29:34.0462 2624 RTL85n64 (9269ef78a780a3161087df1bec117dc8) C:\Windows\system32\DRIVERS\RTL85n64.sys
2011/02/25 08:29:34.0509 2624 RTSTOR (af4df7eebbd9093721daef27cc8c1cbc) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/02/25 08:29:34.0571 2624 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\drivers\vms3cap.sys
2011/02/25 08:29:34.0634 2624 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/02/25 08:29:34.0665 2624 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/02/25 08:29:34.0712 2624 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
2011/02/25 08:29:34.0743 2624 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/25 08:29:34.0790 2624 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/25 08:29:34.0821 2624 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/25 08:29:34.0836 2624 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/02/25 08:29:34.0868 2624 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
2011/02/25 08:29:34.0899 2624 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/02/25 08:29:34.0914 2624 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/25 08:29:34.0930 2624 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/25 08:29:34.0946 2624 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
2011/02/25 08:29:34.0992 2624 SI3112r (e2512862265d97db53df788bfa9053a0) C:\Windows\system32\DRIVERS\SI3112r.sys
2011/02/25 08:29:35.0055 2624 SI3114 (ca263222eb177e2e48b86d5eaa3ff75a) C:\Windows\system32\DRIVERS\SI3114.sys
2011/02/25 08:29:35.0070 2624 SI3114r (4891290048ec8f693fc6df66b9cbddde) C:\Windows\system32\DRIVERS\SI3114R.sys
2011/02/25 08:29:35.0102 2624 SI3124 (7fd4f1bb790d21eaeb2101c97178a501) C:\Windows\system32\DRIVERS\SI3124.sys
2011/02/25 08:29:35.0133 2624 Si3124r5 (993e75b5952a642d8407ed252efd8d82) C:\Windows\system32\DRIVERS\Si3124r5.sys
2011/02/25 08:29:35.0164 2624 SI3132 (0f498dee92fd73dd999bae4d506367f5) C:\Windows\system32\DRIVERS\SI3132.sys
2011/02/25 08:29:35.0195 2624 Si3531 (904828d8fb78c353f8ef4e74c75e4534) C:\Windows\system32\DRIVERS\Si3531.sys
2011/02/25 08:29:35.0226 2624 SiFilter (127ce10e01f53f2edaca7fe42e5631ea) C:\Windows\system32\DRIVERS\SiWinAcc.sys
2011/02/25 08:29:35.0242 2624 SiRemFil (b742c37002b8ebef6e230df9b4b28546) C:\Windows\system32\DRIVERS\SiRemFil.sys
2011/02/25 08:29:35.0258 2624 SISAGP (dcd65268f0a44e2062ed3fc86c39ca7e) C:\Windows\system32\DRIVERS\SISAGPX.sys
2011/02/25 08:29:35.0273 2624 SiSRaid2 (c18b076615486eeeebc14aa1bd2162f8) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/25 08:29:35.0289 2624 SiSRaid4 (a836528fa53422956c0dcedb8f58b9ee) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/25 08:29:35.0320 2624 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/02/25 08:29:35.0367 2624 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/02/25 08:29:35.0414 2624 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/02/25 08:29:35.0414 2624 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/02/25 08:29:35.0414 2624 sptd - detected Locked file (1)
2011/02/25 08:29:35.0460 2624 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/25 08:29:35.0492 2624 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/25 08:29:35.0554 2624 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/25 08:29:35.0601 2624 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
2011/02/25 08:29:35.0679 2624 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\drivers\vmstorfl.sys
2011/02/25 08:29:35.0694 2624 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\drivers\storvsc.sys
2011/02/25 08:29:35.0710 2624 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/25 08:29:35.0866 2624 Tcpip (542c6767c68c9d6aaaca59436b0d15c2) C:\Windows\system32\drivers\tcpip.sys
2011/02/25 08:29:35.0991 2624 TCPIP6 (542c6767c68c9d6aaaca59436b0d15c2) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/25 08:29:36.0038 2624 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/25 08:29:36.0084 2624 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/02/25 08:29:36.0100 2624 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/02/25 08:29:36.0131 2624 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/25 08:29:36.0147 2624 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/25 08:29:36.0272 2624 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/25 08:29:36.0318 2624 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/25 08:29:36.0350 2624 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
2011/02/25 08:29:36.0396 2624 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/25 08:29:36.0443 2624 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/25 08:29:36.0459 2624 umbus (66d3a0c00a2b5e173d3ee8707b9983eb) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/25 08:29:36.0474 2624 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
