Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot.Tidserv Norton Cannot Remove


  • This topic is locked This topic is locked
28 replies to this topic

#1 alza6991

alza6991

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 22 May 2011 - 03:58 AM

Hello, yesterday I had downloaded a few exe's that Norton said were safe, but when I ran them, SONAR popped up a warning, and it said they were successfully removed. I said fine, I didnt try to use them again.
Today when I turned my computer on, Norton popped up with a warning message saying that:
____________________________
____________________________
On computers as of:
Not Available
Last Used:
22/05/2011 at 6:34:50 PM
Startup Item:
No
Launched:
No
____________________________
____________________________
Unknown
Number of users in the Norton Community that have used this file: Unknown
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
____________________________
Origin
Downloaded from URL Not Available

____________________________
Suspicious Actions
Master boot record infection: Drive 0x80
Remove Failed
____________________________
File Thumbprint - SHA:
Not Available
____________________________
File Thumbprint - MD5:
Not Available
____________________________

It would not tell me the origin of the file, and I couldnt find any recent files that were infected, so I tried to get it to repair again but it didnt work. I ran Norton Power Eraser, but It didnt find any problems (I had to run without restarting, because when i tried to restart it wouldn't start the power cleaner again).

I don't know what to do, can someone please help me?

BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:14 PM

Posted 22 May 2011 - 05:36 AM

Hello alza6991 ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.





Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    Posted Image
  • If an malicious object is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • Select Skip to the sptd.sys.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Regards,
Georgi

cXfZ4wS.png


#3 alza6991

alza6991
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 22 May 2011 - 06:45 AM

2011/05/22 19:00:23.0634 5716 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/22 19:00:25.0615 5716 ================================================================================
2011/05/22 19:00:25.0615 5716 SystemInfo:
2011/05/22 19:00:25.0615 5716
2011/05/22 19:00:25.0615 5716 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/22 19:00:25.0615 5716 Product type: Workstation
2011/05/22 19:00:25.0615 5716 ComputerName: ALEN-PC
2011/05/22 19:00:25.0615 5716 UserName: Alen
2011/05/22 19:00:25.0615 5716 Windows directory: C:\Windows
2011/05/22 19:00:25.0615 5716 System windows directory: C:\Windows
2011/05/22 19:00:25.0615 5716 Processor architecture: Intel x86
2011/05/22 19:00:25.0615 5716 Number of processors: 2
2011/05/22 19:00:25.0615 5716 Page size: 0x1000
2011/05/22 19:00:25.0615 5716 Boot type: Normal boot
2011/05/22 19:00:25.0615 5716 ================================================================================
2011/05/22 19:00:26.0426 5716 Initialize success
2011/05/22 19:00:41.0745 6468 ================================================================================
2011/05/22 19:00:41.0745 6468 Scan started
2011/05/22 19:00:41.0745 6468 Mode: Manual;
2011/05/22 19:00:41.0745 6468 ================================================================================
2011/05/22 19:00:42.0962 6468 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/22 19:00:43.0040 6468 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/22 19:00:43.0103 6468 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/22 19:00:43.0134 6468 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/22 19:00:43.0196 6468 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/22 19:00:43.0274 6468 AF15BDA (ff5b096ed47c080870eacdab2de33ad6) C:\Windows\system32\DRIVERS\AF15BDA.sys
2011/05/22 19:00:43.0321 6468 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/22 19:00:43.0368 6468 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/22 19:00:43.0415 6468 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/22 19:00:43.0477 6468 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/22 19:00:43.0524 6468 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/22 19:00:43.0571 6468 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/22 19:00:43.0617 6468 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/22 19:00:43.0649 6468 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/22 19:00:43.0867 6468 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/22 19:00:43.0945 6468 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/05/22 19:00:43.0992 6468 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/22 19:00:44.0039 6468 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/22 19:00:44.0085 6468 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/22 19:00:44.0148 6468 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/22 19:00:44.0179 6468 AtiHDAudioService (1af3b5f04cc572daffcb6b5528c63134) C:\Windows\system32\drivers\AtihdLH3.sys
2011/05/22 19:00:44.0304 6468 atikmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/22 19:00:44.0382 6468 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/22 19:00:44.0491 6468 BHDrvx86 (925a191c8c06124426c63ceb2ea93085) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110518.001\BHDrvx86.sys
2011/05/22 19:00:44.0522 6468 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/22 19:00:44.0600 6468 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/22 19:00:44.0647 6468 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/22 19:00:44.0678 6468 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/22 19:00:44.0725 6468 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/22 19:00:44.0756 6468 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/22 19:00:44.0772 6468 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/22 19:00:44.0819 6468 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/22 19:00:44.0850 6468 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/22 19:00:44.0881 6468 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/22 19:00:44.0912 6468 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/22 19:00:44.0943 6468 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/22 19:00:44.0990 6468 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/22 19:00:45.0053 6468 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/22 19:00:45.0068 6468 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/05/22 19:00:45.0084 6468 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/22 19:00:45.0115 6468 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/22 19:00:45.0177 6468 dc3d (484ffbcec4091ff617494b6b0cb04eb3) C:\Windows\system32\DRIVERS\dc3d.sys
2011/05/22 19:00:45.0224 6468 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/22 19:00:45.0255 6468 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/22 19:00:45.0318 6468 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/22 19:00:45.0380 6468 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/05/22 19:00:45.0427 6468 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/22 19:00:45.0474 6468 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/22 19:00:45.0536 6468 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/22 19:00:45.0630 6468 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/22 19:00:45.0692 6468 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/22 19:00:45.0739 6468 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/22 19:00:45.0770 6468 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/22 19:00:45.0848 6468 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/22 19:00:45.0895 6468 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/22 19:00:45.0926 6468 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/22 19:00:45.0957 6468 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/22 19:00:46.0004 6468 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/22 19:00:46.0035 6468 FixTDSS (afc6897b06abc10c06ba84419a407377) C:\Windows\system32\drivers\FixTDSS.sys
2011/05/22 19:00:46.0067 6468 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/22 19:00:46.0082 6468 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/22 19:00:46.0160 6468 FSProFilter (3528c9ec493ca524a877d217c7d51600) C:\Windows\system32\Drivers\FSPFltd.sys
2011/05/22 19:00:46.0176 6468 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/22 19:00:46.0223 6468 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/22 19:00:46.0254 6468 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\Windows\gdrv.sys
2011/05/22 19:00:46.0269 6468 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/22 19:00:46.0347 6468 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/05/22 19:00:46.0394 6468 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/22 19:00:46.0425 6468 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/22 19:00:46.0457 6468 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/22 19:00:46.0503 6468 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/22 19:00:46.0550 6468 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/22 19:00:46.0613 6468 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
2011/05/22 19:00:46.0659 6468 htcnprot (52395a94c127c0266d1c0f3cce8a4345) C:\Windows\system32\DRIVERS\htcnprot.sys
2011/05/22 19:00:46.0706 6468 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/22 19:00:46.0737 6468 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/22 19:00:46.0784 6468 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/22 19:00:46.0815 6468 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/22 19:00:47.0018 6468 IDSVix86 (7c8ce2b83a89ee1cb0c3fee5991e62a2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110518.001\IDSvix86.sys
2011/05/22 19:00:47.0065 6468 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/22 19:00:47.0174 6468 IntcAzAudAddService (c3c499a704a2d7958d9d7e5a9db60ce4) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/22 19:00:47.0221 6468 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/22 19:00:47.0252 6468 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/22 19:00:47.0315 6468 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/22 19:00:47.0361 6468 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/22 19:00:47.0393 6468 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/22 19:00:47.0455 6468 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/22 19:00:47.0502 6468 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/22 19:00:47.0549 6468 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/22 19:00:47.0580 6468 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/22 19:00:47.0611 6468 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/22 19:00:47.0642 6468 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/22 19:00:47.0673 6468 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/22 19:00:47.0736 6468 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/22 19:00:47.0783 6468 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/22 19:00:47.0845 6468 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/22 19:00:47.0861 6468 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/22 19:00:47.0876 6468 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/22 19:00:47.0892 6468 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/22 19:00:47.0954 6468 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/22 19:00:47.0985 6468 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/22 19:00:48.0017 6468 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/22 19:00:48.0048 6468 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/22 19:00:48.0110 6468 MotioninJoyXFilter (61448ba3cca3063541437694a5527af2) C:\Windows\system32\DRIVERS\MijXfilt.sys
2011/05/22 19:00:48.0157 6468 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/22 19:00:48.0173 6468 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/22 19:00:48.0188 6468 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/22 19:00:48.0235 6468 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/22 19:00:48.0266 6468 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/22 19:00:48.0313 6468 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/22 19:00:48.0344 6468 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/22 19:00:48.0391 6468 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/22 19:00:48.0407 6468 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/22 19:00:48.0422 6468 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/22 19:00:48.0438 6468 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/22 19:00:48.0469 6468 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/22 19:00:48.0516 6468 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/22 19:00:48.0531 6468 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/22 19:00:48.0578 6468 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/22 19:00:48.0609 6468 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/22 19:00:48.0641 6468 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/22 19:00:48.0687 6468 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/22 19:00:48.0719 6468 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/22 19:00:48.0734 6468 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/22 19:00:48.0765 6468 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/22 19:00:48.0828 6468 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/22 19:00:49.0015 6468 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110521.002\NAVENG.SYS
2011/05/22 19:00:49.0077 6468 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110521.002\NAVEX15.SYS
2011/05/22 19:00:49.0155 6468 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/22 19:00:49.0171 6468 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/22 19:00:49.0218 6468 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/22 19:00:49.0265 6468 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/22 19:00:49.0296 6468 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/22 19:00:49.0343 6468 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/22 19:00:49.0358 6468 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/22 19:00:49.0421 6468 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/22 19:00:49.0483 6468 nmwcd (357ddb51e03cae598c096d95497373d0) C:\Windows\system32\drivers\ccdcmb.sys
2011/05/22 19:00:49.0514 6468 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\Windows\system32\drivers\ccdcmbo.sys
2011/05/22 19:00:49.0561 6468 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/22 19:00:49.0577 6468 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/22 19:00:49.0639 6468 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/22 19:00:49.0670 6468 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/22 19:00:49.0717 6468 NuidFltr (ef2b9a14ec5dd74ade3417faf1b45e16) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/05/22 19:00:49.0748 6468 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/22 19:00:49.0795 6468 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/22 19:00:49.0811 6468 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/22 19:00:49.0826 6468 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/22 19:00:49.0920 6468 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/22 19:00:49.0998 6468 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/05/22 19:00:50.0013 6468 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/22 19:00:50.0045 6468 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/22 19:00:50.0107 6468 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/05/22 19:00:50.0154 6468 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/22 19:00:50.0185 6468 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/22 19:00:50.0216 6468 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/22 19:00:50.0279 6468 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/22 19:00:50.0388 6468 pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys
2011/05/22 19:00:50.0466 6468 Point32 (420336f91eb745811cf130c80ede0653) C:\Windows\system32\DRIVERS\point32.sys
2011/05/22 19:00:50.0497 6468 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/22 19:00:50.0528 6468 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/22 19:00:50.0606 6468 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/22 19:00:50.0684 6468 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/22 19:00:50.0747 6468 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/22 19:00:50.0762 6468 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/22 19:00:50.0778 6468 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/22 19:00:50.0825 6468 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/22 19:00:50.0871 6468 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/22 19:00:50.0918 6468 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/22 19:00:50.0949 6468 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/22 19:00:50.0981 6468 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/22 19:00:51.0012 6468 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/22 19:00:51.0043 6468 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/22 19:00:51.0074 6468 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/22 19:00:51.0137 6468 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/22 19:00:51.0168 6468 RTL8169 (b7e1c523e2f7787d700766fc78e01f77) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/22 19:00:51.0199 6468 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/22 19:00:51.0308 6468 SecDrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\Windows\system32\drivers\SECDRV.SYS
2011/05/22 19:00:51.0339 6468 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/22 19:00:51.0355 6468 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/05/22 19:00:51.0402 6468 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/22 19:00:51.0449 6468 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/22 19:00:51.0495 6468 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/22 19:00:51.0511 6468 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/22 19:00:51.0573 6468 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/22 19:00:51.0605 6468 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/22 19:00:51.0636 6468 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/22 19:00:51.0683 6468 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/22 19:00:51.0745 6468 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/22 19:00:51.0792 6468 SMR162 (c095b3058efd44c9f635c28e64c9c0f1) C:\Windows\system32\drivers\SMR162.SYS
2011/05/22 19:00:51.0839 6468 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/22 19:00:51.0901 6468 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
2011/05/22 19:00:51.0901 6468 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/05/22 19:00:51.0917 6468 sptd - detected LockedFile.Multi.Generic (1)
2011/05/22 19:00:52.0010 6468 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS
2011/05/22 19:00:52.0041 6468 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
2011/05/22 19:00:52.0088 6468 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/22 19:00:52.0104 6468 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/22 19:00:52.0151 6468 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/22 19:00:52.0197 6468 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/22 19:00:52.0244 6468 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/22 19:00:52.0275 6468 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
2011/05/22 19:00:52.0322 6468 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
2011/05/22 19:00:52.0369 6468 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/05/22 19:00:52.0431 6468 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
2011/05/22 19:00:52.0463 6468 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS
2011/05/22 19:00:52.0494 6468 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/22 19:00:52.0509 6468 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/22 19:00:52.0603 6468 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/22 19:00:52.0634 6468 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/22 19:00:52.0665 6468 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/22 19:00:52.0697 6468 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/22 19:00:52.0728 6468 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/22 19:00:52.0759 6468 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/22 19:00:52.0775 6468 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/22 19:00:52.0884 6468 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/22 19:00:52.0899 6468 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/22 19:00:52.0946 6468 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/22 19:00:52.0977 6468 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/22 19:00:53.0024 6468 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/22 19:00:53.0087 6468 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/22 19:00:53.0118 6468 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/22 19:00:53.0149 6468 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/22 19:00:53.0180 6468 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/22 19:00:53.0196 6468 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/22 19:00:53.0243 6468 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2011/05/22 19:00:53.0321 6468 USB28xxBGA (f0e0bd77c255c95d317cd69c2e8efb92) C:\Windows\system32\DRIVERS\emBDA.sys
2011/05/22 19:00:53.0352 6468 USB28xxOEM (925e82ffe06a37799e5cb486528ed835) C:\Windows\system32\DRIVERS\emOEM.sys
2011/05/22 19:00:53.0414 6468 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/22 19:00:53.0445 6468 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/05/22 19:00:53.0492 6468 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/22 19:00:53.0523 6468 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/22 19:00:53.0570 6468 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/22 19:00:53.0617 6468 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/22 19:00:53.0648 6468 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/22 19:00:53.0711 6468 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/22 19:00:53.0757 6468 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/22 19:00:53.0804 6468 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
2011/05/22 19:00:53.0851 6468 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
2011/05/22 19:00:53.0913 6468 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/22 19:00:53.0960 6468 USBTINSP (f9288b919ea3065ad65f33d971604696) C:\Windows\system32\DRIVERS\tinspusb.sys
2011/05/22 19:00:53.0991 6468 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/22 19:00:54.0038 6468 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/22 19:00:54.0085 6468 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/22 19:00:54.0116 6468 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/22 19:00:54.0163 6468 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/22 19:00:54.0210 6468 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/22 19:00:54.0241 6468 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/22 19:00:54.0272 6468 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/22 19:00:54.0319 6468 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/22 19:00:54.0366 6468 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/22 19:00:54.0428 6468 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/22 19:00:54.0459 6468 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/22 19:00:54.0475 6468 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/22 19:00:54.0537 6468 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/22 19:00:54.0600 6468 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/22 19:00:54.0725 6468 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/22 19:00:54.0803 6468 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/22 19:00:54.0849 6468 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/22 19:00:54.0927 6468 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/22 19:00:54.0990 6468 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
2011/05/22 19:00:55.0052 6468 ZSMC301b (49cbcbfccb21c17be7123017684e24cd) C:\Windows\system32\Drivers\usbVM31b.sys
2011/05/22 19:00:55.0099 6468 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/22 19:00:55.0099 6468 ================================================================================
2011/05/22 19:00:55.0099 6468 Scan finished
2011/05/22 19:00:55.0099 6468 ================================================================================
2011/05/22 19:00:55.0115 3984 Detected object count: 2
2011/05/22 19:01:26.0143 3984 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/05/22 19:01:26.0205 3984 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/22 19:01:26.0205 3984 \HardDisk0 - ok
2011/05/22 19:01:26.0237 3984 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/22 19:01:32.0804 2980 Deinitialize success

