Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible keylogger


  • This topic is locked This topic is locked
13 replies to this topic

#1 jkiejr

jkiejr

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 25 May 2011 - 07:32 PM

i think i might have a keylogger because i used to have my wow account password changed before i got my authenticator but i still get emails of someone trying to change it and just had my account info on itunes changed

here is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:59:16 PM, on 5/25/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
G:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
G:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\ccSvcHst.exe
G:\Program Files (x86)\Windows Media Player\wmplayer.exe
G:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
G:\Program Files (x86)\Steam\Steam.exe
G:\Users\joe\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
G:\Users\joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
G:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
G:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
G:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
G:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
G:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
G:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
G:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
G:\Windows\SysWOW64\CTXFISPI.EXE
G:\Windows\SysWOW64\Ctxfihlp.exe
G:\Program Files (x86)\iTunes\iTunesHelper.exe
G:\Program Files (x86)\iTunes\iTunes.exe
G:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe
G:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
G:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
G:\Program Files (x86)\Security Task Manager\SpyProtector.exe
G:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
G:\Windows\SysWOW64\DllHost.exe
G:\Program Files (x86)\Mozilla Firefox\firefox.exe
G:\Users\joe\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = G:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - g:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - G:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\coIEPlg.dll
O2 - BHO: Norton IPS 2.0 - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - G:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - g:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - g:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - G:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\coIEPlg.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "G:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [VolPanel] "G:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] G:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] G:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [PeerBlock] G:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "G:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Speech Recognition] "G:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [CTAutoUpdate] "G:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [CTAutoUpdate] "G:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller (User 'Default user')
O4 - Startup: CNET TechTracker.lnk = joe\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: Dropbox.lnk = joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 3.3.lnk = G:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @G:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - G:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @G:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @G:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: g:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: g:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package 1) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02AA06FD-111E-4862-9DF5-9F8BD337DE81}: NameServer = 170.215.255.114,65.73.172.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{02AA06FD-111E-4862-9DF5-9F8BD337DE81}: NameServer = 170.215.255.114,65.73.172.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{02AA06FD-111E-4862-9DF5-9F8BD337DE81}: NameServer = 170.215.255.114,65.73.172.4
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - g:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - g:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - G:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - G:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - G:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - G:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - G:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - G:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - G:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - G:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - G:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - G:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - G:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - G:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HyperDesk's Custom Theme Enabler (HyperDeskCustomThemeEnabler) - Unknown owner - G:\Windows\Installer\MSIC40F.tmp
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - G:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - G:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - G:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - G:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - G:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\ccSvcHst.exe
O23 - Service: Norton Safe Web Lite (NSL) - Symantec Corporation - G:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - G:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - G:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - G:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - G:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - G:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - G:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - G:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - G:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - G:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - G:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - G:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - G:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - G:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - G:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - G:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - G:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - G:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - G:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15882 bytes

EDIT: Please be patient. There are over 270 unanswered topics in this forum at present and the current average wait time to receive help is 9 days. ~Budapest

Edited by Budapest, 29 May 2011 - 05:08 PM.


BC AdBot (Login to Remove)

 


#2 jkiejr

jkiejr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 04 June 2011 - 11:28 PM

i think i might have a keylogger on my computer i havent had one in a while but i used to have certain accounts passwords changed and i had my itunes account stolen recently.