2011/02/25 08:29:36.0506 2624 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/25 08:29:36.0537 2624 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/02/25 08:29:36.0552 2624 usbehci (540fff4a65d1ca38c4be480c5a5d0a14) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/25 08:29:36.0677 2624 usbhub (14d462dcf487fe70e804e47d39105f21) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/25 08:29:36.0693 2624 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/25 08:29:36.0755 2624 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
2011/02/25 08:29:36.0771 2624 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/25 08:29:36.0786 2624 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/25 08:29:36.0833 2624 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/02/25 08:29:36.0864 2624 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/25 08:29:36.0880 2624 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/02/25 08:29:36.0911 2624 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
2011/02/25 08:29:37.0052 2624 viaagp1 (8b1ea4185548812d8a4bbb7bf54bf2d5) C:\Windows\system32\DRIVERS\viaagp1.sys
2011/02/25 08:29:37.0098 2624 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/02/25 08:29:37.0145 2624 viamrx64 (d0f2587aca932d5c1bc0f949cb76ebb1) C:\Windows\system32\DRIVERS\viamrx64.sys
2011/02/25 08:29:37.0176 2624 ViBusX64 (fbaef6f9da7eec642be397bdac37f265) C:\Windows\system32\DRIVERS\ViBusX64.sys
2011/02/25 08:29:37.0192 2624 videX64 (5c0ae0fc169a23b0c98ee023c09d30a5) C:\Windows\system32\DRIVERS\videX64.sys
2011/02/25 08:29:37.0208 2624 ViPrtX64 (9bc4396aad0f426662db535889d073a1) C:\Windows\system32\DRIVERS\ViPrtX64.sys
2011/02/25 08:29:37.0254 2624 vm3dmp (8d960f38c444d21e49497c8471e3ed80) C:\Windows\system32\DRIVERS\vm3dmp.sys
2011/02/25 08:29:37.0286 2624 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\drivers\vmbus.sys
2011/02/25 08:29:37.0317 2624 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\drivers\VMBusHID.sys
2011/02/25 08:29:37.0332 2624 vmci (f4da273db364b14877f28938dcd6c2c3) C:\Windows\system32\DRIVERS\vmci.sys
2011/02/25 08:29:37.0364 2624 vmmouse (181c7ced01ff74cbe3590b033a60d02c) C:\Windows\system32\DRIVERS\vmmouse.sys
2011/02/25 08:29:37.0379 2624 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
2011/02/25 08:29:37.0426 2624 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/02/25 08:29:37.0473 2624 volsnap (0933f269b1725062a4f7ce4346300888) C:\Windows\system32\drivers\volsnap.sys
2011/02/25 08:29:37.0520 2624 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/02/25 08:29:37.0582 2624 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/02/25 08:29:37.0613 2624 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/02/25 08:29:37.0660 2624 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
2011/02/25 08:29:37.0707 2624 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
2011/02/25 08:29:37.0722 2624 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/02/25 08:29:37.0769 2624 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
2011/02/25 08:29:37.0785 2624 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/25 08:29:37.0800 2624 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/25 08:29:37.0847 2624 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
2011/02/25 08:29:37.0878 2624 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/25 08:29:37.0956 2624 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/25 08:29:37.0972 2624 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/02/25 08:29:38.0034 2624 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/25 08:29:38.0066 2624 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/25 08:29:38.0112 2624 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/02/25 08:29:38.0190 2624 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/25 08:29:38.0237 2624 xfiltx64 (5c2213ee5c1fad7636ff5def24cf21dc) C:\Windows\system32\DRIVERS\xfiltx64.sys
2011/02/25 08:29:38.0268 2624 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/25 08:29:38.0300 2624 ================================================================================
2011/02/25 08:29:38.0300 2624 Scan finished
2011/02/25 08:29:38.0300 2624 ================================================================================
2011/02/25 08:29:38.0300 1420 Detected object count: 2
2011/02/25 08:29:57.0129 1420 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/02/25 08:29:57.0129 1420 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/02/25 08:29:57.0129 1420 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
2011/02/25 08:29:57.0129 1420 Locked file(sptd) - User select action: Quarantine
2011/02/25 08:29:57.0191 1420 \HardDisk0 - will be cured after reboot
2011/02/25 08:29:57.0222 1420 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/25 08:30:00.0686 2480 Deinitialize success