#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:14 PM

Posted 22 May 2011 - 07:18 AM

Hi alza6991, :)



IMPORTANT NOTE: One or more of the identified infections is related to the rootkit TDL4. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bepasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to continue please do this:



:step1:



Please download Malwarebytes Anti-Malware 1.50.1 Final and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



:step2:



Please download aswMBRto your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



:step3:



We need to run an OTL Custom Scan


  • Please download OTL from the link below:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.Posted Image
    - Under File Scans, change File age to 90
    - Under the Standard Registry box change it to All
    - Check the boxes beside LOP Check and Purity Check.
  • Copy and Paste the following code into the Posted Image textbox.
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Roaming\*.*
    %ProgramData%\*.*
    %CommonProgramFiles%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    userinit.exe
    explorer.exe
    volsnap.sys
    /md5stop
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



Please include the following logs in your next reply:

  • Malwarebytes log
  • aswMBR.txt
  • OTL.txt and Extra.txt



Regards,
Georgi

cXfZ4wS.png


#5 alza6991

alza6991
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 23 May 2011 - 01:14 AM

This is the log for Malware Bytes. MalwareBytes told me to restart the computer (which I did), but my PC blocked Malware-Bytes from automatically starting, and when I clicked for it to run, it just went back to the home screen, nothing happened. Should I run the next step (aswMBR) or should I re-scan with Malware-Bytes (Quick Scan or Full Scan)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6647

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

23/05/2011 4:04:44 PM
mbam-log-2011-05-23 (16-04-44).txt

Scan type: Quick scan
Objects scanned: 163562
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Alen\AppData\Local\Temp\B347.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.

#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:14 PM

Posted 23 May 2011 - 01:28 AM

Hello,


Please proceed with the rest of the steps.
Thanks ! :)



Regards,
Georgi

cXfZ4wS.png


#7 alza6991

alza6991
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 23 May 2011 - 01:45 AM

This is from aswMBR:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-23 16:41:38
-----------------------------
16:41:38.860 OS Version: Windows 6.0.6002 Service Pack 2
16:41:38.860 Number of processors: 2 586 0x170A
16:41:38.860 ComputerName: ALEN-PC UserName: Alen
16:41:42.011 Initialize success
16:42:11.073 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
16:42:11.073 Disk 0 Vendor: SAMSUNG_HD103UJ 1AA01113 Size: 953868MB BusType: 3
16:42:13.101 Disk 0 MBR read successfully
16:42:13.101 Disk 0 MBR scan
16:42:13.101 Disk 0 unknown MBR code
16:42:15.129 Disk 0 scanning sectors +1953519616
16:42:15.144 Disk 0 scanning C:\Windows\system32\drivers
16:42:24.769 Service scanning
16:42:26.423 Disk 0 trace - called modules:
16:42:26.423 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85ef21f8]<<
16:42:26.439 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87072ac8]
16:42:26.439 3 CLASSPNP.SYS[8b9a18b3] -> nt!IofCallDriver -> [0x85f225d8]
16:42:26.439 5 acpi.sys[807b86bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x85fa7b98]
16:42:26.439 \Driver\atapi[0x85f6f4e8] -> IRP_MJ_CREATE -> 0x85ef21f8
16:42:26.454 Scan finished successfully
16:43:17.326 Disk 0 MBR has been saved successfully to "C:\Users\Alen\Desktop\MBR.dat"
16:43:17.341 The log file has been saved successfully to "C:\Users\Alen\Desktop\aswMBR.txt"


Should I click the FixMBR button? Or continue with step 3? (Even if I do not need to use FixMBR, could you tell me what it is for?)