my log

.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by joe at 0:12:54 on 2011-06-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.1428 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
G:\Windows\system32\wininit.exe
G:\Windows\system32\lsm.exe
G:\Windows\system32\svchost.exe -k DcomLaunch
G:\Windows\system32\nvvsvc.exe
G:\Windows\system32\svchost.exe -k RPCSS
g:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
G:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
G:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
G:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
G:\Windows\system32\svchost.exe -k netsvcs
G:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
G:\Windows\system32\svchost.exe -k LocalService
G:\Windows\Installer\MSIC40F.tmp
G:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
G:\Windows\system32\nvvsvc.exe
G:\Windows\system32\WUDFHost.exe
G:\Windows\system32\WUDFHost.exe
G:\Windows\system32\svchost.exe -k NetworkService
G:\Windows\System32\spoolsv.exe
G:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
G:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
G:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
G:\Windows\system32\AEADISRV.EXE
G:\Windows\SysWOW64\svchost.exe -k Akamai
G:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
G:\Program Files (x86)\Bonjour\mDNSResponder.exe
G:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
G:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
G:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\ccSvcHst.exe
G:\Windows\system32\rundll32.exe
G:\Windows\SysWOW64\rundll32.exe
G:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
G:\Windows\SysWOW64\PnkBstrA.exe
G:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
G:\Windows\system32\svchost.exe -k imgsvc
G:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
G:\Program Files\Windows Live\Mesh\wlcrasvc.exe
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
G:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
G:\Windows\system32\wbem\unsecapp.exe
G:\Windows\system32\wbem\wmiprvse.exe
G:\Windows\system32\taskhost.exe
G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\ccSvcHst.exe
G:\Windows\system32\taskeng.exe
G:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
G:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
G:\Windows\system32\Dwm.exe
g:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
G:\Windows\Explorer.EXE
G:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
G:\Program Files\Windows Media Player\WMPSideShowGadget.exe
G:\Program Files (x86)\Windows Media Player\wmplayer.exe
G:\Windows\system32\taskhost.exe
G:\Program Files\Windows Media Player\wmpnetwk.exe
G:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
G:\Program Files\Logitech Gaming Software\LCore.exe
G:\Program Files\Microsoft Security Client\msseces.exe
G:\Program Files\PeerBlock\peerblock.exe
G:\Program Files (x86)\Steam\Steam.exe
G:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
G:\Program Files\Windows Sidebar\sidebar.exe
G:\Program Files\TortoiseSVN\bin\TSVNCache.exe
G:\Windows\system32\SearchIndexer.exe
G:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
G:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
G:\Users\joe\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
G:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
G:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
G:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
G:\Windows\SysWOW64\Ctxfihlp.exe
G:\Program Files (x86)\iTunes\iTunesHelper.exe
G:\Users\joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
G:\Windows\SysWOW64\CTXFISPI.EXE
G:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
G:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
G:\Program Files\Logitech\SetPointG\SetPointII.exe
G:\Users\joe\AppData\Local\Apps\2.0\B08Y1WQY.MPD\89NDWX8C.OV5\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
G:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe
G:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDClock.exe
G:\Windows\SysWOW64\DllHost.exe
G:\Program Files (x86)\Windows Live\Mail\wlmail.exe
G:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
G:\Windows\system32\conhost.exe
G:\Windows\System32\svchost.exe -k LocalServicePeerNet
G:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
G:\Windows\system32\DllHost.exe
G:\Windows\system32\SearchProtocolHost.exe
G:\Windows\system32\taskhost.exe
G:\Program Files (x86)\iTunes\iTunes.exe
G:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
G:\Windows\system32\conhost.exe
G:\Program Files (x86)\Mozilla Firefox\firefox.exe
G:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
G:\Windows\system32\SearchFilterHost.exe
G:\Windows\SysWOW64\cmd.exe
G:\Windows\system32\conhost.exe
G:\Windows\SysWOW64\cscript.exe
G:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - g:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - G:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - G:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\coIEPlg.dll
BHO: Norton IPS 2.0: {6d53ec84-6aae-4787-aeee-f4628f01010c} - G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - G:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - G:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - g:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - G:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - g:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - G:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - G:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [PeerBlock] G:\Program Files\PeerBlock\peerblock.exe
uRun: [SpybotSD TeaTimer] G:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Steam] "G:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Speech Recognition] "G:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Google Update] "G:\Users\joe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [VirtualCloneDrive] "G:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [VolPanel] "G:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
mRun: [Adobe Reader Speed Launcher] "G:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "G:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "G:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] G:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [ArcSoft Connection Service] G:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "G:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [iTunesHelper] "G:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Spy Protector] G:\Program Files (x86)\Security Task Manager\SpyProtector.exe /autostart
mRun: [LogMeIn Hamachi Ui] "G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Malwarebytes' Anti-Malware] "G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRunOnce: [CTAutoUpdate] "G:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller
StartupFolder: G:\Users\joe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CNETTE~1.LNK - G:\Users\joe\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
StartupFolder: G:\Users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: G:\Users\joe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - G:\Users\joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: G:\Users\joe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - G:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - G:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
TCP: Interfaces\{02AA06FD-111E-4862-9DF5-9F8BD337DE81} : NameServer = 170.215.255.114,65.73.172.4
TCP: Interfaces\{67E00DEF-EE3B-4F2D-9D92-3E31111DB40F} : DhcpNameServer = 192.168.254.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - g:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - g:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - G:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - G:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton IPS 2.0: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\IPS\IPSBHO.DLL
BHO-X64: Norton IPS 2.0 - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - G:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - g:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - g:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - G:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\coIEPlg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [VirtualCloneDrive] "G:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [VolPanel] "G:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
mRun-x64: [Adobe Reader Speed Launcher] "G:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "G:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "G:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AppleSyncNotifier] G:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [ArcSoft Connection Service] G:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [SunJavaUpdateSched] "G:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [iTunesHelper] "G:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Spy Protector] G:\Program Files (x86)\Security Task Manager\SpyProtector.exe /autostart
mRun-x64: [LogMeIn Hamachi Ui] "G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [Malwarebytes' Anti-Malware] "G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - G:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\c5w6u6nt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - plugin: G:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: G:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: G:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: G:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: G:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: G:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: G:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: G:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: G:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: G:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: G:\Users\joe\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: G:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\c5w6u6nt.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
FF - plugin: G:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;G:\Windows\system32\DRIVERS\Lbd.sys --> G:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 RapportKE64;RapportKE64;G:\Windows\system32\Drivers\RapportKE64.sys --> G:\Windows\system32\Drivers\RapportKE64.sys [?]
R0 SymDS;Symantec Data Store;G:\Windows\system32\drivers\NISx64\1300000.06E\SYMDS64.SYS --> G:\Windows\system32\drivers\NISx64\1300000.06E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;G:\Windows\system32\drivers\NISx64\1300000.06E\SYMEFA64.SYS --> G:\Windows\system32\drivers\NISx64\1300000.06E\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;G:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.108\Definitions\BASHDefs\20110531.021\BHDrvx64.sys [2011-5-19 1143416]
R1 ccSet_NIS;Norton Internet Security Settings Manager;G:\Windows\system32\drivers\NISx64\1300000.06E\ccSetx64.sys --> G:\Windows\system32\drivers\NISx64\1300000.06E\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;G:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.108\Definitions\IPSDefs\20110603.031\IDSviA64.sys [2011-6-4 488056]
R1 MpFilter;Microsoft Malware Protection Driver;G:\Windows\system32\DRIVERS\MpFilter.sys --> G:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 RapportEI64;RapportEI64;G:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-4-28 52496]
R1 RapportPG64;RapportPG64;G:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-4-28 61200]
R1 SASDIFSV;SASDIFSV;G:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;G:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 SymIRON;Symantec Iron Driver;G:\Windows\system32\drivers\NISx64\1300000.06E\Ironx64.SYS --> G:\Windows\system32\drivers\NISx64\1300000.06E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;G:\Windows\system32\Drivers\NISx64\1300000.06E\SYMNETS.SYS --> G:\Windows\system32\Drivers\NISx64\1300000.06E\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;G:\Windows\system32\DRIVERS\vwififlt.sys --> G:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;G:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 Akamai;Akamai NetSession Interface;G:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 cpuz135;cpuz135;\??\G:\Windows\system32\drivers\cpuz135_x64.sys --> G:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-5-25 2275720]
R2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;G:\Windows\Installer\MSIC40F.tmp [2011-1-1 102400]
R2 MBAMService;MBAMService;G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-6-28 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;G:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2011-4-23 101048]
R2 NIS;Norton Internet Security;G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\ccsvchst.exe [2011-5-17 138760]
R2 NSL;Norton Safe Web Lite;G:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2011-1-16 130000]
R2 RapportMgmtService;Rapport Management Service;G:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
R2 SBSDWSCService;SBSD Security Center Service;G:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-6-10 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;G:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 TeamViewer6;TeamViewer 6;G:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-15 2337144]
R2 wlcrasvc;Windows Live Mesh remote connections service;G:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
R3 CT20XUT.SYS;CT20XUT.SYS;G:\Windows\system32\drivers\CT20XUT.SYS --> G:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;G:\Windows\system32\drivers\CTEXFIFX.SYS --> G:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;G:\Windows\system32\drivers\CTHWIUT.SYS --> G:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;G:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-4 136824]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;G:\Windows\system32\drivers\LGBusEnum.sys --> G:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;G:\Windows\system32\drivers\LGVirHid.sys --> G:\Windows\system32\drivers\LGVirHid.sys [?]
R3 MBAMProtector;MBAMProtector;\??\G:\Windows\system32\drivers\mbam.sys --> G:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;G:\Windows\system32\DRIVERS\MpNWMon.sys --> G:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;G:\Windows\system32\DRIVERS\NisDrvWFP.sys --> G:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;G:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 pbfilter;pbfilter;G:\Program Files\PeerBlock\pbfilter.sys [2010-3-30 24176]
R3 RDPDISPM;RDPDISPM;G:\Windows\system32\DRIVERS\rdpdispm.sys --> G:\Windows\system32\DRIVERS\rdpdispm.sys [?]
R3 RTCore64;RTCore64;G:\Program Files (x86)\EVGA Precision\RTCore64.sys [2011-5-3 14440]
R3 USBAAPL64;Apple Mobile USB Driver;G:\Windows\system32\Drivers\usbaapl64.sys --> G:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;G:\Windows\system32\DRIVERS\yk62x64.sys --> G:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;G:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;G:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);G:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-23 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;G:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-3 2151128]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;G:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-5-5 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;G:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-1 79360]
S3 CT20XUT;CT20XUT;G:\Windows\system32\drivers\CT20XUT.SYS --> G:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;G:\Windows\system32\drivers\CTEXFIFX.SYS --> G:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;G:\Windows\system32\drivers\CTHWIUT.SYS --> G:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 epmntdrv;epmntdrv;G:\Windows\System32\epmntdrv.sys [2011-3-22 14216]
S3 EuGdiDrv;EuGdiDrv;G:\Windows\System32\EuGdiDrv.sys [2011-3-22 8456]
S3 fssfltr;fssfltr;G:\Windows\system32\DRIVERS\fssfltr.sys --> G:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;G:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);G:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-23 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;G:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-12-3 17152]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.2.0;G:\Windows\system32\drivers\libusb0.sys --> G:\Windows\system32\drivers\libusb0.sys [?]
S3 LVPr2M64;Logitech LVPr2M64 Driver;G:\Windows\system32\DRIVERS\LVPr2M64.sys --> G:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 LVUSBS64;Logitech USB Monitor Filter;G:\Windows\system32\DRIVERS\LVUSBS64.sys --> G:\Windows\system32\DRIVERS\LVUSBS64.sys [?]
S3 Revoflt;Revoflt;G:\Windows\system32\DRIVERS\revoflt.sys --> G:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;G:\Windows\system32\DRIVERS\Rt64win7.sys --> G:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;G:\Windows\system32\DRIVERS\rtl8187.sys --> G:\Windows\system32\DRIVERS\rtl8187.sys [?]
S3 ScreamBAudioSvc;ScreamBee Audio;G:\Windows\system32\drivers\ScreamingBAudio64.sys --> G:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 StorSvc;Storage Service;G:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;G:\Windows\system32\drivers\tsusbflt.sys --> G:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;G:\Windows\system32\Wat\WatAdminSvc.exe --> G:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-06-05 03:44:27 8718160 ----a-w- G:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D8C27679-FB4A-4656-A40A-C65AEC80D3B2}\mpengine.dll
2011-06-05 03:39:17 -------- d-----w- G:\Users\joe\AppData\Local\{74B05D2A-B052-4DD6-87AD-8AA15DC9C69B}
2011-06-04 02:54:13 -------- d-----w- G:\Users\joe\AppData\Local\Origin
2011-06-04 02:51:24 -------- d-----w- G:\Program Files (x86)\Origin Games
2011-06-04 02:51:15 -------- d-----w- G:\Program Files (x86)\Origin
2011-06-03 02:09:48 -------- d-----w- G:\Users\joe\AppData\Local\{F2F1ED74-B1F2-4BB0-9FA1-17CD7E72E2B3}
2011-06-01 18:07:57 -------- d-----w- G:\Users\joe\AppData\Local\{988FC280-37E1-4DCE-97CC-DF0E02124FB6}
2011-05-31 22:07:53 -------- d-----w- G:\Users\joe\AppData\Local\{B8EDDF4D-3493-43D6-B752-24C6AF13DCD1}
2011-05-31 00:30:39 -------- d-----w- G:\Users\joe\AppData\Local\{1AD97989-08FA-4403-B543-DC91EED437AF}
2011-05-30 23:58:33 -------- d-----w- G:\Program Files (x86)\LogMeIn Hamachi
2011-05-30 03:41:23 -------- d-----w- G:\Users\joe\AppData\Local\{7D4C53EA-6A7E-4D89-8CF1-B87E516804E7}
2011-05-29 02:52:37 -------- d-----w- G:\Users\joe\AppData\Local\{B4B1E06F-CA2F-47E8-9A04-0A255681A827}
2011-05-27 16:06:26 -------- d-----w- G:\Users\joe\AppData\Local\{A0A85BC3-7BBF-4200-A36C-B8B084339BF4}
2011-05-26 18:26:24 -------- d-----w- G:\Users\joe\AppData\Local\{C8187824-194D-4E7A-AEE9-0AF6E3B1F767}
2011-05-26 00:02:20 -------- d-----w- G:\!KillBox
2011-05-25 22:38:20 -------- d-----w- G:\ProgramData\SecTaskMan
2011-05-25 22:38:02 -------- d-----w- G:\Program Files (x86)\Security Task Manager
2011-05-25 20:49:48 8718160 ----a-w- G:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-25 20:49:39 27520 ----a-w- G:\Windows\System32\drivers\Diskdump.sys
2011-05-25 20:46:26 -------- d-----w- G:\Users\joe\AppData\Local\{25511662-2B3A-4222-B843-10A2C8B81771}
2011-05-24 22:01:13 -------- d-----w- G:\Users\joe\AppData\Local\{73250B3C-84FF-4FC4-8A1F-552D0FD21056}
2011-05-24 19:15:27 -------- d-----w- G:\Users\joe\AppData\Roaming\PCF-VLC
2011-05-24 19:14:28 -------- d-----w- G:\.miro
2011-05-24 19:13:16 -------- d-----w- G:\Program Files (x86)\GetMiro Toolbar
2011-05-24 19:12:53 -------- d-----w- G:\Users\joe\AppData\Roaming\Participatory Culture Foundation
2011-05-24 19:11:45 -------- d-----w- G:\Program Files (x86)\Participatory Culture Foundation
2011-05-24 17:51:09 142336 ----a-w- G:\Windows\System32\poqexec.exe
2011-05-24 17:51:09 123904 ----a-w- G:\Windows\SysWow64\poqexec.exe
2011-05-24 03:51:45 601424 ------w- G:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3006D6A1-0272-4974-A926-09E881C6D160}\gapaengine.dll
2011-05-24 03:45:35 -------- d-----w- G:\Program Files (x86)\Microsoft Security Client
2011-05-24 03:45:21 -------- d-----w- G:\Program Files\Microsoft Security Client
2011-05-24 03:42:01 -------- d-----w- G:\Program Files (x86)\VideoLAN
2011-05-23 18:13:53 -------- d-----w- G:\Users\joe\AppData\Local\{763461D6-AA19-4FF8-B8C4-7049A64CBE44}
2011-05-22 23:39:31 -------- d-----w- G:\Users\joe\AppData\Local\{AED5D0B0-E71D-4AE2-9822-397A69F13E3D}
2011-05-21 21:36:59 -------- d-----w- G:\Users\joe\AppData\Local\{E5CAF9E2-B568-4AFD-A7FD-68E2388B5177}
2011-05-21 01:17:20 -------- d-----w- G:\Users\joe\AppData\Local\{DC0D227B-3499-408E-93B3-17D806B8BE6B}
2011-05-20 03:08:44 -------- d-----w- G:\Program Files (x86)\Cheat Engine 6
2011-05-19 19:45:08 -------- d-----w- G:\Users\joe\AppData\Local\{8EEFE3AB-5703-4C70-B994-B9EA7F74F925}
2011-05-19 04:29:14 -------- d-----w- G:\Users\joe\AppData\Local\{908DA32F-1272-499E-A447-B26C5CB9F881}
2011-05-18 01:00:36 -------- d-----w- G:\Program Files (x86)\Microsoft XNA
2011-05-17 18:42:37 -------- d-----w- G:\Users\joe\AppData\Local\{0B72EF32-DE25-4CC0-A060-733F409604FB}
2011-05-17 18:08:49 721016 ----a-w- G:\Windows\System32\drivers\NISx64\1300000.06E\srtsp64.sys
2011-05-17 18:08:49 451192 ----a-w- G:\Windows\System32\drivers\NISx64\1300000.06E\symds64.sys
2011-05-17 18:08:49 396408 ----a-w- G:\Windows\System32\drivers\NISx64\1300000.06E\symnets.sys
2011-05-17 18:08:49 37496 ----a-w- G:\Windows\System32\drivers\NISx64\1300000.06E\srtspx64.sys
2011-05-17 18:08:49 189560 ----a-w- G:\Windows\System32\drivers\NISx64\1300000.06E\ironx64.sys
2011-05-17 18:08:49 164488 ----a-w- G:\Windows\System32\drivers\NISx64\1300000.06E\ccsetx64.sys
2011-05-17 18:08:49 1083512 ----a-w- G:\Windows\System32\drivers\NISx64\1300000.06E\symefa64.sys
2011-05-17 18:08:45 -------- d-----w- G:\Windows\System32\drivers\NISx64\1300000.06E
2011-05-17 09:11:06 8802128 ----a-w- G:\ProgramData\Microsoft\Windows Defender\Definition Updates\{627CCF96-049A-4F46-A48B-6DD5F18508EC}\mpengine.dll
2011-05-17 06:22:26 -------- d-----w- G:\Users\joe\AppData\Local\{D185997A-25B4-462C-AB2B-9FB6E7551CAC}
2011-05-15 23:11:23 -------- d-----w- G:\Users\joe\AppData\Local\{ED1C484A-63C7-441B-92CF-084ECC0F2E8B}
2011-05-14 19:53:49 404640 ----a-w- G:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-12 06:06:29 -------- d-----w- G:\Users\joe\AppData\Local\{8CDBD122-61DD-4662-931B-414576141F95}
2011-05-11 21:23:48 5562240 ----a-w- G:\Windows\System32\ntoskrnl.exe
2011-05-11 21:23:47 3967872 ----a-w- G:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 21:23:46 3912576 ----a-w- G:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 21:23:41 98816 ----a-w- G:\Windows\System32\drivers\usbccgp.sys
2011-05-11 21:23:41 7936 ----a-w- G:\Windows\System32\drivers\usbd.sys
2011-05-11 21:23:41 52736 ----a-w- G:\Windows\System32\drivers\usbehci.sys
2011-05-11 21:23:41 343040 ----a-w- G:\Windows\System32\drivers\usbhub.sys
2011-05-11 21:23:41 325120 ----a-w- G:\Windows\System32\drivers\usbport.sys
2011-05-11 21:23:41 30720 ----a-w- G:\Windows\System32\drivers\usbuhci.sys
2011-05-09 06:52:42 21992 ----a-w- G:\Windows\System32\drivers\cpuz135_x64.sys
2011-05-09 06:52:42 -------- d-----w- G:\Program Files\CPUID
2011-05-09 06:23:12 -------- d-----w- G:\Users\joe\AppData\Local\{446BAD84-C459-42E0-827D-13865C983CAC}
2011-05-06 19:16:40 -------- d-----w- G:\Users\joe\AppData\Local\{08DC1CF5-C796-4634-92A2-40CEA0086DCA}
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- G:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 25912 ----a-w- G:\Windows\System32\drivers\mbam.sys
2011-05-26 17:09:40 266400 ----a-w- G:\Windows\SysWow64\PnkBstrB.xtr
2011-05-26 17:09:40 266400 ----a-w- G:\Windows\SysWow64\PnkBstrB.exe
2011-05-18 18:38:49 884736 ----a-w- G:\Windows\skincrafter3_vs2005.dll
2011-05-17 18:09:55 174200 ----a-w- G:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-04-29 06:18:25 20789248 ----a-w- G:\Windows\System32\imageres.dll
2011-04-28 18:34:54 64272 ----a-w- G:\Windows\System32\drivers\RapportKE64.sys
2011-04-18 10:23:39 16432 ----a-w- G:\Windows\System32\lsdelete.exe
2011-04-10 23:31:45 466520 ----a-w- G:\Windows\System32\wrap_oal.dll
2011-04-10 23:31:45 445016 ----a-w- G:\Windows\SysWow64\wrap_oal.dll
2011-04-10 23:31:45 123480 ----a-w- G:\Windows\System32\OpenAL32.dll
2011-04-10 23:31:45 109144 ----a-w- G:\Windows\SysWow64\OpenAL32.dll
2011-04-09 22:55:44 15453336 ----a-w- G:\Windows\SysWow64\xlive.dll
2011-04-09 22:55:42 13642904 ----a-w- G:\Windows\SysWow64\xlivefnt.dll
2011-04-06 20:26:58 96544 ----a-w- G:\Windows\System32\dnssd.dll
2011-04-06 20:26:58 119584 ----a-w- G:\Windows\System32\dns-sd.exe
2011-04-06 20:20:16 91424 ----a-w- G:\Windows\SysWow64\dnssd.dll
2011-04-06 20:20:16 107808 ----a-w- G:\Windows\SysWow64\dns-sd.exe
2011-04-01 19:40:28 266400 ----a-w- G:\Windows\SysWow64\PnkBstrB.ex0
2011-03-31 18:27:26 18960 ----a-w- G:\Windows\System32\drivers\LNonPnP.sys
2011-03-31 03:32:17 472808 ----a-w- G:\Windows\SysWow64\deployJava1.dll
2011-03-26 00:04:46 2926208 ----a-w- G:\Windows\System32\BootMan.exe
2011-03-26 00:04:16 18048 ----a-w- G:\Windows\SysWow64\EuEpmGdi.dll
2011-03-26 00:03:44 2340992 ----a-w- G:\Windows\SysWow64\BootMan.exe
2011-03-24 14:57:54 9096 ----a-w- G:\Windows\System32\EuGdiDrv.sys
2011-03-24 14:57:54 86408 ----a-w- G:\Windows\SysWow64\setupempdrv03.exe
2011-03-24 14:57:54 8456 ----a-w- G:\Windows\SysWow64\EuGdiDrv.sys
2011-03-24 14:57:54 16776 ----a-w- G:\Windows\System32\epmntdrv.sys
2011-03-24 14:57:54 14216 ----a-w- G:\Windows\SysWow64\epmntdrv.sys
2011-03-24 14:57:54 11264 ----a-w- G:\Windows\System32\EuEpmGdi.dll
2011-03-24 14:57:54 100232 ----a-w- G:\Windows\System32\setupempdrvx64.exe
2011-03-23 16:08:28 75136 ----a-w- G:\Windows\SysWow64\PnkBstrA.exe
2011-03-15 13:46:40 97648 ----a-w- G:\Windows\SysWow64\ElbyCDIO.dll
2011-03-12 12:08:49 1465344 ----a-w- G:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- G:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- G:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- G:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- G:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- G:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- G:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- G:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- G:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- G:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- G:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- G:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- G:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- G:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- G:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- G:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- G:\Windows\SysWow64\fsutil.exe
2011-03-08 06:29:32 976896 ----a-w- G:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- G:\Windows\SysWow64\inetcomm.dll
.
============= FINISH: 0:13:31.18 ===============