Combofix

ComboFix 11-02-24.01 - Ethan 02/24/2011 20:29:24.2.4 - x64
Microsoft Windows 7 Extreme Edition R1 - x64 6.1.7600.0.1252.1.1033.18.2046.1103 [GMT -6:00]
Running from: c:\users\Ethan\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 )))))))))))))))))))))))))))))))
.

2011-02-25 02:31 . 2011-02-25 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-25 01:12 . 2011-02-25 02:09 -------- d-----w- c:\programdata\DVD Shrink
2011-02-24 21:05 . 2011-02-24 21:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-02-24 21:05 . 2011-02-03 03:40 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-24 21:05 . 2011-02-03 03:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-24 21:01 . 2011-02-24 21:01 -------- d-----w- c:\windows\Sun
2011-02-24 20:07 . 2011-02-24 20:07 -------- d-----w- C:\_OTS
2011-02-24 19:44 . 2010-05-26 16:45 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2011-02-24 19:04 . 2011-02-24 19:04 -------- d-----w- c:\program files (x86)\Sophos
2011-02-24 15:34 . 2011-02-24 15:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-02-24 15:34 . 2011-02-24 15:34 -------- d-----w- c:\programdata\!SASCORE
2011-02-24 15:34 . 2011-02-24 15:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-24 10:38 . 2011-02-02 23:10 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FD20000-2581-460D-8E6B-029B6E29C523}\mpengine.dll
2011-02-24 10:04 . 2011-02-24 10:04 -------- d-----w- c:\programdata\Malwarebytes
2011-02-24 10:04 . 2010-12-21 00:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-24 10:04 . 2011-02-24 10:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-24 10:04 . 2010-12-21 00:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-24 06:58 . 2011-02-24 06:58 -------- d-----w- C:\Diskeeper
2011-02-24 06:20 . 2008-12-04 19:59 188416 ----a-w- c:\windows\system32\APOMgr64.DLL
2011-02-24 06:20 . 2008-12-04 19:57 146432 ----a-w- c:\windows\SysWow64\APOMngr.DLL
2011-02-24 06:20 . 2008-09-17 22:07 88064 ----a-w- c:\windows\system32\CmdRtr64.DLL
2011-02-24 06:20 . 2008-09-17 22:05 72704 ----a-w- c:\windows\SysWow64\CmdRtr.DLL
2011-02-24 06:19 . 2009-11-13 09:46 95744 ----a-r- c:\windows\system32\RTEEL64A.dll
2011-02-24 06:19 . 2009-11-13 09:46 73216 ----a-r- c:\windows\system32\RTEEG64A.dll
2011-02-24 06:19 . 2009-11-13 09:46 363008 ----a-r- c:\windows\system32\RTEEP64A.dll
2011-02-24 06:19 . 2009-11-13 09:46 198656 ----a-r- c:\windows\system32\RTEED64A.dll
2011-02-24 06:19 . 2011-02-24 06:19 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-02-24 06:19 . 2011-02-24 06:19 -------- d-----w- c:\program files\Realtek
2011-02-24 06:19 . 2011-02-24 06:19 0 ----a-w- c:\windows\ativpsrm.bin
2011-02-24 04:30 . 2011-02-24 04:30 -------- d-----w- c:\program files\ESET
2011-02-24 04:29 . 2011-02-24 04:29 -------- d-----w- c:\program files\Yamicsoft
2011-02-24 04:28 . 2011-02-24 05:19 -------- d-----w- c:\users\Ethan
2011-02-24 04:28 . 2011-02-24 04:28 834544 ----a-w- c:\windows\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 23:11 . 2009-11-29 18:37 270720 ------w- c:\windows\system32\MpSigStub.exe
.