#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:14 PM

Posted 23 May 2011 - 02:13 AM

Should I click the FixMBR button? Or continue with step 3? (Even if I do not need to use FixMBR, could you tell me what it is for?)




No, please DO NOT click on the Fixmbr unless I tell you to do so. The fixmbr command is used to repair the Whistler bootkit infection.



Please disable the emulation software drivers



Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Daemon Tools or Alcohol 52/120%

Additional instructions can be found here if needed.



Next, please download SPTD for Windows 2000/XP/2003/Vista/Windows 7 (32 bit) and save it to your desktop.

Double-click on SPTDinst-v178-x86.exe to run it.

Click Uninstall, then click OK to remove SPTD driver.

Reboot the computer to complete removal.

Next please re-run aswMBR and post the log in your next reply.



Regards,
Georgi

cXfZ4wS.png


#9 alza6991

alza6991
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 23 May 2011 - 02:41 AM

This is the new results (It saved into the same .txt file so the old results are there as well):

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-23 16:41:38
-----------------------------
16:41:38.860 OS Version: Windows 6.0.6002 Service Pack 2
16:41:38.860 Number of processors: 2 586 0x170A
16:41:38.860 ComputerName: ALEN-PC UserName: Alen
16:41:42.011 Initialize success
16:42:11.073 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
16:42:11.073 Disk 0 Vendor: SAMSUNG_HD103UJ 1AA01113 Size: 953868MB BusType: 3
16:42:13.101 Disk 0 MBR read successfully
16:42:13.101 Disk 0 MBR scan
16:42:13.101 Disk 0 unknown MBR code
16:42:15.129 Disk 0 scanning sectors +1953519616
16:42:15.144 Disk 0 scanning C:\Windows\system32\drivers
16:42:24.769 Service scanning
16:42:26.423 Disk 0 trace - called modules:
16:42:26.423 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85ef21f8]<<
16:42:26.439 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87072ac8]
16:42:26.439 3 CLASSPNP.SYS[8b9a18b3] -> nt!IofCallDriver -> [0x85f225d8]
16:42:26.439 5 acpi.sys[807b86bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x85fa7b98]
16:42:26.439 \Driver\atapi[0x85f6f4e8] -> IRP_MJ_CREATE -> 0x85ef21f8
16:42:26.454 Scan finished successfully
16:43:17.326 Disk 0 MBR has been saved successfully to "C:\Users\Alen\Desktop\MBR.dat"
16:43:17.341 The log file has been saved successfully to "C:\Users\Alen\Desktop\aswMBR.txt"


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-23 17:36:21
-----------------------------
17:36:21.333 OS Version: Windows 6.0.6002 Service Pack 2
17:36:21.333 Number of processors: 2 586 0x170A
17:36:21.333 ComputerName: ALEN-PC UserName: Alen
17:36:25.997 Initialize success
17:36:29.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-2
17:36:29.796 Disk 0 Vendor: SAMSUNG_HD103UJ 1AA01113 Size: 953868MB BusType: 3
17:36:31.824 Disk 0 MBR read successfully
17:36:31.824 Disk 0 MBR scan
17:36:31.824 Disk 0 unknown MBR code
17:36:33.837 Disk 0 scanning sectors +1953519616
17:36:33.884 Disk 0 scanning C:\Windows\system32\drivers
17:36:41.184 Service scanning
17:36:43.259 Disk 0 trace - called modules:
17:36:43.275 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
17:36:43.275 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8708dac8]
17:36:43.290 3 CLASSPNP.SYS[8b59f8b3] -> nt!IofCallDriver -> [0x85f03a70]
17:36:43.290 5 acpi.sys[806886bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-2[0x85547230]
17:36:43.290 Scan finished successfully
17:39:28.370 Disk 0 MBR has been saved successfully to "C:\Users\Alen\Desktop\MBR.dat"
17:39:28.401 The log file has been saved successfully to "C:\Users\Alen\Desktop\aswMBR.txt"


Please advise where to go from here.

#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:14 PM

Posted 23 May 2011 - 03:48 AM

Ok that's look better.
Proceed with the OTL scan now please. :)



Regards,
Georgi

cXfZ4wS.png


#11 alza6991

alza6991
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 23 May 2011 - 04:55 AM

This is from OTL.txt:

OTL logfile created on: 23/05/2011 7:41:41 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Alen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 61.90% Memory free
6.68 Gb Paging File | 5.40 Gb Available in Paging File | 80.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 156.87 Gb Free Space | 16.84% Space Free | Partition Type: NTFS

Computer Name: ALEN-PC | User Name: Alen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/05/23 19:40:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Alen\Desktop\OTL.exe
PRC - [2011/05/12 16:14:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/20 12:04:36 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 12:04:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/04/17 10:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2010/11/22 20:24:46 | 001,789,152 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\mylbx.exe
PRC - [2010/09/16 13:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009/12/02 19:40:40 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/24 20:16:02 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2004/12/15 18:01:44 | 000,040,960 | ---- | M] (Vimicro) -- C:\Windows\Vm_sti.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2011/05/23 19:40:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Alen\Desktop\OTL.exe
MOD - [2011/04/29 10:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\asoehook.dll
MOD - [2011/04/18 22:11:52 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcr90.dll
MOD - [2011/04/18 22:11:52 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcp90.dll
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (astcc)
SRV - [2011/05/18 16:05:43 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/04/20 12:04:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/04/17 10:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/09/16 13:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2009/12/02 19:40:40 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/05/23 19:35:53 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/05/22 17:49:55 | 000,020,472 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\FixTDSS.sys -- (FixTDSS)
DRV - [2011/05/22 17:48:10 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110522.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/22 17:48:10 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110522.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/10 16:16:30 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/10 16:16:30 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/10 16:15:35 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 12:43:40 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/04/20 12:43:40 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 11:22:08 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/16 06:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110518.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/31 13:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/31 13:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/31 04:46:24 | 000,097,808 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011/03/22 10:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/15 12:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/03/15 04:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110518.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/01/27 16:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/07 14:56:12 | 000,044,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011/01/01 09:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010/11/16 10:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/07/22 15:13:26 | 000,041,912 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\FSPFltd.sys -- (FSProFilter)
DRV - [2010/07/07 13:58:12 | 000,122,752 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tinspusb.sys -- (USBTINSP) TI-Nspire™
DRV - [2010/06/23 09:23:44 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/10/06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/06/09 23:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/24 18:10:52 | 000,449,664 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2008/03/06 20:42:16 | 000,530,944 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/06/25 05:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/06/02 13:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/04/26 06:42:18 | 000,045,696 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2004/12/23 10:21:42 | 000,093,600 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM31b.sys -- (ZSMC301b)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-2916712555-859450847-1160366120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2916712555-859450847-1160366120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-2916712555-859450847-1160366120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2916712555-859450847-1160366120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-2916712555-859450847-1160366120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-2916712555-859450847-1160366120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-2916712555-859450847-1160366120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 64 DD 6D 7C EF CB 01 [binary data]
IE - HKU\S-1-5-21-2916712555-859450847-1160366120-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2916712555-859450847-1160366120-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2916712555-859450847-1160366120-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/28 20:56:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2011/05/11 16:04:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn\ [2011/05/10 16:15:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/12 16:14:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/03/31 16:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alen\AppData\Roaming\Mozilla\Extensions
[2011/03/31 16:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/04/27 17:01:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alen\AppData\Roaming\Mozilla\Firefox\Profiles\i21na8y5.default\extensions
[2011/03/31 16:13:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alen\AppData\Roaming\Mozilla\Firefox\Profiles\i21na8y5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/27 19:29:33 | 000,002,431 | ---- | M] () -- C:\Users\Alen\AppData\Roaming\Mozilla\Firefox\Profiles\i21na8y5.default\searchplugins\safesearch.xml
[2011/04/27 18:50:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/12 16:14:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
[2011/05/10 16:15:16 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\COFFPLGN
[2011/05/11 16:04:16 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPLGN
[2011/05/12 16:14:22 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 18:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 18:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 18:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 18:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 18:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 18:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2916712555-859450847-1160366120-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2916712555-859450847-1160366120-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-2916712555-859450847-1160366120-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM_STI.EXE (Vimicro)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2916712555-859450847-1160366120-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2916712555-859450847-1160366120-1000..\Run: [ares] File not found
O4 - HKU\S-1-5-21-2916712555-859450847-1160366120-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2916712555-859450847-1160366120-1000..\Run: [Google Update] C:\Users\Alen\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-2916712555-859450847-1160366120-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2916712555-859450847-1160366120-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2916712555-859450847-1160366120-1000..\Run: [ZortamMp3MediaStudio] File not found
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-2916712555-859450847-1160366120-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2916712555-859450847-1160366120-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-2916712555-859450847-1160366120-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-2916712555-859450847-1160366120-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.134.49 61.9.133.193
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Alen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