EDIT: Topics merged ~Budapest

Attached Files


Edited by Budapest, 05 June 2011 - 05:50 PM.


#3 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:06:12 AM

Posted 05 June 2011 - 10:36 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Best Regards,
oneof4.


#4 jkiejr

jkiejr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 06 June 2011 - 01:17 AM

sorry for the second topic thought it was over looked. and no my first topic wasnt resolved thats why i posted the second topic with the dds log instead of the hijack this log

#5 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:12 AM

Posted 10 June 2011 - 06:59 AM

Hello jkiejr,


I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy. As you can see the logs we ask for are very extensive and take a lot of time to investigate.

Please subscribe to this topic. Click on the Watch Topic button, select Immediate Notification and click on proceed.

Please make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box. Only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box. Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you are having, along with any steps you may have performed so far.


Thank you for your patience!!


---------------------------------------------------

Your logs indicate you have multiple antivirus products installed.

You should never have more than one anti virus product installed and running on your computer at a time. The reason for this is that if all products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as allthe products fight for access to files which are opened. In general terms, the programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.


Please uninstall all but one of the antivirus programs via Add/Remove Programs.


You also have multiple antispyware programs. I would suggest that you have no more than two installed and running at any time. :)



Step 1.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


Step 2.


We need to create an OTL Report
  • Please download OTL from the following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


In your next reply please include the following:

aswMBR log
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized




Thanks!!

Edited by pwgib, 10 June 2011 - 07:00 AM.

PW

#6 jkiejr

jkiejr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 11 June 2011 - 10:26 PM

aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-11 23:06:00
-----------------------------
23:06:00.249 OS Version: Windows x64 6.1.7601 Service Pack 1
23:06:00.249 Number of processors: 2 586 0xF0B
23:06:00.250 ComputerName: JOE-PC UserName: joe
23:06:04.436 Initialize success
23:06:18.355 Service scanning
23:06:20.153 Disk 0 trace - called modules:
23:06:25.201 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys hal.dll
23:06:25.204 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004932060]
23:06:25.207 3 CLASSPNP.SYS[fffff88001da343f] -> nt!IofCallDriver -> [0xfffffa8004488520]
23:06:25.210 5 ACPI.sys[fffff88000f747a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004484680]
23:06:25.213 7 ntoskrnl.exe[fffff80003185028] -> nt!IofCallDriver -> [0xfffffa8004931230]
23:06:25.216 Scan finished successfully
23:06:45.838 The log file has been saved successfully to "G:\Users\joe\Downloads\aswMBR.txt"





OTL logfile created on: 6/11/2011 11:17:38 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = G:\Users\joe\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 30.81% Memory free
8.00 Gb Paging File | 4.51 Gb Available in Paging File | 56.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files (x86)
Drive G: | 465.76 Gb Total Space | 52.46 Gb Free Space | 11.26% Space Free | Partition Type: NTFS