------- Sigcheck -------

[-] 2009-11-28 . 962D7F8605679A5551B55D0BDA274098 . 2834432 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2009-11-25 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\SysWOW64\explorer.exe
[7] 2009-11-25 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[7] 2009-11-25 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-11-25 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[7] 2009-11-25 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2009-11-25 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[7] 2009-11-25 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-11-25 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[7] 2009-11-25 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-02-24_19.57.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-30 06:36 . 2011-02-24 21:42 17266 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-25 01:06 53152 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-02-24 06:25 . 2011-02-24 18:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-24 06:25 . 2011-02-25 01:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-24 06:25 . 2011-02-24 18:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-25 01:19 . 2011-02-25 01:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-24 18:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-25 01:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-29 18:18 . 2011-02-25 02:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-29 18:18 . 2011-02-24 19:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-29 18:18 . 2011-02-24 20:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-29 18:18 . 2011-02-24 06:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-24 04:35 . 2011-02-25 01:06 3620 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1653085160-4157564944-4283264806-1005_UserData.bin
+ 2011-02-25 02:33 . 2011-02-25 02:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-02-24 19:57 . 2011-02-24 19:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-24 21:05 . 2011-02-03 03:40 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-02-24 21:05 . 2011-02-03 03:40 145184 c:\windows\SysWOW64\javaw.exe
- 2009-11-29 18:40 . 2009-11-29 18:40 145184 c:\windows\SysWOW64\javaw.exe
- 2009-11-29 18:40 . 2009-11-29 18:40 145184 c:\windows\SysWOW64\java.exe
+ 2011-02-24 21:05 . 2011-02-03 03:40 145184 c:\windows\SysWOW64\java.exe
- 2009-07-14 02:36 . 2011-02-24 19:51 625482 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-02-25 01:12 625482 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-02-24 19:51 108104 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-02-25 01:12 108104 c:\windows\system32\perfc009.dat
+ 2011-02-24 21:05 . 2011-02-24 21:05 183808 c:\windows\Installer\325688.msi
- 2009-07-14 02:34 . 2011-02-24 18:44 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-02-24 20:23 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-04-05 13:06 . 2009-04-05 13:06 1217536 c:\windows\Installer\18910.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2008-10-09 18784]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2007-05-11 70424]
R3 hptmv;hptmv;c:\windows\system32\DRIVERS\hptmv.sys [2006-09-18 93472]
R3 IAMTVE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys [2007-04-11 43416]
R3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys [2007-04-11 51096]
R3 ioatdma;Intel® QuickData Technology device;c:\windows\System32\Drivers\qd260x64.sys [2008-01-18 41096]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [2009-06-13 40144]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [2009-06-13 41680]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [2009-09-24 175328]
R3 MegaSR1;MegaSR1;c:\windows\system32\DRIVERS\MegaSR1.sys [2009-04-16 461320]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\69DD.tmp [x]
R3 nvamacpi;nvamacpi;c:\windows\system32\DRIVERS\NVAMACPI.sys [2009-07-16 28192]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [2009-07-26 56664]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [2009-07-26 56096]
R3 Pnp680;Pnp680;c:\windows\system32\DRIVERS\pnp680.sys [2007-11-13 80424]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-04 55808]
R3 SI3112r;SI3112r;c:\windows\system32\DRIVERS\SI3112r.sys [2007-02-01 164656]
R3 SI3114;SI3114;c:\windows\system32\DRIVERS\SI3114.sys [2006-11-10 99120]
R3 SI3124;SI3124;c:\windows\system32\DRIVERS\SI3124.sys [2006-11-02 113456]
R3 Si3124r5;Si3124r5;c:\windows\system32\DRIVERS\Si3124r5.sys [2006-09-20 334640]
R3 Si3531;Si3531;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 330544]
R3 viamrx64;viamrx64;c:\windows\system32\DRIVERS\viamrx64.sys [2008-07-09 136192]
R3 ViBusX64;ViBusX64;c:\windows\system32\DRIVERS\ViBusX64.sys [2008-04-15 25240]
R3 videX64;videX64;c:\windows\system32\DRIVERS\videX64.sys [2009-05-05 15000]
R3 ViPrtX64;ViPrtX64;c:\windows\system32\DRIVERS\ViPrtX64.sys [2008-04-15 67224]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [2009-10-21 86576]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2008-05-15 28208]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [2009-10-21 13872]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-24 834544]
S0 xfiltx64;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfiltx64.sys [2009-05-05 25752]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-04 202752]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 225280]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2009-06-10 378368]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 9608224]
.
------- Supplementary Scan -------
.
uStart Page = www.win7extreme.project-os.org
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\Ethan\AppData\Roaming\Mozilla\Firefox\Profiles\utk2t92d.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\69DD.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-24 20:35:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-25 02:35
ComboFix2.txt 2011-02-24 19:59

Pre-Run: 221,155,090,432 bytes free
Post-Run: 220,963,487,744 bytes free

- - End Of File - - AF4D2A17FE08C57D8720871EAF88AB8B

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:17 PM

Posted 25 February 2011 - 02:01 PM

Hello having run ComboFix we need to see that along with these logs.

Please go here....
Virus, Trojan, Spyware, and Malware Removal Logs and repost,thanks.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 ehammer85

ehammer85
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 26 February 2011 - 01:23 PM

used active@ killdisk and everything seems to be working now....problem solved....

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:17 PM

Posted 26 February 2011 - 09:21 PM

Reformatting will always work ,Thanks for lettting us know.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users