========== Files/Folders - Created Within 90 Days ==========

[2011/05/23 19:40:14 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Alen\Desktop\OTL.exe
[2011/05/23 17:26:08 | 000,607,288 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Alen\Desktop\SPTDinst-v178-x86.exe
[2011/05/23 16:34:40 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Alen\Desktop\aswMBR.exe
[2011/05/23 15:57:36 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Roaming\Malwarebytes
[2011/05/23 15:57:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/23 15:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/23 15:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/23 15:57:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/23 15:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/23 15:53:35 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Alen\Desktop\mbam-setup.exe
[2011/05/22 17:56:48 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\NPE
[2011/05/22 17:49:55 | 000,020,472 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2011/05/22 17:49:55 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Roaming\FixTDSS
[2011/05/20 16:08:14 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/19 20:08:41 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{49287B0E-DDDE-439E-8339-21E53182893A}
[2011/05/19 18:26:43 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{0EEAF30B-0EE8-4DDD-A8D1-D29B9D680D94}
[2011/05/18 16:07:48 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{3DDC7B1D-FB44-4D72-BC77-7484B915A85C}
[2011/05/16 18:38:28 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{8F353924-81C1-4D37-8512-1D10C9C68127}
[2011/05/15 17:37:06 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{943F8386-B750-4575-AF33-D7BF470CADC8}
[2011/05/15 17:11:37 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{312F3BEB-01A7-4EF2-A48F-0DA5C81225A2}
[2011/05/14 17:41:14 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{29D6A033-6CC8-4432-B07C-780714E69CE5}
[2011/05/13 16:26:58 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{2676E8E1-84BF-4BAE-B5A3-55ACA18DC224}
[2011/05/12 17:27:29 | 000,000,000 | ---D | C] -- C:\AMD
[2011/05/12 16:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/05/12 16:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/05/12 16:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/05/12 16:46:37 | 000,000,000 | ---D | C] -- C:\ATI
[2011/05/12 16:15:36 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{754A1F93-5484-4884-8F65-C18F860B0F46}
[2011/05/11 18:48:12 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Roaming\SystemRequirementsLab
[2011/05/11 16:12:09 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{C396FD79-418A-4CCB-9DFA-28C357B606F5}
[2011/05/10 16:06:39 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{0CC17ED0-5514-4C7F-A279-D037C5CABE52}
[2011/05/09 17:40:43 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{9AEF10E9-88F7-473F-A695-8AEB35EECE56}
[2011/05/09 16:31:14 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{45D345DD-C428-4F38-9A19-FE558F8EFEC4}
[2011/05/07 17:37:40 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{4943BADC-FC33-4394-8F6A-02159F17FA9A}
[2011/05/06 18:46:23 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{F339E937-2F76-4FFA-BBC1-EAF05FA4F1EB}
[2011/05/05 16:15:24 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{04371C53-49BE-4027-8A19-8A4B45B0CD10}
[2011/05/04 19:27:21 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Roaming\LolClient
[2011/05/04 19:15:52 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011/05/04 19:15:52 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011/05/04 19:15:51 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011/05/04 19:15:51 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011/05/04 19:15:49 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011/05/04 19:09:13 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/05/04 19:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/05/04 18:34:34 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{4AB164BE-FBC5-4974-9207-0D1B4A2168B2}
[2011/05/03 17:11:04 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{7FD092DD-2902-4011-9216-090350871F99}
[2011/05/03 16:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/05/03 16:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/03 16:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/03 16:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/03 16:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/03 08:14:57 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{4E1BC0AA-DF77-423A-9968-A1B04448660E}
[2011/05/02 16:24:49 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{37A7FAB7-BF75-43D3-AA21-FC07626BE023}
[2011/05/02 15:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/02 15:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/05/02 15:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/02 11:18:00 | 000,000,000 | ---D | C] -- C:\Users\Alen\Documents\SafeNet Sentinel
[2011/04/27 18:35:38 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 18:35:37 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 18:35:36 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/27 16:08:51 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{AA4B1E50-99F2-4B88-806A-FCFAD6893AC4}
[2011/04/26 18:20:13 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{2944765E-13A7-4D34-BE23-FE3C80FD99A6}
[2011/04/25 13:49:23 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{E59E5117-22C9-4662-ACCE-B9A0A74540DA}
[2011/04/24 19:18:57 | 000,000,000 | ---D | C] -- C:\Users\Alen\Documents\DVDVideoSoft
[2011/04/23 10:50:25 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{E44AED17-DF84-4015-A63D-FF42E98C5621}
[2011/04/22 17:37:31 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{C89C647F-C3F3-472D-A796-5BEFAC27DE2F}
[2011/04/21 16:43:05 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{8E773717-DAEF-4115-8923-F5464F888778}
[2011/04/20 21:15:07 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{F9A780B9-1BD5-4D8B-A185-1834DF3D7526}
[2011/04/20 13:42:31 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{3F2E6EB1-421D-4749-9EC9-898B4CECF321}
[2011/04/20 12:43:40 | 007,772,160 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2011/04/20 12:09:18 | 000,151,552 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe
[2011/04/20 12:07:02 | 017,693,184 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atioglxx.dll
[2011/04/20 12:04:36 | 000,393,216 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe
[2011/04/20 12:04:06 | 000,176,128 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2011/04/20 12:02:56 | 000,159,744 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2011/04/20 12:02:42 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2011/04/20 12:02:30 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2011/04/20 12:02:22 | 000,015,872 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll
[2011/04/20 12:02:16 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2011/04/20 11:59:20 | 004,161,536 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atidxx32.dll
[2011/04/20 11:46:14 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll
[2011/04/20 11:46:02 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll
[2011/04/20 11:42:04 | 006,389,760 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll
[2011/04/20 11:40:14 | 001,923,584 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdmv.dll
[2011/04/20 11:30:36 | 004,056,576 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdva.dll
[2011/04/20 11:22:52 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll
[2011/04/20 11:22:40 | 000,032,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll
[2011/04/20 11:22:08 | 000,243,712 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys
[2011/04/20 11:21:38 | 000,031,232 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll
[2011/04/20 11:20:50 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2011/04/20 11:13:28 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll
[2011/04/20 11:13:28 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2011/04/19 22:10:18 | 000,051,712 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/19 22:10:02 | 012,385,280 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\amdocl.dll
[2011/04/19 18:14:00 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{878C0303-13C9-4422-ABCF-675AC798A350}
[2011/04/19 15:29:19 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{DF7BCF23-C7A4-4F07-BBAA-A14B8A31FC73}
[2011/04/18 22:37:44 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{1AF14C5B-2DB9-4E39-807D-870FA4B2C26A}
[2011/04/18 15:53:16 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/18 15:53:16 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/18 15:45:20 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/18 15:43:17 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/18 15:41:41 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/18 15:41:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/14 14:58:24 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{C3D9EA28-67E2-4F59-AA7F-17B82BB34270}
[2011/04/13 14:19:06 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{A77A2C33-D107-4479-A5B1-592965E0F312}
[2011/04/12 20:11:45 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{EB946BD5-1727-4829-B540-42C3F1EC2B87}
[2011/04/12 18:17:55 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{E3809137-17DF-4B8D-BFE7-F5DB5BEB954A}
[2011/04/11 21:38:40 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{8BFA6CD0-13FB-4F0F-8C6A-E3828F18B913}
[2011/04/10 18:14:03 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/04/10 18:14:03 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/04/10 18:14:03 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/04/10 18:14:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/10 18:14:02 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/04/10 18:14:02 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/04/10 18:14:02 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/10 18:14:02 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/04/10 18:14:02 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/04/10 18:14:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/10 18:14:02 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/10 18:14:02 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/04/10 18:14:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/04/10 18:14:01 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/10 18:14:01 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/10 18:14:01 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/10 18:14:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/04/10 18:14:01 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/04/10 18:14:01 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/04/10 18:14:01 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/04/10 18:14:01 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/10 18:14:01 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/10 18:14:01 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/10 18:14:01 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/10 18:14:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/10 18:14:00 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/10 18:14:00 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/04/10 18:14:00 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/04/10 18:14:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/10 18:14:00 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/04/10 18:14:00 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/04/10 18:13:59 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/04/10 18:13:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/10 18:13:59 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/04/10 18:13:59 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/10 18:13:59 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/04/10 18:13:59 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/10 18:13:59 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/04/10 18:13:59 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/09 21:10:36 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{A1D498EA-9682-496F-AD49-4DF59AC601C4}
[2011/04/09 19:13:18 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{38FE4B73-4970-4241-9AE8-D5AB60688FC5}
[2011/04/08 20:30:26 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{DD565FEA-5C79-4D46-9915-8C657F50F09B}
[2011/04/07 16:12:40 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{60C0A30B-3918-4317-89D7-1FDED94AF016}
[2011/04/07 16:12:11 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{88A7938E-4BAD-4D6E-BA9B-31361A60CCE6}
[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2011/04/06 16:08:32 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{354500AE-52A9-48C7-B7BC-2282D21FD1C9}
[2011/04/05 17:34:49 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{81659975-0594-4BBB-9447-FD110F0076C9}
[2011/04/03 20:53:57 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{E47692C8-B4C6-4891-9557-CF3E55E44E03}
[2011/04/03 19:18:52 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{BD357317-D879-412F-8214-0C89038E53D6}
[2011/04/03 10:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/04/03 09:24:20 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{65ADB76F-709F-41AD-9A0C-D41F58EDDC47}
[2011/04/02 16:34:19 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Roaming\.minecraft
[2011/04/02 11:58:59 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\ApplicationHistory
[2011/04/02 11:51:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2011/04/01 16:15:10 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Roaming\Dev-Cpp
[2011/04/01 16:15:03 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
[2011/04/01 16:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
[2011/04/01 16:14:51 | 000,000,000 | ---D | C] -- C:\Dev-Cpp
[2011/03/31 18:24:29 | 000,000,000 | ---D | C] -- C:\Users\Alen\Downloads
[2011/03/31 16:06:02 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Roaming\Mozilla
[2011/03/31 16:06:02 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\Mozilla
[2011/03/31 16:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/31 15:15:24 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{9ABB45F3-67F7-4A7A-A11D-467F3B4BE7D7}
[2011/03/31 04:46:24 | 000,097,808 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\AtihdLH3.sys
[2011/03/30 15:12:59 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{27AA8B6C-E28A-43CC-9687-A9F76D632075}
[2011/03/29 20:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\Yuna Software
[2011/03/29 20:01:37 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{E6DCA1EA-9AD2-4A47-89E4-D1728DEF4D34}
[2011/03/29 16:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2011/03/29 15:36:22 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/03/29 15:35:28 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Roaming\HTC
[2011/03/29 15:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2011/03/29 15:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications
[2011/03/29 15:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2011/03/28 15:17:14 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{A9BAF219-FC58-46B5-8FB1-5D71D2CC09C2}
[2011/03/27 20:01:17 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{DFC5E15D-C848-43D0-B591-D4E4965CCE6C}
[2011/03/26 16:48:41 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{7584641D-CC61-4914-A4A4-4F000E3C4CBB}
[2011/03/26 09:38:11 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{49506AAE-E1F1-4B70-B973-91C2008F968B}
[2011/03/25 15:07:58 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{390D09A1-D864-4F4C-864E-7FFA1F48C545}
[2011/03/24 17:53:13 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{6DE2B0BA-6893-4611-9342-F590AEA22B06}
[2011/03/23 16:00:10 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{99571D08-7BAD-4AF5-9901-8D1D21C9A67E}
[2011/03/23 15:32:01 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/23 15:32:01 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/23 07:28:51 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{2A7362B6-8777-4C15-BB60-E4900C183385}
[2011/03/22 20:04:57 | 000,000,000 | ---D | C] -- C:\Users\Alen\Documents\Dad Phone Backup
[2011/03/22 16:09:59 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{45EDBC34-D81E-49AA-8C03-D20D881687AB}
[2011/03/21 17:41:41 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{EB50AD6C-1A9A-4A11-9A27-D9C1865FB595}
[2011/03/21 16:55:48 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{4F1BAC2B-B81C-43CE-81D7-957C115C933F}
[2011/03/21 16:41:06 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{7EFF0121-1A1F-4F38-821E-368EEFCDC0F4}
[2011/03/21 15:40:01 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{8D00612F-EE22-4B10-9AF6-E9F060DD66AA}
[2011/03/20 12:33:06 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{AE846B8B-59FD-4C7D-A4F3-098DB1F525E9}
[2011/03/19 18:24:08 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{78E0425F-7371-4D48-9B63-6C634A32F3F1}
[2011/03/18 15:07:03 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{5AC10627-B71A-4DC5-A577-97B190DC6AB5}
[2011/03/18 15:06:19 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{B31CB6AF-1338-4ABF-89C3-5DDC16590913}
[2011/03/18 07:18:09 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{25C49738-4564-4A0B-A1FC-1CDD0386F15D}
[2011/03/17 15:44:03 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{ED49907C-4626-4C39-8512-CB3FE5FC4DC2}
[2011/03/16 15:35:59 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{739AB1A2-72C3-4974-B71D-693B80523339}
[2011/03/15 15:37:39 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{6C273D7A-AAB5-4C16-AEFA-E3927C798D15}
[2011/03/14 08:40:03 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{DD5DABAB-0873-4920-B06E-BDCB1102D5A2}
[2011/03/12 16:07:02 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{EC6DF167-C2E4-40B7-ACAF-9C01B1B78892}
[2011/03/12 12:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/03/12 12:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/03/12 12:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/03/12 12:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/03/11 19:54:07 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011/03/11 19:46:19 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2011/03/11 19:46:19 | 000,081,168 | ---- | C] (MotioninJoy) -- C:\Windows\System32\drivers\MijXfilt.sys
[2011/03/11 15:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/03/11 15:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/03/11 15:10:21 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{4450DDB2-8D87-4E19-A669-6A69778B0447}
[2011/03/11 15:06:22 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{13C54D99-394C-4DED-BCEB-FADFE69792F8}
[2011/03/10 16:56:57 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{EDF248A9-AE2C-4FA9-8969-EA58180C816F}
[2011/03/10 09:32:04 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011/03/10 09:32:04 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011/03/10 09:32:04 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011/03/10 09:02:28 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{2A2E2A80-C177-49B1-880A-AB2DE604B9E2}