Computer Name: JOE-PC | User Name: joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/11 23:08:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- G:\Users\joe\Downloads\OTL.exe
PRC - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- G:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- G:\Users\joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/05/25 02:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- G:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- G:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/05/09 21:04:17 | 000,138,760 | R--- | M] (Symantec Corporation) -- G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\ccsvchst.exe
PRC - [2011/05/03 16:37:02 | 000,355,432 | ---- | M] () -- G:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
PRC - [2011/04/28 17:42:28 | 002,619,904 | ---- | M] () -- G:\Users\joe\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
PRC - [2011/04/28 14:34:42 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- G:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- G:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- G:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/03/28 17:54:03 | 000,522,824 | ---- | M] (Logitech Inc.) -- G:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe
PRC - [2011/03/23 12:08:28 | 000,075,136 | ---- | M] () -- G:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- G:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- G:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- G:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2010/11/20 08:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- G:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/11/17 15:06:14 | 001,242,448 | ---- | M] (Valve Corporation) -- G:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/11/10 08:59:50 | 000,140,616 | ---- | M] (Neuber Software - www.neuber.com) -- G:\Program Files (x86)\Security Task Manager\SpyProtector.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- G:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- G:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/05/05 19:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- G:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/05/05 19:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- G:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- G:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- G:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- G:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () -- G:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- G:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/06 17:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- G:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe


========== Modules (SafeList) ==========

MOD - [2011/06/11 23:08:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- G:\Users\joe\Downloads\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- g:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- G:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 21:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- G:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- g:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- g:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/10/28 06:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- G:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- G:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/05 17:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- G:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- G:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/25 17:29:52 | 002,275,720 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/05/25 02:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- G:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- G:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/05/17 19:55:40 | 003,275,864 | ---- | M] () [Auto | Running] -- g:\Program Files (x86)\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/05/16 08:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- G:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/05/09 21:04:17 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\ccSvcHst.exe -- (NIS)
SRV - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- G:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/04/16 02:23:45 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- G:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/23 12:08:28 | 000,075,136 | ---- | M] () [Auto | Running] -- G:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/02/16 15:49:08 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- G:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/01/01 16:59:17 | 000,102,400 | ---- | M] () [Auto | Running] -- G:\Windows\Installer\MSIC40F.tmp -- (HyperDeskCustomThemeEnabler)
SRV - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- G:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2010/05/05 15:27:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- G:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- G:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- G:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- G:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/12/01 21:48:29 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- G:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- G:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- G:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- G:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- G:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/17 14:09:55 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/10 22:32:16 | 000,189,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- G:\Windows\SysNative\drivers\NISx64\1300000.06E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/05/10 22:31:27 | 000,721,016 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- G:\Windows\SysNative\drivers\NISx64\1300000.06E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/05/10 22:31:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- G:\Windows\SysNative\drivers\NISx64\1300000.06E\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/05/09 21:42:52 | 000,396,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- G:\Windows\SysNative\drivers\NISx64\1300000.06E\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/05/09 21:42:50 | 001,083,512 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- G:\Windows\SysNative\drivers\NISx64\1300000.06E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/05/09 21:04:49 | 000,164,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- G:\Windows\SysNative\drivers\NISx64\1300000.06E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/05/05 03:26:49 | 000,451,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- G:\Windows\SysNative\drivers\NISx64\1300000.06E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/04/28 14:34:54 | 000,064,272 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- G:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2011/03/24 10:57:54 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/03/24 10:57:54 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- G:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- G:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/03 05:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- G:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- G:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/06 23:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- G:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/10/02 10:08:56 | 000,043,456 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/31 12:32:44 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2010/08/24 13:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 13:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/05/05 21:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/05/05 21:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/05/05 21:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/05/05 21:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/05/05 21:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/05/05 21:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/05/05 21:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- G:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- G:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/02/03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010/01/22 23:01:22 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- G:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/08 19:42:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/01/07 03:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/01 15:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 10:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- G:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 17:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/07/26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- G:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- G:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011/06/11 22:14:17 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- G:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.108\Definitions\VirusDefs\20110611.006\ex64.sys -- (NAVEX15)
DRV - [2011/06/11 22:14:17 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- G:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.108\Definitions\VirusDefs\20110611.006\eng64.sys -- (NAVENG)
DRV - [2011/05/31 21:45:12 | 000,488,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- G:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.108\Definitions\IPSDefs\20110610.032\IDSviA64.sys -- (IDSVia64)
DRV - [2011/05/19 15:37:05 | 001,143,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- G:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.108\Definitions\BASHDefs\20110531.021\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/05/04 02:45:19 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- G:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/05/04 02:45:19 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- G:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/03 16:36:58 | 000,014,440 | ---- | M] () [Kernel | On_Demand | Running] -- G:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64)
DRV - [2011/04/28 14:34:54 | 000,061,200 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- G:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/04/28 14:34:54 | 000,052,496 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- G:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/03/24 10:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/03/24 10:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/02/04 10:27:14 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = G:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-817275548-1800543030-2340799207-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-817275548-1800543030-2340799207-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-817275548-1800543030-2340799207-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-817275548-1800543030-2340799207-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 AB 23 97 57 96 CA 01 [binary data]
IE - HKU\S-1-5-21-817275548-1800543030-2340799207-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - g:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-817275548-1800543030-2340799207-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-817275548-1800543030-2340799207-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: G:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: G:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.108\IPSFFPlgn\ [2011/05/17 14:39:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: G:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.108\coFFPlgn\ [2011/05/17 14:35:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: G:\Program Files (x86)\McAfee\SiteAdvisor [2011/05/25 16:34:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: G:\Program Files (x86)\Mozilla Firefox\components [2011/04/29 14:35:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: G:\Program Files (x86)\Mozilla Firefox\plugins

[2011/04/29 14:37:03 | 000,000,000 | ---D | M] (No name found) -- G:\Users\joe\AppData\Roaming\Mozilla\Extensions
[2011/05/31 18:36:39 | 000,000,000 | ---D | M] (No name found) -- G:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\c5w6u6nt.default\extensions
[2011/05/31 18:36:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- G:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\c5w6u6nt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/27 12:14:45 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- G:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\c5w6u6nt.default\extensions\battlefieldheroespatcher@ea.com
[2009/12/02 04:16:02 | 000,000,000 | ---D | M] (No name found) -- G:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\d3l31inf.default\extensions
[2011/05/17 15:11:21 | 000,002,470 | ---- | M] () -- G:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\c5w6u6nt.default\searchplugins\safesearch.xml
[2011/04/29 14:35:23 | 000,000,000 | ---D | M] (No name found) -- G:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/25 16:34:15 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- G:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/05/17 14:35:25 | 000,000,000 | ---D | M] (Norton Toolbar) -- G:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.108\COFFPLGN
[2011/05/17 14:39:03 | 000,000,000 | ---D | M] (Norton IPS 2.0) -- G:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.108\IPSFFPLGN
() (No name found) -- G:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C5W6U6NT.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- G:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C5W6U6NT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- G:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C5W6U6NT.DEFAULT\EXTENSIONS\FIREFOX@UNSUBSCRIBE.COM.XPI
() (No name found) -- G:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C5W6U6NT.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- G:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- G:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/25 21:17:30 | 000,433,846 | ---- | M]) - G:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14957 more lines...
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - g:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - G:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton IPS 2.0) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - g:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - g:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - g:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - G:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - G:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.110\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-817275548-1800543030-2340799207-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-817275548-1800543030-2340799207-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - G:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] G:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] G:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [EvtMgr6] G:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] G:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] g:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [UpdateSVNs] G:\Program Files (x86)\Steam\steamapps\jkiejr\garrysmod\garrysmod\addons [2011/01/06 21:30:22 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] G:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] G:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CTxfiHlp] G:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Spy Protector] G:\Program Files (x86)\Security Task Manager\SpyProtector.exe (Neuber Software - www.neuber.com)
O4 - HKLM..\Run: [VolPanel] G:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] G:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] G:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-817275548-1800543030-2340799207-1001..\Run: [PeerBlock] G:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-817275548-1800543030-2340799207-1001..\Run: [Speech Recognition] G:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-817275548-1800543030-2340799207-1001..\Run: [SpybotSD TeaTimer] G:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-817275548-1800543030-2340799207-1001..\Run: [Steam] G:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-817275548-1800543030-2340799207-1001..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-817275548-1800543030-2340799207-1012..\Run: [Sidebar] G:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [CTAutoUpdate] G:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [CTAutoUpdate] G:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-21-817275548-1800543030-2340799207-1012..\RunOnce: [mctadmin] File not found
O4 - Startup: G:\Users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk = G:\Users\joe\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
O4 - Startup: G:\Users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: G:\Users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = G:\Users\joe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: G:\Users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = G:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-817275548-1800543030-2340799207-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - G:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - G:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - g:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - g:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - g:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - g:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - G:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Value error. - g:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{739ea7e3-f96a-11de-a22b-001bfc439d84}\Shell - "" = AutoRun
O33 - MountPoints2\{739ea7e3-f96a-11de-a22b-001bfc439d84}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{82296832-726f-11df-ba08-001bfc439d84}\Shell - "" = AutoRun
O33 - MountPoints2\{82296832-726f-11df-ba08-001bfc439d84}\Shell\AutoRun\command - "" = F:\noautorun.exe
O33 - MountPoints2\{9597fc01-dee5-11de-9c19-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9597fc01-dee5-11de-9c19-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/11 22:59:33 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{F568E8C3-60FE-4AAD-821E-C97DDABDA7DD}
[2011/06/09 00:56:59 | 000,000,000 | ---D | C] -- G:\Users\joe\Unigine Heaven
[2011/06/09 00:56:27 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
[2011/06/09 00:56:15 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Unigine
[2011/06/09 00:08:21 | 018,583,144 | ---- | C] (NVIDIA Corporation) -- G:\Windows\SysNative\nvcompiler.dll
[2011/06/09 00:08:21 | 016,456,296 | ---- | C] (NVIDIA Corporation) -- G:\Windows\SysWow64\nvoglv32.dll
[2011/06/09 00:08:21 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- G:\Windows\SysWow64\nvcompiler.dll
[2011/06/09 00:08:21 | 011,992,680 | ---- | C] (NVIDIA Corporation) -- G:\Windows\SysWow64\nvd3dum.dll
[2011/06/09 00:08:21 | 007,123,560 | ---- | C] (NVIDIA Corporation) -- G:\Windows\SysNative\nvcuda.dll
[2011/06/09 00:08:21 | 006,555,240 | ---- | C] (NVIDIA Corporation) -- G:\Windows\SysWow64\nvwgf2um.dll
[2011/06/09 00:08:21 | 005,301,352 | ---- | C] (NVIDIA Corporation) -- G:\Windows\SysWow64\nvcuda.dll
[2011/06/09 00:08:21 | 002,943,592 | ---- | C] (NVIDIA Corporation) -- G:\Windows\SysNative\nvcuvid.dll
[2011/06/09 00:08:21 | 002,804,328 | ---- | C] (NVIDIA Corporation) -- G:\Windows\SysWow64\nvcuvid.dll
[2011/06/09 00:08:21 | 002,212,968 | ---- | C] (NVIDIA Corporation) -- G:\Windows\SysNative\nvcuvenc.dll
[2011/06/09 00:08:21 | 002,082,408 | ---- | C] (NVIDIA Corporation) -- G:\Windows\SysWow64\nvcuvenc.dll
[2011/06/09 00:08:21 | 001,496,168 | ---- | C] (NVIDIA Corporation) -- G:\Windows\SysNative\nvdispco6420150.dll
[2011/06/09 00:08:21 | 001,427,048 | ---- | C] (NVIDIA Corporation) -- G:\Windows\SysNative\nvgenco642090.dll
[2011/06/09 00:08:21 | 000,067,176 | ---- | C] (Khronos Group) -- G:\Windows\SysNative\OpenCL.dll
[2011/06/09 00:08:21 | 000,057,960 | ---- | C] (Khronos Group) -- G:\Windows\SysWow64\OpenCL.dll
[2011/06/09 00:08:21 | 000,012,392 | ---- | C] (NVIDIA Corporation) -- G:\Windows\SysNative\drivers\nvBridge.kmd
[2011/06/08 21:57:46 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{43175509-E9E6-4BF7-9B75-E560B28610AD}
[2011/06/07 22:35:51 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{2B1611D6-242C-402E-A941-119EC277BC6D}
[2011/06/06 22:44:21 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{8909C19E-3C63-4A0F-B8BF-A2F33DC10F61}
[2011/06/05 21:22:31 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{8071F4E2-BA13-4A9A-A34A-C517B013C0D6}
[2011/06/04 23:39:17 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{74B05D2A-B052-4DD6-87AD-8AA15DC9C69B}
[2011/06/03 22:54:13 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\Origin
[2011/06/03 22:51:36 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011/06/03 22:51:24 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Origin Games
[2011/06/03 22:51:15 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Origin
[2011/06/02 23:20:57 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/06/02 22:09:48 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{F2F1ED74-B1F2-4BB0-9FA1-17CD7E72E2B3}
[2011/06/01 14:07:57 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{988FC280-37E1-4DCE-97CC-DF0E02124FB6}
[2011/05/31 18:07:53 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{B8EDDF4D-3493-43D6-B752-24C6AF13DCD1}
[2011/05/30 20:30:39 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{1AD97989-08FA-4403-B543-DC91EED437AF}
[2011/05/30 19:58:33 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/05/30 19:58:33 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\LogMeIn Hamachi
[2011/05/29 23:41:23 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{7D4C53EA-6A7E-4D89-8CF1-B87E516804E7}
[2011/05/28 22:52:37 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{B4B1E06F-CA2F-47E8-9A04-0A255681A827}
[2011/05/27 12:06:26 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{A0A85BC3-7BBF-4200-A36C-B8B084339BF4}
[2011/05/26 14:26:24 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{C8187824-194D-4E7A-AEE9-0AF6E3B1F767}
[2011/05/26 14:15:59 | 000,000,000 | ---D | C] -- G:\Users\joe\Desktop\minecraft server
[2011/05/25 20:02:20 | 000,000,000 | ---D | C] -- G:\!KillBox
[2011/05/25 18:38:20 | 000,000,000 | ---D | C] -- G:\ProgramData\SecTaskMan
[2011/05/25 18:38:05 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011/05/25 18:38:02 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Security Task Manager
[2011/05/25 16:49:39 | 000,027,520 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysNative\drivers\Diskdump.sys
[2011/05/25 16:46:26 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{25511662-2B3A-4222-B843-10A2C8B81771}
[2011/05/24 18:01:13 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{73250B3C-84FF-4FC4-8A1F-552D0FD21056}
[2011/05/24 15:15:27 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Roaming\PCF-VLC
[2011/05/24 15:14:28 | 000,000,000 | ---D | C] -- G:\.miro
[2011/05/24 15:13:16 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\GetMiro Toolbar
[2011/05/24 15:12:53 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Roaming\Participatory Culture Foundation
[2011/05/24 15:12:19 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Miro
[2011/05/24 15:11:45 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Participatory Culture Foundation
[2011/05/24 13:51:09 | 000,142,336 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysNative\poqexec.exe
[2011/05/24 13:51:09 | 000,123,904 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\poqexec.exe
[2011/05/23 23:45:35 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Microsoft Security Client
[2011/05/23 23:45:21 | 000,000,000 | ---D | C] -- G:\Program Files\Microsoft Security Client
[2011/05/23 23:43:00 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Roaming\vlc
[2011/05/23 23:42:36 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/05/23 23:42:01 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\VideoLAN
[2011/05/23 14:13:53 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{763461D6-AA19-4FF8-B8C4-7049A64CBE44}
[2011/05/22 19:39:31 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{AED5D0B0-E71D-4AE2-9822-397A69F13E3D}
[2011/05/21 17:36:59 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{E5CAF9E2-B568-4AFD-A7FD-68E2388B5177}
[2011/05/20 21:17:20 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{DC0D227B-3499-408E-93B3-17D806B8BE6B}
[2011/05/19 23:09:01 | 000,000,000 | ---D | C] -- G:\Users\joe\Documents\My Cheat Tables
[2011/05/19 23:08:45 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.0
[2011/05/19 23:08:44 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Cheat Engine 6
[2011/05/19 15:45:08 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{8EEFE3AB-5703-4C70-B994-B9EA7F74F925}
[2011/05/19 00:29:14 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{908DA32F-1272-499E-A447-B26C5CB9F881}
[2011/05/17 21:00:36 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Microsoft XNA
[2011/05/17 14:42:37 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{0B72EF32-DE25-4CC0-A060-733F409604FB}
[2011/05/17 02:22:26 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{D185997A-25B4-462C-AB2B-9FB6E7551CAC}
[2011/05/15 19:11:23 | 000,000,000 | ---D | C] -- G:\Users\joe\AppData\Local\{ED1C484A-63C7-441B-92CF-084ECC0F2E8B}
[2011/05/14 15:53:49 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- G:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2010/05/05 19:59:10 | 000,060,928 | ---- | C] ( ) -- G:\Windows\SysWow64\a3d.dll
[2010/05/05 19:38:18 | 000,012,800 | ---- | C] ( ) -- G:\Windows\SysWow64\killapps.exe