[2011/03/10 08:39:25 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/10 08:39:25 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/10 08:39:25 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/10 08:39:25 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/09 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{8DFCF63A-2F0A-4BC9-B489-EF3E2761A9F7}
[2011/03/08 17:00:39 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{42113CF8-86B3-478A-B07E-C60AE06964A8}
[2011/03/08 15:34:12 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{E000BC3F-0C30-4296-B186-83F6038C13FE}
[2011/03/07 18:30:20 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{7E8D98C0-F2EF-46E3-B42A-97C543CBF57C}
[2011/03/07 15:45:48 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{7B980BFD-60B3-4004-B144-CDE5F615FB55}
[2011/03/06 14:46:52 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{310D5D90-F638-427B-A58B-7C04C081C613}
[2011/03/05 10:11:12 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{AFCB5719-61E5-4363-8D00-CBAFD90ED406}
[2011/03/04 16:07:54 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{906F1867-97FD-4D50-A795-B74A531518DF}
[2011/03/04 15:27:44 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{4F461E4C-BA10-4183-AC00-6331AB0C5CB3}
[2011/03/03 16:19:15 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{0970E7A9-1791-4D7C-99C4-C7612DE94273}
[2011/03/03 14:56:29 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{E72FAC67-858B-44F2-8879-EBF8743B44AE}
[2011/03/02 15:14:30 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{6BAF1601-16E1-4783-A281-A10730F72F2D}
[2011/02/28 15:23:32 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{76C4898A-7E0A-451A-8BEF-2136233958B1}
[2011/02/27 17:23:33 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\Thunderbird
[2011/02/27 16:48:11 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{CC1B46EE-5623-46A5-87BF-032A485632E3}
[2011/02/26 19:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/02/26 19:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/26 19:57:24 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/02/26 19:57:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/26 19:57:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/26 19:57:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/26 19:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/02/26 18:18:21 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Roaming\Windows Live Writer
[2011/02/26 18:18:21 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\Windows Live Writer
[2011/02/26 16:42:19 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{53E53151-E4A4-4AB8-8294-9018D7AA2198}
[2011/02/24 16:55:16 | 000,000,000 | ---D | C] -- C:\Users\Alen\AppData\Local\{2AAFEBFF-2DDE-4C02-A377-85035DF2C8BA}
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2011/05/23 19:40:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Alen\Desktop\OTL.exe
[2011/05/23 19:35:53 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\gdrv.sys
[2011/05/23 19:35:46 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 19:35:46 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 19:35:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/23 18:28:11 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2916712555-859450847-1160366120-1000UA.job
[2011/05/23 17:39:39 | 000,000,512 | ---- | M] () -- C:\Users\Alen\Desktop\MBR.dat
[2011/05/23 17:26:31 | 000,607,288 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Alen\Desktop\SPTDinst-v178-x86.exe
[2011/05/23 16:34:45 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Alen\Desktop\aswMBR.exe
[2011/05/23 15:57:27 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/23 15:54:52 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alen\Desktop\mbam-setup.exe
[2011/05/22 17:58:02 | 018,746,001 | ---- | M] () -- C:\Users\Alen\AppData\Roaming\SMRBackup162.dat
[2011/05/22 17:49:55 | 000,020,472 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2011/05/21 18:39:49 | 000,002,627 | ---- | M] () -- C:\Users\Alen\Desktop\Microsoft Office Word 2007.lnk
[2011/05/20 16:08:14 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/17 17:19:17 | 000,002,595 | ---- | M] () -- C:\Users\Alen\Desktop\Microsoft Office PowerPoint 2007.lnk
[2011/05/16 19:57:17 | 065,193,444 | ---- | M] () -- C:\Users\Alen\Desktop\Psychology UNITS 1 & 2.pdf
[2011/05/12 16:50:28 | 002,130,700 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/05/11 16:03:25 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/05/10 16:15:35 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/05/10 16:15:35 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/05/10 16:15:35 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/05/03 17:05:35 | 000,141,312 | ---- | M] () -- C:\Users\Alen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/03 16:31:25 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/02 10:28:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2916712555-859450847-1160366120-1000Core.job
[2011/04/29 14:05:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\isolate.ini
[2011/04/27 18:50:21 | 000,000,870 | ---- | M] () -- C:\Users\Alen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/27 18:42:58 | 002,410,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/20 12:43:40 | 007,772,160 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2011/04/20 12:09:44 | 000,165,296 | ---- | M] () -- C:\Windows\System32\atiapfxx.blb
[2011/04/20 12:09:18 | 000,151,552 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe
[2011/04/20 12:09:04 | 000,676,864 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\System32\aticfx32.dll
[2011/04/20 12:07:02 | 017,693,184 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atioglxx.dll
[2011/04/20 12:05:08 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2011/04/20 12:04:36 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
[2011/04/20 12:04:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2011/04/20 12:02:56 | 000,159,744 | ---- | M] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2011/04/20 12:02:42 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2011/04/20 12:02:30 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2011/04/20 12:02:22 | 000,015,872 | ---- | M] (AMD) -- C:\Windows\System32\atimuixx.dll
[2011/04/20 12:02:16 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2011/04/20 11:59:20 | 004,161,536 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\System32\atidxx32.dll
[2011/04/20 11:46:14 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll
[2011/04/20 11:46:02 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll
[2011/04/20 11:42:04 | 006,389,760 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll
[2011/04/20 11:40:14 | 001,923,584 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdmv.dll
[2011/04/20 11:38:04 | 004,286,464 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdag.dll
[2011/04/20 11:30:36 | 004,056,576 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdva.dll
[2011/04/20 11:29:34 | 000,989,600 | ---- | M] () -- C:\Windows\System32\atiumdva.cap
[2011/04/20 11:26:58 | 000,052,736 | ---- | M] (AMD) -- C:\Windows\System32\coinst.dll
[2011/04/20 11:23:04 | 000,262,144 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll
[2011/04/20 11:22:52 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll
[2011/04/20 11:22:40 | 000,032,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll
[2011/04/20 11:22:08 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys
[2011/04/20 11:21:38 | 000,031,232 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll
[2011/04/20 11:21:24 | 000,029,184 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll
[2011/04/20 11:21:00 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
[2011/04/20 11:20:50 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2011/04/20 11:13:28 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll
[2011/04/20 11:13:28 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2011/04/19 22:10:32 | 000,059,904 | ---- | M] () -- C:\Windows\System32\OVDecode.dll
[2011/04/19 22:10:18 | 000,051,712 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/19 22:10:02 | 012,385,280 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\amdocl.dll
[2011/04/18 16:02:52 | 000,360,352 | ---- | M] () -- C:\Users\Alen\Desktop\AlenRemove.pdf
[2011/04/10 18:43:03 | 000,000,949 | ---- | M] () -- C:\Users\Alen\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/04/10 18:14:11 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/10 18:14:10 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/10 18:14:03 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/04/10 18:14:03 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/04/10 18:14:03 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/04/10 18:14:03 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/10 18:14:02 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/04/10 18:14:02 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/04/10 18:14:02 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/10 18:14:02 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/04/10 18:14:02 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/04/10 18:14:02 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/10 18:14:02 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/10 18:14:02 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/04/10 18:14:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/04/10 18:14:01 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/10 18:14:01 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/10 18:14:01 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/10 18:14:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/04/10 18:14:01 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/04/10 18:14:01 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/04/10 18:14:01 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/04/10 18:14:01 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/10 18:14:01 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/10 18:14:01 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/10 18:14:01 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/10 18:14:01 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/10 18:14:00 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/10 18:14:00 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/10 18:14:00 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/04/10 18:14:00 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/04/10 18:14:00 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/10 18:14:00 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/04/10 18:14:00 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/04/10 18:13:59 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/04/10 18:13:59 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/10 18:13:59 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/04/10 18:13:59 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/10 18:13:59 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/04/10 18:13:59 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/10 18:13:59 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/04/10 18:13:59 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2011/04/06 09:46:14 | 000,032,200 | ---- | M] () -- C:\Windows\atiogl.xml
[2011/04/05 11:29:26 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.cat
[2011/04/05 11:25:18 | 000,007,454 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/04/05 11:25:18 | 000,007,450 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/04/01 16:20:20 | 000,000,555 | ---- | M] () -- C:\Users\Alen\Desktop\Dev-C++.lnk
[2011/03/31 13:04:12 | 000,007,877 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/03/31 13:04:12 | 000,007,458 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.cat
[2011/03/31 13:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/03/31 13:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/03/31 13:00:09 | 000,001,389 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/03/31 13:00:09 | 000,001,383 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/03/31 04:46:24 | 000,097,808 | ---- | M] (Advanced Micro Devices) -- C:\Windows\System32\drivers\AtihdLH3.sys
[2011/03/29 16:21:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
[2011/03/22 10:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/03/22 10:39:49 | 000,296,568 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys
[2011/03/22 10:39:48 | 000,001,474 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.inf
[2011/03/22 10:39:48 | 000,001,446 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.inf
[2011/03/18 15:36:12 | 000,002,585 | ---- | M] () -- C:\Users\Alen\Desktop\Microsoft Office Excel 2007.lnk
[2011/03/18 03:51:44 | 000,003,929 | ---- | M] () -- C:\Windows\System32\atipblag.dat
[2011/03/16 20:03:37 | 000,032,183 | ---- | M] () -- C:\Users\Alen\Desktop\Dubstep.jpg
[2011/03/15 12:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys
[2011/03/15 12:31:23 | 000,003,373 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.inf
[2011/03/13 07:55:52 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/03/12 12:28:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2011/03/12 12:22:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2011/03/12 12:20:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/03/11 19:55:05 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf
[2011/03/11 19:55:05 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2011/03/11 19:55:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/03/11 03:03:51 | 001,162,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/03/11 03:03:51 | 001,136,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/03/04 01:40:13 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/03/03 23:35:36 | 004,240,384 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/03/03 23:25:11 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/03/01 07:30:06 | 000,233,012 | ---- | M] () -- C:\Windows\System32\atiicdxx.dat
[2011/02/26 19:57:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/02/26 19:57:15 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/26 19:57:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/26 19:57:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/26 18:45:55 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/02/23 00:13:01 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/22 23:33:12 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/23 16:43:17 | 000,000,512 | ---- | C] () -- C:\Users\Alen\Desktop\MBR.dat
[2011/05/23 15:57:26 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/22 17:57:19 | 018,746,001 | ---- | C] () -- C:\Users\Alen\AppData\Roaming\SMRBackup162.dat
[2011/05/16 20:25:23 | 064,863,523 | ---- | C] () -- C:\Users\Alen\Desktop\Maths Year 10.pdf
[2011/05/16 19:52:36 | 065,193,444 | ---- | C] () -- C:\Users\Alen\Desktop\Psychology UNITS 1 & 2.pdf
[2011/05/03 16:31:25 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/27 18:50:21 | 000,000,870 | ---- | C] () -- C:\Users\Alen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/27 17:35:03 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/20 12:09:44 | 000,165,296 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb
[2011/04/20 11:29:34 | 000,989,600 | ---- | C] () -- C:\Windows\System32\atiumdva.cap
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/04/18 16:00:45 | 000,360,352 | ---- | C] () -- C:\Users\Alen\Desktop\AlenRemove.pdf
[2011/04/10 18:43:03 | 000,000,949 | ---- | C] () -- C:\Users\Alen\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/04/10 18:14:01 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/06 09:46:14 | 000,032,200 | ---- | C] () -- C:\Windows\atiogl.xml
[2011/04/01 16:20:20 | 000,000,555 | ---- | C] () -- C:\Users\Alen\Desktop\Dev-C++.lnk
[2011/03/29 16:21:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
[2011/03/18 03:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/03/14 08:50:35 | 000,032,183 | ---- | C] () -- C:\Users\Alen\Desktop\Dubstep.jpg
[2011/03/12 12:28:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2011/03/12 12:22:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2011/03/12 12:20:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/03/11 19:55:05 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf
[2011/03/11 19:55:05 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2011/03/11 19:55:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/03/11 19:54:13 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011/03/01 07:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/02/26 19:43:32 | 000,002,407 | ---- | C] () -- C:\Users\Alen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
[2011/02/26 19:08:05 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/02/26 18:45:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/09 18:26:40 | 000,000,458 | ---- | C] () -- C:\Windows\{682E39A0-0576-4422-8328-3B7E56346653}_WiseFW.ini
[2011/02/09 18:24:55 | 000,000,286 | ---- | C] () -- C:\Windows\{AC59B86B-4E39-47C8-B79A-3EC33B86FB47}_WiseFW.ini
[2011/01/23 15:06:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/23 14:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\amcap.exe
[2010/09/22 12:09:27 | 000,064,784 | ---- | C] () -- C:\Windows\MCSU.EXE
[2010/09/06 11:05:21 | 008,330,560 | ---- | C] () -- C:\Windows\System32\vaengine.dll
[2010/09/06 10:41:22 | 000,000,433 | ---- | C] () -- C:\Windows\WFD_FindDevID.ini
[2010/09/06 10:41:20 | 000,000,028 | ---- | C] () -- C:\Windows\WFD_FindMceDev.ini
[2010/09/05 12:36:35 | 000,000,350 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2010/08/04 01:14:28 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/03/02 18:12:04 | 000,303,104 | ---- | C] () -- C:\Windows\emunist.exe
[2010/03/02 18:12:00 | 000,001,606 | ---- | C] () -- C:\Windows\TVEpaDrv.ini
[2010/02/25 15:40:28 | 000,000,097 | ---- | C] () -- C:\Users\Alen\AppData\Roaming\default.pls
[2010/02/18 17:52:07 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2010/02/18 17:51:18 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010/02/18 17:50:28 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010/02/15 19:23:31 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2010/01/26 18:28:38 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/10/07 15:54:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/10/05 17:37:37 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/08/22 14:31:01 | 000,000,292 | ---- | C] () -- C:\Windows\game.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/29 15:59:47 | 000,141,312 | ---- | C] () -- C:\Users\Alen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/28 21:03:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/28 21:03:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/28 20:40:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/28 19:27:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/06/28 19:25:52 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/06/28 19:03:52 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/06/28 18:05:16 | 000,001,356 | ---- | C] () -- C:\Users\Alen\AppData\Local\d3d9caps.dat
[2007/06/21 16:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/03/19 12:47:52 | 008,327,168 | ---- | C] () -- C:\Windows\System32\vaesaver.dll
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 002,410,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,599,942 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,105,448 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/07/04 13:16:32 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe

========== LOP Check ==========

[2011/05/07 19:26:28 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\.minecraft
[2011/02/06 09:48:30 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\Azureus
[2009/08/30 12:26:02 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\BSD
[2010/03/08 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\Canon
[2011/01/28 20:59:02 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\CocoonSoftware
[2011/02/19 09:24:52 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\DAEMON Tools Lite
[2011/04/01 16:20:02 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\Dev-Cpp
[2011/05/22 17:49:55 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\FixTDSS
[2011/03/29 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\HTC
[2011/03/29 15:36:22 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010/11/02 14:56:57 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\ImgBurn
[2010/03/03 17:34:40 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\Inspiration Software
[2011/05/04 19:27:21 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\LolClient
[2010/02/18 17:53:39 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\MAGIX
[2010/04/18 21:02:07 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\Nokia
[2009/11/09 16:51:27 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\Participatory Culture Foundation
[2010/04/18 21:02:24 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\PC Suite
[2010/05/27 18:32:01 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\Serif
[2010/03/03 17:26:33 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\Softland
[2011/02/02 11:52:17 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\Sony
[2011/05/11 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\SystemRequirementsLab
[2011/02/09 17:39:06 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\Texas Instruments
[2011/02/09 17:45:24 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\TI-Nspire
[2010/09/01 21:14:51 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\Tific
[2010/01/26 17:10:19 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\TweakNow PowerPack 2009
[2009/12/07 17:32:03 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\TweakNow RegCleaner
[2009/10/17 19:34:04 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\Ubisoft
[2011/05/02 13:02:24 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\uTorrent
[2011/02/26 18:24:21 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\Windows Live Writer
[2010/06/16 19:28:30 | 000,000,000 | ---D | M] -- C:\Users\Alen\AppData\Roaming\Youtube Downloader HD
[2009/10/09 16:39:21 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2011/05/23 18:49:40 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/19 07:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 16:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/06/29 09:52:27 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 07:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/06/28 19:11:33 | 000,000,200 | ---- | M] () -- C:\csb.log
[2011/05/23 19:35:13 | 3801,694,208 | -HS- | M] () -- C:\pagefile.sys
[2009/06/28 19:09:59 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2011/05/23 19:36:19 | 000,000,233 | ---- | M] () -- C:\service.log
[2011/05/22 19:01:32 | 000,068,536 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_22.05.2011_19.00.23_log.txt
[2011/05/22 19:07:12 | 000,067,654 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_22.05.2011_19.06.28_log.txt
[2011/05/22 21:50:29 | 000,067,654 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_22.05.2011_21.48.31_log.txt