[3 G:\Windows\*.tmp files -> G:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/11 23:10:02 | 000,000,892 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/11 22:24:00 | 000,000,900 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-817275548-1800543030-2340799207-1001UA.job
[2011/06/11 22:10:49 | 000,018,368 | -H-- | M] () -- G:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/11 22:10:49 | 000,018,368 | -H-- | M] () -- G:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/11 21:49:14 | 000,000,888 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/11 21:47:25 | 000,067,584 | --S- | M] () -- G:\Windows\bootstat.dat
[2011/06/11 21:47:24 | 3220,529,152 | -HS- | M] () -- G:\hiberfil.sys
[2011/06/09 02:38:46 | 000,060,104 | ---- | M] () -- G:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-002C1102}.rfx
[2011/06/09 02:38:46 | 000,000,788 | ---- | M] () -- G:\Windows\SysNative\DVCState-{00000005-00000000-00000002-00001102-00000005-002C1102}.rfx
[2011/06/09 02:38:45 | 000,060,104 | ---- | M] () -- G:\Windows\SysNative\BMXState-{00000005-00000000-00000002-00001102-00000005-002C1102}.rfx
[2011/06/09 02:12:11 | 001,698,723 | ---- | M] () -- G:\Windows\SysNative\drivers\NISx64\1300000.06E\Cat.DB
[2011/06/09 00:56:31 | 000,002,167 | ---- | M] () -- G:\Users\Public\Desktop\Heaven DX11 Benchmark 2.5.lnk
[2011/06/08 23:24:00 | 000,000,848 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-817275548-1800543030-2340799207-1001Core.job
[2011/06/06 01:25:32 | 000,002,385 | ---- | M] () -- G:\Users\joe\Desktop\Google Chrome.lnk
[2011/06/05 00:09:38 | 000,000,000 | ---- | M] () -- G:\Users\joe\defogger_reenable
[2011/06/04 23:29:30 | 000,000,064 | ---- | M] () -- G:\Windows\SysWow64\rp_stats.dat
[2011/06/04 23:29:30 | 000,000,044 | ---- | M] () -- G:\Windows\SysWow64\rp_rules.dat
[2011/06/03 22:51:37 | 000,000,979 | ---- | M] () -- G:\Users\Public\Desktop\Origin.lnk
[2011/06/03 02:21:38 | 000,001,952 | ---- | M] () -- G:\Users\joe\Documents\mcedit.ini
[2011/06/02 01:14:59 | 000,001,064 | ---- | M] () -- G:\Users\Public\Desktop\World of Warcraft.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- G:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- G:\Windows\SysNative\drivers\mbam.sys
[2011/05/27 22:20:25 | 000,000,600 | ---- | M] () -- G:\Users\joe\AppData\Roaming\winscp.rnd
[2011/05/27 22:20:19 | 000,001,849 | ---- | M] () -- G:\Users\joe\Desktop\WinSCP.lnk
[2011/05/27 21:53:27 | 000,000,989 | ---- | M] () -- G:\Users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/27 21:53:21 | 000,001,009 | ---- | M] () -- G:\Users\joe\Desktop\Dropbox.lnk
[2011/05/27 21:31:40 | 000,000,085 | -HS- | M] () -- G:\ProgramData\.zreglib
[2011/05/26 14:19:31 | 000,000,693 | ---- | M] () -- G:\Users\joe\Desktop\Minecraft_Server - Shortcut.lnk
[2011/05/26 13:09:40 | 000,266,400 | ---- | M] () -- G:\Windows\SysWow64\PnkBstrB.xtr
[2011/05/26 13:09:40 | 000,266,400 | ---- | M] () -- G:\Windows\SysWow64\PnkBstrB.exe
[2011/05/25 21:17:30 | 000,433,846 | ---- | M] () -- G:\Windows\SysNative\drivers\etc\hosts
[2011/05/25 21:15:41 | 000,433,846 | R--- | M] () -- G:\Windows\SysNative\drivers\etc\hosts.20110525-211730.backup
[2011/05/25 19:43:04 | 000,008,568 | ---- | M] () -- G:\Users\Public\Documents\cc_20110525_194253.reg
[2011/05/25 02:09:15 | 003,040,872 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysNative\nvsvc64.dll
[2011/05/25 02:09:15 | 000,117,864 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysNative\nvmctray.dll
[2011/05/25 02:09:15 | 000,061,544 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysNative\nvshext.dll
[2011/05/25 02:09:14 | 008,863,336 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysNative\nvwgf2umx.dll
[2011/05/25 02:09:14 | 006,300,776 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysNative\nvcpl.dll
[2011/05/25 02:09:14 | 000,739,432 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysNative\easyUpdatusAPIU64.dll
[2011/05/25 02:09:14 | 000,067,176 | ---- | M] (Khronos Group) -- G:\Windows\SysNative\OpenCL.dll
[2011/05/25 02:09:14 | 000,057,960 | ---- | M] (Khronos Group) -- G:\Windows\SysWow64\OpenCL.dll
[2011/05/25 02:09:13 | 022,286,952 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysNative\nvoglv64.dll
[2011/05/25 02:09:13 | 016,456,296 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysWow64\nvoglv32.dll
[2011/05/25 02:09:13 | 006,555,240 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysWow64\nvwgf2um.dll
[2011/05/25 02:09:12 | 015,223,912 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysNative\nvd3dumx.dll
[2011/05/25 02:09:12 | 011,992,680 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysWow64\nvd3dum.dll
[2011/05/25 02:09:12 | 002,943,592 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysNative\nvcuvid.dll
[2011/05/25 02:09:12 | 002,804,328 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysWow64\nvcuvid.dll
[2011/05/25 02:09:12 | 001,496,168 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysNative\nvdispco6420150.dll
[2011/05/25 02:09:12 | 001,427,048 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysNative\nvgenco642090.dll
[2011/05/25 02:09:12 | 000,007,384 | ---- | M] () -- G:\Windows\SysNative\nvinfo.pb
[2011/05/25 02:09:11 | 018,583,144 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysNative\nvcompiler.dll
[2011/05/25 02:09:11 | 013,011,560 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysWow64\nvcompiler.dll
[2011/05/25 02:09:11 | 007,123,560 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysNative\nvcuda.dll
[2011/05/25 02:09:11 | 005,301,352 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysWow64\nvcuda.dll
[2011/05/25 02:09:11 | 002,644,584 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysNative\nvapi64.dll
[2011/05/25 02:09:11 | 002,335,848 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysWow64\nvapi.dll
[2011/05/25 02:09:11 | 002,212,968 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysNative\nvcuvenc.dll
[2011/05/25 02:09:11 | 002,082,408 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysWow64\nvcuvenc.dll
[2011/05/25 02:09:11 | 000,012,392 | ---- | M] (NVIDIA Corporation) -- G:\Windows\SysNative\drivers\nvBridge.kmd
[2011/05/24 15:12:24 | 000,002,178 | ---- | M] () -- G:\Users\Public\Desktop\Miro.lnk
[2011/05/23 23:46:49 | 000,001,945 | ---- | M] () -- G:\Windows\epplauncher.mif
[2011/05/23 23:45:47 | 000,809,308 | ---- | M] () -- G:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/23 23:45:47 | 000,670,982 | ---- | M] () -- G:\Windows\SysNative\perfh009.dat
[2011/05/23 23:45:47 | 000,126,068 | ---- | M] () -- G:\Windows\SysNative\perfc009.dat
[2011/05/23 23:42:40 | 000,001,066 | ---- | M] () -- G:\Users\Public\Desktop\VLC media player.lnk
[2011/05/20 22:35:28 | 000,304,744 | ---- | M] () -- G:\Windows\SysWow64\nvStreaming.exe
[2011/05/18 14:38:49 | 000,884,736 | ---- | M] (DMSoft Technologies) -- G:\Windows\skincrafter3_vs2005.dll
[2011/05/17 14:45:15 | 000,002,604 | ---- | M] () -- G:\Windows\SysNative\drivers\NISx64\1300000.06E\VT20110422.020
[2011/05/17 14:09:55 | 000,174,200 | ---- | M] (Symantec Corporation) -- G:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/05/17 14:09:55 | 000,007,488 | ---- | M] () -- G:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/05/17 14:09:55 | 000,000,855 | ---- | M] () -- G:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/05/14 15:53:49 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- G:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[3 G:\Windows\*.tmp files -> G:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/09 00:56:31 | 000,002,167 | ---- | C] () -- G:\Users\Public\Desktop\Heaven DX11 Benchmark 2.5.lnk
[2011/06/05 00:06:08 | 000,000,000 | ---- | C] () -- G:\Users\joe\defogger_reenable
[2011/06/03 22:51:37 | 000,000,979 | ---- | C] () -- G:\Users\Public\Desktop\Origin.lnk
[2011/06/02 23:21:00 | 000,002,385 | ---- | C] () -- G:\Users\joe\Desktop\Google Chrome.lnk
[2011/06/02 23:19:39 | 000,000,900 | ---- | C] () -- G:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-817275548-1800543030-2340799207-1001UA.job
[2011/06/02 23:19:38 | 000,000,848 | ---- | C] () -- G:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-817275548-1800543030-2340799207-1001Core.job
[2011/05/27 21:31:40 | 000,000,085 | -HS- | C] () -- G:\ProgramData\.zreglib
[2011/05/26 14:19:31 | 000,000,693 | ---- | C] () -- G:\Users\joe\Desktop\Minecraft_Server - Shortcut.lnk
[2011/05/25 19:43:01 | 000,008,568 | ---- | C] () -- G:\Users\Public\Documents\cc_20110525_194253.reg
[2011/05/24 15:12:22 | 000,002,178 | ---- | C] () -- G:\Users\Public\Desktop\Miro.lnk
[2011/05/23 23:46:49 | 000,001,945 | ---- | C] () -- G:\Windows\epplauncher.mif
[2011/05/23 23:45:26 | 000,001,857 | ---- | C] () -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/05/23 23:42:39 | 000,001,066 | ---- | C] () -- G:\Users\Public\Desktop\VLC media player.lnk
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- G:\Windows\SysWow64\nvStreaming.exe
[2011/04/29 14:35:55 | 000,000,000 | ---- | C] () -- G:\Windows\nsreg.dat
[2011/04/26 21:12:00 | 000,000,064 | ---- | C] () -- G:\Windows\SysWow64\rp_stats.dat
[2011/04/26 21:12:00 | 000,000,044 | ---- | C] () -- G:\Windows\SysWow64\rp_rules.dat
[2011/04/20 19:58:59 | 000,000,048 | ---- | C] () -- G:\Windows\wininit.ini
[2011/04/10 19:31:42 | 000,148,480 | ---- | C] () -- G:\Windows\SysWow64\APOMngr.DLL
[2011/04/10 19:31:42 | 000,073,728 | ---- | C] () -- G:\Windows\SysWow64\CmdRtr.DLL
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- G:\Windows\SysWow64\xlive.dll.cat
[2011/04/09 15:39:09 | 000,000,600 | ---- | C] () -- G:\Users\joe\AppData\Roaming\winscp.rnd
[2011/04/04 23:53:55 | 000,000,036 | ---- | C] () -- G:\Users\joe\AppData\Local\housecall.guid.cache
[2011/03/22 16:00:44 | 002,340,992 | ---- | C] () -- G:\Windows\SysWow64\BootMan.exe
[2011/03/22 16:00:44 | 000,018,048 | ---- | C] () -- G:\Windows\SysWow64\EuEpmGdi.dll
[2011/03/22 16:00:43 | 000,086,408 | ---- | C] () -- G:\Windows\SysWow64\setupempdrv03.exe
[2011/03/22 16:00:43 | 000,014,216 | ---- | C] () -- G:\Windows\SysWow64\epmntdrv.sys
[2011/03/22 16:00:43 | 000,008,456 | ---- | C] () -- G:\Windows\SysWow64\EuGdiDrv.sys
[2011/03/15 00:37:39 | 000,000,017 | ---- | C] () -- G:\Users\joe\AppData\Local\resmon.resmoncfg
[2011/02/28 14:18:02 | 000,266,400 | ---- | C] () -- G:\Windows\SysWow64\PnkBstrB.exe
[2011/02/28 14:18:01 | 000,075,136 | ---- | C] () -- G:\Windows\SysWow64\PnkBstrA.exe
[2010/11/22 18:54:28 | 000,000,193 | ---- | C] () -- G:\Windows\WORDPAD.INI
[2010/11/10 03:45:32 | 000,102,744 | ---- | C] () -- G:\Windows\SysWow64\LogiDPPApp.exe
[2010/11/10 03:45:30 | 010,871,128 | ---- | C] () -- G:\Windows\SysWow64\LogiDPP.dll
[2010/11/10 03:45:20 | 000,316,248 | ---- | C] () -- G:\Windows\SysWow64\DevManagerCore.dll
[2010/08/13 23:26:53 | 000,123,004 | -H-- | C] () -- G:\Windows\SysWow64\mlfcache.dat
[2010/07/29 11:09:51 | 000,451,072 | ---- | C] () -- G:\Windows\SysWow64\ISSRemoveSP.exe
[2010/06/14 10:58:40 | 002,444,656 | ---- | C] () -- G:\Windows\SysWow64\pbsvc_apb.exe
[2010/06/11 15:43:48 | 000,001,035 | ---- | C] () -- G:\Windows\eReg.dat
[2010/06/02 16:19:48 | 000,000,056 | -H-- | C] () -- G:\Windows\SysWow64\ezsidmv.dat
[2010/05/31 16:44:12 | 000,000,091 | ---- | C] () -- G:\Users\joe\AppData\Local\fusioncache.dat
[2010/05/05 20:37:52 | 000,021,204 | ---- | C] () -- G:\Windows\SysWow64\instwdm.ini
[2010/05/05 20:37:50 | 000,000,054 | ---- | C] () -- G:\Windows\SysWow64\ctzapxx.ini
[2010/05/05 19:56:46 | 000,002,560 | ---- | C] () -- G:\Windows\SysWow64\CTXFIRES.DLL
[2010/05/05 19:46:30 | 000,321,512 | ---- | C] () -- G:\Windows\SysWow64\ctdlang.dat
[2010/05/05 19:46:30 | 000,056,509 | ---- | C] () -- G:\Windows\SysWow64\ctdnlstr.dat
[2010/05/05 19:38:22 | 000,007,680 | ---- | C] () -- G:\Windows\SysWow64\enlocstr.exe
[2010/05/05 15:30:52 | 000,000,029 | ---- | C] () -- G:\Windows\sfbm.INI
[2010/05/05 14:03:43 | 000,809,308 | ---- | C] () -- G:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/15 21:05:42 | 002,577,776 | ---- | C] () -- G:\Windows\SysWow64\pbsvc_heroes.exe
[2010/04/06 02:27:07 | 000,001,769 | ---- | C] () -- G:\Windows\Language_trs.ini
[2010/03/21 11:13:18 | 002,434,856 | ---- | C] () -- G:\Windows\SysWow64\pbsvc_bc2.exe
[2010/02/02 21:37:52 | 000,053,433 | ---- | C] () -- G:\Users\joe\AppData\Roaming\Artwork.jpg
[2010/02/02 21:05:11 | 000,021,840 | ---- | C] () -- G:\Windows\SysWow64\SIntfNT.dll
[2010/02/02 21:05:11 | 000,017,212 | ---- | C] () -- G:\Windows\SysWow64\SIntf32.dll
[2010/02/02 21:05:11 | 000,012,067 | ---- | C] () -- G:\Windows\SysWow64\SIntf16.dll
[2009/12/03 20:31:58 | 000,000,262 | ---- | C] () -- G:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/12/02 04:06:35 | 000,794,408 | ---- | C] () -- G:\Windows\SysWow64\pbsvc.exe
[2009/12/01 20:03:38 | 000,000,362 | RHS- | C] () -- G:\ProgramData\ntuser.pol
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- G:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- G:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- G:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- G:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- G:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- G:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- G:\Windows\SysWow64\mlang.dat
[2009/05/27 10:49:00 | 000,000,285 | ---- | C] () -- G:\Windows\SysWow64\kill.ini
[2006/10/10 23:33:58 | 000,010,288 | ---- | C] () -- G:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2004/01/28 10:53:50 | 000,051,200 | ---- | C] () -- G:\Windows\SysWow64\ThriXXX010205PNG.dll
[2004/01/28 10:53:43 | 000,023,040 | ---- | C] () -- G:\Windows\SysWow64\ThriXXX010104Z.dll
[2004/01/28 10:53:37 | 000,056,832 | ---- | C] () -- G:\Windows\SysWow64\ThriXXX015003JP2.dll
[2003/05/23 06:08:52 | 000,107,008 | ---- | C] () -- G:\Windows\SysWow64\vorbis.dll
[2003/05/23 06:08:52 | 000,020,992 | ---- | C] () -- G:\Windows\SysWow64\ogg.dll

< End of report >





OTL Extras logfile created on: 6/11/2011 11:17:38 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = G:\Users\joe\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 30.81% Memory free
8.00 Gb Paging File | 4.51 Gb Available in Paging File | 56.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files (x86)
Drive G: | 465.76 Gb Total Space | 52.46 Gb Free Space | 11.26% Space Free | Partition Type: NTFS

Computer Name: JOE-PC | User Name: joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- G:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- G:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-817275548-1800543030-2340799207-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "G:\Windows\system32\rundll32.exe" "G:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "G:\Windows\system32\rundll32.exe" "G:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "G:\Windows\System32\rundll32.exe" "G:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{45EF12B0-F531-4A2C-A1C0-6B1495698E30}" = TortoiseSVN 1.6.15.21042 (64 bit)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"LibUSB-Win32_is1" = LibUSB-Win32-1.2.2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Recuva" = Recuva
"sp6" = Logitech SetPoint 6.20
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2: Deluxe Edition
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{16287343-5748-4D63-9D5B-541864B5A076}" = SideTunes
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.3.11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4343080E-448E-4E2C-B27F-B91000018201}" = Dead Rising 2
"{4343080E-448E-4E2C-B27F-B91000028201}" = Dead Rising 2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D530942-9B89-4186-98B7-F51000000100}" = Project S
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{522C39C5-F781-49E5-AE1D-FE8A16B1A61A}" = Subversion
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54510837-BD04-4C32-9676-DB1000028201}" = Red Faction: Guerrilla
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454085C-840F-4070-8FAA-441000018301}" = BioShock 2
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout™ Paradise The Ultimate Box
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"APB Reloaded" = APB Reloaded
"AudioCS" = Creative Audio Control Panel
"Canon MP250 series User Registration" = Canon MP250 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"Combat Arms" = Combat Arms
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Crysis WARHEAD®" = Crysis WARHEAD®
"Disk Space Fan_is1" = Disk Space Fan 2.2.7.821
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition
"EasyBCD" = EasyBCD 2.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"GFWL_{4D530942-9B89-4186-98B7-F51000000100}" = Project S
"hon" = Heroes of Newerth
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MINERVA: Metastasis" = MINERVA: Metastasis
"Miro" = Miro
"Morpheus Photo Animation Suite_is1" = Morpheus Photo Animation Suite v3.15
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NIS" = Norton Internet Security
"NST" = Norton Safe Web Lite
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PingPlotter Standard" = PingPlotter Standard 3.30.4s
"Poser 7_is1" = Poser 7.0.4
"Precision" = EVGA Precision 2.0.3
"PunkBusterSvc" = PunkBuster Services
"Rapport_msi" = Rapport
"Security Task Manager" = Security Task Manager 1.8c
"StarCraft II" = StarCraft II
"Steam App 10090" = Call of Duty: World at War
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 105600" = Terraria
"Steam App 1250" = Killing Floor
"Steam App 12900" = Audiosurf
"Steam App 13140" = America's Army 3
"Steam App 15120" = Tom Clancy's Rainbow Six: Vegas 2
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 15750" = Oddworld: Stranger's Wrath
"Steam App 17470" = Dead Space
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
"Steam App 21690" = Resident Evil 5
"Steam App 218" = Source SDK Base 2007
"Steam App 22380" = Fallout: New Vegas
"Steam App 240" = Counter-Strike: Source
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 4000" = Garry's Mod
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42720" = Call of Duty Black Ops - Remote Console
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 4560" = Company of Heroes
"Steam App 4570" = Warhammer 40,000: Dawn of War Gold Edition
"Steam App 45740" = Dead Rising 2
"Steam App 520" = Team Fortress 2 Beta
"Steam App 550" = Left 4 Dead 2
"Steam App 63200" = Monday Night Combat
"Steam App 7670" = BioShock
"Steam App 7940" = Call of Duty 4: Modern Warfare
"Steam App 8850" = BioShock 2
"Steam App 8980" = Borderlands
"Steam App 9450" = Warhammer 40,000: Dawn of War – Soulstorm
"Steam App 99830" = Crysis 2
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"Unigine Heaven DX11 Benchmark 2.5_is1" = Unigine Heaven DX11 Benchmark 2.5 version 2.5
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.9
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.3
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-817275548-1800543030-2340799207-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"CNET TechTracker" = CNET TechTracker
"Dropbox" = Dropbox
"GameRanger" = GameRanger
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#7 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:12 AM

Posted 13 June 2011 - 06:29 AM

Hi jkiejr,


Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case µTorrent). These programs allow file sharing between users as the name(s) suggest. In today's world cyber crime has become an enormous problem. Different ways are used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools as a huge amount of prospective victims can be reached through them.

It is therefore possible to be infected by downloading infected files via peer-to-peer tools and so these tools must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes on copyright laws in many countries over the world and you are putting yourself at risk of of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

If you decide to keep this program please refrain from using it until we get your computer clean.


I see you have installed CCleaner. I use the program myself and recommend it but it does contain a registry cleaner.

Please be aware that Bleeping Computer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

More information about registry cleaners can be found at Miekiemoes Blog

Please do not use the registry cleaner included with CCleaner. :thumbup2:



Step 1.


  • Click on this link--> virustotal
  • Click the browse button. Copy and paste the following lines in the open box, then click Send File after pasting one line. You will only be able to have one file scanned at a time.


G:\Windows\SysNative\epmntdrv.sys



If the file has been analyzed before, click the Reanalyse File Now button.

Please copy and paste the results of the scan in your next post.




Step 2.


We need to disable Spybot S&D's "TeaTimer"

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.
In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.

  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy


Step 3.


We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    
    O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
    O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
    O3 - HKU\S-1-5-21-817275548-1800543030-2340799207-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
    O4 - HKU\S-1-5-21-817275548-1800543030-2340799207-1012..\RunOnce: [mctadmin] File not found
    O20 - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - File not found
    
    
    :commands
    [EmptyTemp]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.


Step 4.


Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to Disable your Security Applications
    Note - If you have AVG or CA installed, due to recent changes in how these AV's target the tool's internal files, they must be uninstalled before running ComboFix. If you have difficulty uninstalling the AV, download Opswat AppRemover http://www.appremover.com/supported-applications <----Important
    Refer to this page if you are not sure how. You can reinstall AVG when we are finished.

  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.



In your next reply please include the following:


OTLFix report
Combofix.txt



Thanks!!
PW

#8 jkiejr

jkiejr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 13 June 2011 - 04:47 PM

AhnLab-V3 2011.06.14.00 2011.06.13 -
AntiVir 7.11.9.167 2011.06.13 -
Antiy-AVL 2.0.3.7 2011.06.13 -
Avast 4.8.1351.0 2011.06.13 -
Avast5 5.0.677.0 2011.06.13 -
AVG 10.0.0.1190 2011.06.13 -
BitDefender 7.2 2011.06.13 -
CAT-QuickHeal 11.00 2011.06.13 -
ClamAV 0.97.0.0 2011.06.13 -
Commtouch 5.3.2.6 2011.06.13 -
Comodo 9056 2011.06.13 -
DrWeb 5.0.2.03300 2011.06.13 -
eSafe 7.0.17.0 2011.06.13 -
eTrust-Vet 36.1.8384 2011.06.13 -
F-Prot 4.6.2.117 2011.06.13 -
F-Secure 9.0.16440.0 2011.06.13 -
Fortinet 4.2.257.0 2011.06.13 -
GData 22 2011.06.13 -
Ikarus T3.1.1.104.0 2011.06.13 -
Jiangmin 13.0.900 2011.06.13 -
K7AntiVirus 9.106.4807 2011.06.13 -
Kaspersky 9.0.0.837 2011.06.13 -
McAfee 5.400.0.1158 2011.06.13 -
McAfee-GW-Edition 2010.1D 2011.06.13 -
Microsoft 1.6903 2011.06.13 -
NOD32 6204 2011.06.13 -
Norman 6.07.10 2011.06.13 -
nProtect 2011-06-13.02 2011.06.13 -
Panda 10.0.3.5 2011.06.13 -
PCTools 7.0.3.5 2011.06.10 -
Prevx 3.0 2011.06.13 -
Rising 23.62.00.03 2011.06.13 -
Sophos 4.66.0 2011.06.13 -
SUPERAntiSpyware 4.40.0.1006 2011.06.13 -
Symantec 20111.1.0.186 2011.06.13 -
TheHacker 6.7.0.1.230 2011.06.12 -
TrendMicro 9.200.0.1012 2011.06.13 -
TrendMicro-HouseCall 9.200.0.1012 2011.06.13 -
VIPRE 9574 2011.06.13 -
ViRobot 2011.6.13.4509 2011.06.13 -
VirusBuster 14.0.78.0 2011.06.13 -


All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
Registry value HKEY_USERS\S-1-5-21-817275548-1800543030-2340799207-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-817275548-1800543030-2340799207-1012\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:lsdelete deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: joe
->Temp folder emptied: 1998 bytes
->Temporary Internet Files folder emptied: 40974025 bytes
->Java cache emptied: 77901718 bytes
->FireFox cache emptied: 50954800 bytes
->Flash cache emptied: 93817 bytes

User: Mcx1-JOE-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: mom

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45881908 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 338414144 bytes

Total Files Cleaned = 529.00 mb


OTL by OldTimer - Version 3.2.24.0 log created on 06132011_172944

Files\Folders moved on Reboot...
G:\Users\joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QB2MD1WN\addons-tracker-v4[1].htm moved successfully.