< %USERPROFILE%\*.* >
[2010/01/27 14:52:22 | 000,001,024 | ---- | M] () -- C:\Users\Alen\.rnd
[2011/05/23 19:40:38 | 005,767,168 | -HS- | M] () -- C:\Users\Alen\ntuser.dat
[2011/05/23 19:40:38 | 000,262,144 | -H-- | M] () -- C:\Users\Alen\ntuser.dat.LOG1
[2009/06/28 18:05:15 | 000,000,000 | -H-- | M] () -- C:\Users\Alen\ntuser.dat.LOG2
[2011/05/23 18:49:39 | 000,065,536 | -HS- | M] () -- C:\Users\Alen\ntuser.dat{1c2b2309-d40f-11de-94ac-00241d23c029}.TM.blf
[2011/05/23 18:49:39 | 000,524,288 | -HS- | M] () -- C:\Users\Alen\ntuser.dat{1c2b2309-d40f-11de-94ac-00241d23c029}.TMContainer00000000000000000001.regtrans-ms
[2009/11/18 17:25:18 | 000,524,288 | -HS- | M] () -- C:\Users\Alen\ntuser.dat{1c2b2309-d40f-11de-94ac-00241d23c029}.TMContainer00000000000000000002.regtrans-ms
[2009/11/18 16:43:27 | 000,065,536 | -HS- | M] () -- C:\Users\Alen\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/18 16:43:27 | 000,524,288 | -HS- | M] () -- C:\Users\Alen\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/06/28 19:08:07 | 000,524,288 | -HS- | M] () -- C:\Users\Alen\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009/11/18 17:07:25 | 000,065,536 | -HS- | M] () -- C:\Users\Alen\ntuser.dat{dae7a566-d40b-11de-a651-00241d23c029}.TM.blf
[2009/11/18 17:07:25 | 000,524,288 | -HS- | M] () -- C:\Users\Alen\ntuser.dat{dae7a566-d40b-11de-a651-00241d23c029}.TMContainer00000000000000000001.regtrans-ms
[2009/11/18 17:07:25 | 000,524,288 | -HS- | M] () -- C:\Users\Alen\ntuser.dat{dae7a566-d40b-11de-a651-00241d23c029}.TMContainer00000000000000000002.regtrans-ms
[2009/06/28 18:05:15 | 000,000,020 | -HS- | M] () -- C:\Users\Alen\ntuser.ini

< %USERPROFILE%\AppData\Local\*.* >
[2010/06/30 14:19:28 | 000,001,356 | ---- | M] () -- C:\Users\Alen\AppData\Local\d3d9caps.dat
[2011/05/03 17:05:35 | 000,141,312 | ---- | M] () -- C:\Users\Alen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/05 12:40:25 | 000,000,006 | -HS- | M] () -- C:\Users\Alen\AppData\Local\desktop.ini
[2010/08/15 10:03:58 | 000,000,079 | ---- | M] () -- C:\Users\Alen\AppData\Local\DVDPATH.TXT
[2011/04/27 18:28:43 | 000,125,800 | ---- | M] () -- C:\Users\Alen\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/05/23 18:49:36 | 003,185,796 | -H-- | M] () -- C:\Users\Alen\AppData\Local\IconCache.db

< %USERPROFILE%\AppData\Roaming\*.* >
[2010/08/27 21:32:26 | 000,000,097 | ---- | M] () -- C:\Users\Alen\AppData\Roaming\default.pls
[2010/09/05 12:40:25 | 000,000,006 | -HS- | M] () -- C:\Users\Alen\AppData\Roaming\desktop.ini
[2011/05/22 17:58:02 | 018,746,001 | ---- | M] () -- C:\Users\Alen\AppData\Roaming\SMRBackup162.dat

< %ProgramData%\*.* >
[2011/01/23 15:06:15 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

< %CommonProgramFiles%\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 12:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %systemroot%\system32\*.dll /lockedfiles >
[2011/04/20 12:05:08 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/03/31 04:46:24 | 000,097,808 | ---- | M] (Advanced Micro Devices) -- C:\Windows\System32\drivers\AtihdLH3.sys
[2011/04/20 12:43:40 | 007,772,160 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2011/04/20 11:22:08 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys
[2011/02/22 23:23:55 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys
[2011/05/22 17:49:55 | 000,020,472 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2011/02/22 23:23:59 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2011/02/22 23:24:10 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2011/02/22 23:24:02 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2011/04/02 10:40:54 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\SECDRV.SYS
[2011/05/10 16:15:35 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/04/15 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD8V.DLL
[2010/04/24 04:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD9Z.DLL
[2007/04/15 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP8V.DLL
[2010/04/24 04:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP9Z.DLL
[2006/11/02 22:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll


< MD5 for: EXPLORER.EXE >
[2008/10/29 16:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 16:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 13:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 12:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 12:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 12:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 12:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2006/11/02 19:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 16:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Users\Alen\AppData\Roaming\FixTDSS\Archive\volsnap.sys
[2009/04/11 16:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 16:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 16:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/21 12:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/21 12:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/21 12:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/21 12:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 16:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 16:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 12:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< End of report >

This is from Extras.txt

OTL Extras logfile created on: 23/05/2011 7:41:41 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Alen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 61.90% Memory free
6.68 Gb Paging File | 5.40 Gb Available in Paging File | 80.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 156.87 Gb Free Space | 16.84% Space Free | Partition Type: NTFS

Computer Name: ALEN-PC | User Name: Alen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2916712555-859450847-1160366120-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1288394B-9B94-47E2-B481-D75FE7335566}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{674F4138-7F6A-4F55-86CC-F4A28DD53B58}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |
"{6F04E8BF-E430-4653-92E8-90F0318B8181}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |
"{73183E57-7501-4548-8F94-D711EC9B4241}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{798B40D8-A32E-44D8-A801-217ECC80B00A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{984C2658-E80C-408B-8EF2-1AF159390DCA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B88FF098-038F-4B30-AA4A-EFBAEB3409C3}" = lport=49174 | protocol=6 | dir=in | name=akamai netsession interface |
"{C12F619B-FEA3-486A-BAA8-742C36CDE4F7}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{C18F8A2E-0E71-4C76-9AF7-9BAA3A6AD59E}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{C6BBD488-3792-4BC6-A896-26640A4927C3}" = lport=49694 | protocol=6 | dir=in | name=akamai netsession interface |
"{CAE8AC4F-2661-4648-B456-92EAE2F41A6C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE5692A4-7FCB-4566-AF0F-57C0DC7AD6FA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A3DD510-BD8D-4078-9BBE-55F408879105}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{0B6588A8-EBD8-4169-8BDB-5A731C421029}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{0B7F8FF9-A933-40C0-88DB-F36D341BF6DD}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{12E0BCD7-8691-4677-8332-C1DB54BB2E31}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9926-to-3.2.0.10194-enus-trial-downloader.exe |
"{17756B9D-7E3D-4745-837E-A6DA0503A83D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9926-to-3.2.0.10194-enus-trial-downloader.exe |
"{1D1729B9-C7EB-4697-9F11-321618766460}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{2A06F2CE-E5DA-4F3E-AB10-5B814A1C52D0}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{344BD3C5-DF0F-424C-950B-421DF648A565}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{36BC03A4-871D-47BE-8B72-6F03D9CFFCB4}" = protocol=6 | dir=in | app=f:\race driver grid\grid.exe |
"{421D58CA-2DAB-4A75-9F87-B64F92908062}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{42EBD743-EB74-4F83-A301-29D7DDF4F688}" = protocol=17 | dir=in | app=c:\program files\ti education\ti-nspire cas\ti-nspirecas.exe |
"{436115A4-5F8B-4E52-AB43-DE97B88BEC19}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{4A3DB53E-FD04-4831-91E5-AE17BF0761A5}" = protocol=17 | dir=in | app=c:\program files\common files\ti shared\commlib\1\jre\bin\java.exe |
"{4E9E45F4-FBDB-4E4A-94C5-51358732FD1B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{4FDF62CF-41BF-424F-AA47-49A894AB4C5B}" = protocol=6 | dir=in | app=c:\program files\ti education\ti-nspire cas\ti-nspirecas.exe |
"{5072486A-DB81-4FB7-8FBB-82B0FC255EA7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5396BD80-B13C-4876-8FD3-0B36B8FD1BCC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5FCF7367-F8A2-4A8E-B575-8F83EC78F202}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{647D09B0-0C5D-4475-8769-A31BF605D357}" = protocol=6 | dir=in | app=c:\program files\ti education\ti-nspire cas\jre\bin\java.exe |
"{64D19A50-36F4-4D81-ADD4-596694160F23}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{67799517-763C-4F5E-AEEC-E24ED8B5DA16}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{716A566B-0E9A-4729-AEA9-3477F6BC3081}" = protocol=17 | dir=in | app=c:\program files\ti education\ti-nspire cas\jre\bin\java.exe |
"{867B6990-EECA-4AD0-9C0B-247FB64749EC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{86EF1F42-F276-44CB-87C0-86761A4593DC}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{8858EAF1-5767-400D-A544-3FA870C9C5F4}" = protocol=17 | dir=in | app=c:\program files\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe |
"{A15A5B28-7366-4098-A75B-BB1AED85C974}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{A3F78F84-E457-4CC7-B69A-E25188E66FA9}" = protocol=6 | dir=in | app=f:\halo 2\halo2.exe |
"{B42B23FE-B37D-4ED3-A522-FCB26744716C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe |
"{B61709B9-5721-4CD6-9DEC-5C38BE2124A3}" = protocol=17 | dir=in | app=f:\race driver grid\grid.exe |
"{B70FCB02-D383-4614-BDFA-1BB14DD6F9C7}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{B780DB94-A600-49B2-9992-1E52C6C633C7}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{C28028E8-F802-4664-8C80-5712FD23A995}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{C5ED001B-A9F7-49B3-A0EB-D5C2D8470329}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C828235C-16C7-426B-B83C-78B5C86D71A6}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{CAA3110B-DE6C-4406-A1B4-B47F78B3A457}" = protocol=6 | dir=in | app=c:\program files\common files\ti shared\commlib\1\jre\bin\java.exe |
"{D23C7976-AA0C-42F1-BFBD-86AF17B54B99}" = protocol=17 | dir=in | app=f:\halo 2 for windows vista\halo2.exe |
"{D98790D9-B018-4F73-8233-E613F92ABEB6}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{DB8E52B0-910F-4AB2-B0B3-E49CBCCA8040}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6338971-49AD-4410-B39D-80AE6FF5181F}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe |
"{E790C588-858F-43F0-B608-2FA9D969D764}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{EB10C1EE-2AAD-4CD9-A35A-904DBD6AA1ED}" = protocol=17 | dir=in | app=f:\halo 2\halo2.exe |
"{EDDAF66B-9978-49FA-AE02-CA5A8D172AEB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F2818757-F5A6-4D7F-9840-1CA71DDCA696}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{F5E5FC85-EBED-4DE8-B0DB-74685D977FE7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe |
"{FD3A0918-CE1C-4AB3-8D9F-239E3BBB14D8}" = protocol=6 | dir=in | app=f:\halo 2 for windows vista\halo2.exe |
"TCP Query User{7CD2731B-D776-4A4C-96B6-B084644D0D1F}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |
"TCP Query User{8D068449-3E7F-4C40-B48B-6187DAD0DA7A}C:\program files\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"TCP Query User{A6784190-E450-4DDE-8111-2DDEE4F5767F}F:\call of duty 5 world at war\codwaw.exe" = protocol=6 | dir=in | app=f:\call of duty 5 world at war\codwaw.exe |
"TCP Query User{C8893DB2-CA7F-42FD-B843-0199278B9D83}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{CABA9A27-BC49-4E67-869A-91DE4C1E23CB}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{F54B1FBF-7B61-4F27-9E39-ECF7382E4D6B}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{64EDE3B5-1E1E-4EB0-8100-8E81400C2581}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{A17FA700-DA88-4ED6-AB2A-D9180EAED775}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |
"UDP Query User{B5DBD5FE-E0AB-469D-BF5E-7841B279875A}F:\call of duty 5 world at war\codwaw.exe" = protocol=17 | dir=in | app=f:\call of duty 5 world at war\codwaw.exe |
"UDP Query User{B64EA601-7284-4D2E-94E3-2D8FF7DB6FCF}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{BCC87968-4CD9-4ADF-A380-7F7E850CA56B}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{F73DC710-3951-4EB8-9806-A718979145FD}C:\program files\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1C284C44-B8E0-2ED3-8154-52133AAFF538}" = HydraVision
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23DF8A1C-046E-1018-444E-D86525EB264E}" = ATI Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2BA952A8-1D31-C155-9765-9389979D2864}" = Application Profiles
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}" = WinFast Multimedia Driver Installation
"{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}" = VIMICRO USB PC Camera
"{44B3A50C-47AE-4F8A-B083-1F0BF8DB84D5}" = TubeTillaFree
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F577CD8-A997-2E11-83BC-4445DD2D4542}" = Catalyst Control Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{682E39A0-0576-4422-8328-3B7E56346653}" = TI-Nspire™ CAS Student Software
"{6844F85B-1AEE-093A-5FC9-235035B3A127}" = Catalyst Control Center Graphics Previews Common
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74656168-CF28-40BD-9D87-700B07BAF9B6}" = HTC Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B10.0309.1
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3A3C74-0163-F062-08D6-C8AC7430669E}" = ccc-utility
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC59B86B-4E39-47C8-B79A-3EC33B86FB47}" = Connectivity Library and TI-Nspire™ handheld drivers
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4009EBB-0818-454F-A6E8-BBAAAEEF89E6}" = TI-Diagnostics Tool
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7749EE2-5318-D255-F0EE-14D5845B0925}" = CCC Help English
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6D290C0-5C74-469A-8F6D-6F0852D719DC}" = BigPond Broadband Cable
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD232781-26CA-4E18-BC70-4343A2F0D583}" = Microsoft IntelliPoint 8.0
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3B7076EB3C51070DE9D6902E9696507D9B471345" = Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (03/27/2006 5.1213.06.0327)
"3D-Album-CC" = 3D-Album Creative Center
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"63A3BC27CB82101176A1DC79203A9790DE0B20CB" = Windows Driver Package - Netgear Corporation (USB_RNDIS) Net (04/10/2007 1.12.0.0)
"94703D1C50646DF5FB8D0FB50EB2216330EB89C9" = Windows Driver Package - Atheros Communications Inc. (arusb_lh) Net (09/25/2008 3.1.0.101)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"B0784082CE70376BD9A7A864EE8D14835E6EFBEA" = Windows Driver Package - Motorola (ndiscm) Net (02/09/2004 2.4.5.1)
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ffdshow_is1" = ffdshow [rev 3200] [2010-01-12]
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.4
"Free Studio_is1" = Free Studio version 4.2
"ImgBurn" = ImgBurn
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"My Lockbox_is1" = My Lockbox 2.3
"N360" = Norton 360
"OpenAL" = OpenAL
"PeerGuardian_is1" = PeerGuardian 2.0
"Prism" = Prism Video Converter
"PROR" = Microsoft Office Professional 2007
"ToolBox" = NCH Toolbox
"TVEpaDrv" = Kaiser Baas USB VIDEO TO DVD MAKER Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 1.9

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2916712555-859450847-1160366120-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Edited by Orange Blossom, 09 June 2011 - 04:17 PM.


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:14 PM

Posted 23 May 2011 - 07:01 AM

Before I set you free I'd like us to scan your machine with Kaspersky Virus Removal Tool



Please click here to download Kaspersky Virus Removal Tool.

  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop.
  • After that leave what is selected and put a check next to My Computer.
  • Click on the option that says Threat Detection and change it to Disinfect => Do not select, delete if disinfection fails.
  • Then click on Start Scan.
  • Before it is done it may prompt for action regardless of the setting so choose skip if prompted.
  • When the scan is done no log will be produced.
  • Click on the bottom where it says Report to open the report.
  • Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.



Regards,
Georgi

cXfZ4wS.png


#13 alza6991

alza6991
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 23 May 2011 - 05:11 PM

The download is in progress. I just wanted to ask if this is if any importance?

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Also, you said this could never be fully erased from a system? What does this Bootkit do (I read the info above, but i still dont understand)? Can it steal accounts/emails etc, or what else?

#14 alza6991

alza6991
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 24 May 2011 - 07:22 AM

Is this what you wanted or did you want the very long log (Saved on my desktop as well)?

Autoscan: completed 5 minutes ago (events: 2, objects: 751338, time: 05:48:48)
24/05/2011 4:14:07 PM Task started
24/05/2011 10:02:57 PM Task completed

#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:14 PM

Posted 24 May 2011 - 10:00 AM

The download is in progress. I just wanted to ask if this is if any importance?

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!



This mean that the logs are not being created on Event Viewer. Open an elevated command prompt. To do this, click on Start Search Box => type in cmd. Cmd.exe will appear at the top of the Menu. Right click on it and choose "Run as Administrator". Copy and paste the following command in the Code box after the prompt > and hit Enter.

SC QUERY state= inactive > %userprofile%\desktop\services.txt & start notepad %userprofile%\desktop\services.txt

When finished, Notepad will pop up with some information. Copy and paste it in this thread.



Also, you said this could never be fully erased from a system? What does this Bootkit do (I read the info above, but i still dont understand)? Can it steal accounts/emails etc, or what else?



You had some nasty infection, including the worst version of the TDSS rootkit that infects the MBR. Rootkit.Win32.TDSS.tdl4(\HardDisk0) and c:\Users\Alen\AppData\Local\Temp\B347.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.

The rootkit seems to be gone now. However it's very difficult to say if the author didn't left some back doors open to get back in. The compromised system can no longer be trusted.

The main thing that TDL4 do is to tamper with your Internet settings or to redirect your Google search results to unwanted web sites, trying to get you to buy fake products.

But it may have some other functions as well.

That's why if you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable.

If you don't work with any sensitive data on this PC you should be fine leaving it that way.

Let me know what you think.



Is this what you wanted or did you want the very long log (Saved on my desktop as well)?



I need the full report please. If the log is too long, split it between couple of replies.



Regards,
Georgi

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users