Registry entries deleted on Reboot...

#9 jkiejr

jkiejr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 13 June 2011 - 05:46 PM

ComboFix 11-06-13.01 - joe 06/13/2011 18:03:51.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.1866 [GMT -4:00]
Running from: g:\users\joe\Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
g:\windows\SysWow64\test
.
.
((((((((((((((((((((((((( Files Created from 2011-05-13 to 2011-06-13 )))))))))))))))))))))))))))))))
.
.
2011-06-13 22:17 . 2011-06-13 22:17 -------- d-----w- g:\users\Mcx1-JOE-PC\AppData\Local\temp
2011-06-13 22:17 . 2011-06-13 22:17 -------- d-----w- g:\users\Default\AppData\Local\temp
2011-06-13 21:59 . 2011-06-13 22:00 -------- d-----w- G:\32788R22FWJFW
2011-06-13 21:29 . 2011-06-13 21:29 -------- d-----w- G:\_OTL
2011-06-13 21:14 . 2011-06-13 21:14 -------- d-----w- g:\users\joe\AppData\Local\{EC88E21C-6FF2-4C92-A673-59489EEDC28F}
2011-06-13 01:58 . 2011-06-13 01:58 -------- d-----w- g:\users\joe\AppData\Local\{501B8CF6-9836-4AC7-A236-7654B12726EC}
2011-06-13 01:40 . 2011-05-09 22:00 8718160 ----a-w- g:\programdata\Microsoft\Windows Defender\Definition Updates\{DB992EC6-315A-4401-AA86-5110FBC08461}\mpengine.dll
2011-06-12 02:59 . 2011-06-12 02:59 -------- d-----w- g:\users\joe\AppData\Local\{F568E8C3-60FE-4AAD-821E-C97DDABDA7DD}
2011-06-09 04:56 . 2011-06-09 06:16 -------- d-----w- g:\users\joe\Unigine Heaven
2011-06-09 04:56 . 2011-06-09 04:56 -------- d-----w- g:\program files (x86)\Unigine
2011-06-09 04:12 . 2011-06-09 04:13 -------- d-----w- g:\users\UpdatusUser
2011-06-09 01:57 . 2011-06-09 01:57 -------- d-----w- g:\users\joe\AppData\Local\{43175509-E9E6-4BF7-9B75-E560B28610AD}
2011-06-08 02:35 . 2011-06-08 02:36 -------- d-----w- g:\users\joe\AppData\Local\{2B1611D6-242C-402E-A941-119EC277BC6D}
2011-06-07 02:44 . 2011-06-07 02:44 -------- d-----w- g:\users\joe\AppData\Local\{8909C19E-3C63-4A0F-B8BF-A2F33DC10F61}
2011-06-06 01:22 . 2011-06-06 01:22 -------- d-----w- g:\users\joe\AppData\Local\{8071F4E2-BA13-4A9A-A34A-C517B013C0D6}
2011-06-05 03:39 . 2011-06-05 03:39 -------- d-----w- g:\users\joe\AppData\Local\{74B05D2A-B052-4DD6-87AD-8AA15DC9C69B}
2011-06-04 02:54 . 2011-06-04 02:54 -------- d-----w- g:\users\joe\AppData\Local\Origin
2011-06-04 02:51 . 2011-06-04 02:51 -------- d-----w- g:\program files (x86)\Origin Games
2011-06-04 02:51 . 2011-06-04 02:51 -------- d-----w- g:\program files (x86)\Origin
2011-06-03 02:09 . 2011-06-03 02:10 -------- d-----w- g:\users\joe\AppData\Local\{F2F1ED74-B1F2-4BB0-9FA1-17CD7E72E2B3}
2011-06-01 18:07 . 2011-06-01 18:08 -------- d-----w- g:\users\joe\AppData\Local\{988FC280-37E1-4DCE-97CC-DF0E02124FB6}
2011-05-31 22:07 . 2011-05-31 22:08 -------- d-----w- g:\users\joe\AppData\Local\{B8EDDF4D-3493-43D6-B752-24C6AF13DCD1}
2011-05-31 00:30 . 2011-05-31 00:30 -------- d-----w- g:\users\joe\AppData\Local\{1AD97989-08FA-4403-B543-DC91EED437AF}
2011-05-30 23:58 . 2011-05-30 23:58 -------- d-----w- g:\program files (x86)\LogMeIn Hamachi
2011-05-30 03:41 . 2011-05-30 03:41 -------- d-----w- g:\users\joe\AppData\Local\{7D4C53EA-6A7E-4D89-8CF1-B87E516804E7}
2011-05-29 02:52 . 2011-05-29 02:52 -------- d-----w- g:\users\joe\AppData\Local\{B4B1E06F-CA2F-47E8-9A04-0A255681A827}
2011-05-27 16:06 . 2011-05-27 16:06 -------- d-----w- g:\users\joe\AppData\Local\{A0A85BC3-7BBF-4200-A36C-B8B084339BF4}
2011-05-26 18:26 . 2011-05-26 18:26 -------- d-----w- g:\users\joe\AppData\Local\{C8187824-194D-4E7A-AEE9-0AF6E3B1F767}
2011-05-26 00:02 . 2011-05-26 00:02 -------- d-----w- G:\!KillBox
2011-05-25 22:38 . 2011-05-25 23:55 -------- d-----w- g:\programdata\SecTaskMan
2011-05-25 22:38 . 2011-05-25 22:38 -------- d-----w- g:\program files (x86)\Security Task Manager
2011-05-25 20:49 . 2011-04-22 22:15 27520 ----a-w- g:\windows\system32\drivers\Diskdump.sys
2011-05-25 20:46 . 2011-05-25 20:46 -------- d-----w- g:\users\joe\AppData\Local\{25511662-2B3A-4222-B843-10A2C8B81771}
2011-05-24 22:01 . 2011-05-24 22:01 -------- d-----w- g:\users\joe\AppData\Local\{73250B3C-84FF-4FC4-8A1F-552D0FD21056}
2011-05-24 19:15 . 2011-05-28 02:17 -------- d-----w- g:\users\joe\AppData\Roaming\PCF-VLC
2011-05-24 19:14 . 2011-05-24 19:19 -------- d-----w- G:\.miro
2011-05-24 19:13 . 2011-05-24 19:13 -------- d-----w- g:\program files (x86)\GetMiro Toolbar
2011-05-24 19:12 . 2011-05-24 19:12 -------- d-----w- g:\users\joe\AppData\Roaming\Participatory Culture Foundation
2011-05-24 19:11 . 2011-05-24 19:11 -------- d-----w- g:\program files (x86)\Participatory Culture Foundation
2011-05-24 17:51 . 2011-04-09 06:58 142336 ----a-w- g:\windows\system32\poqexec.exe
2011-05-24 17:51 . 2011-04-09 05:56 123904 ----a-w- g:\windows\SysWow64\poqexec.exe
2011-05-24 03:43 . 2011-05-24 03:43 -------- d-----w- g:\users\joe\AppData\Roaming\vlc
2011-05-24 03:42 . 2011-05-24 03:42 -------- d-----w- g:\program files (x86)\VideoLAN
2011-05-23 18:13 . 2011-05-23 18:14 -------- d-----w- g:\users\joe\AppData\Local\{763461D6-AA19-4FF8-B8C4-7049A64CBE44}
2011-05-22 23:39 . 2011-05-22 23:39 -------- d-----w- g:\users\joe\AppData\Local\{AED5D0B0-E71D-4AE2-9822-397A69F13E3D}
2011-05-21 21:36 . 2011-05-21 21:37 -------- d-----w- g:\users\joe\AppData\Local\{E5CAF9E2-B568-4AFD-A7FD-68E2388B5177}
2011-05-21 02:35 . 2011-05-21 02:35 304744 ----a-w- g:\windows\SysWow64\nvStreaming.exe
2011-05-21 01:17 . 2011-05-21 01:17 -------- d-----w- g:\users\joe\AppData\Local\{DC0D227B-3499-408E-93B3-17D806B8BE6B}
2011-05-20 03:08 . 2011-05-20 03:08 -------- d-----w- g:\program files (x86)\Cheat Engine 6
2011-05-19 19:45 . 2011-05-19 19:45 -------- d-----w- g:\users\joe\AppData\Local\{8EEFE3AB-5703-4C70-B994-B9EA7F74F925}
2011-05-19 04:29 . 2011-05-19 04:29 -------- d-----w- g:\users\joe\AppData\Local\{908DA32F-1272-499E-A447-B26C5CB9F881}
2011-05-18 01:00 . 2011-05-18 01:00 -------- d-----w- g:\program files (x86)\Microsoft XNA
2011-05-17 18:42 . 2011-05-17 18:42 -------- d-----w- g:\users\joe\AppData\Local\{0B72EF32-DE25-4CC0-A060-733F409604FB}
2011-05-17 18:08 . 2011-05-17 18:45 -------- d-----w- g:\windows\system32\drivers\NISx64\1300000.06E
2011-05-17 06:22 . 2011-05-17 06:22 -------- d-----w- g:\users\joe\AppData\Local\{D185997A-25B4-462C-AB2B-9FB6E7551CAC}
2011-05-15 23:11 . 2011-05-15 23:11 -------- d-----w- g:\users\joe\AppData\Local\{ED1C484A-63C7-441B-92CF-084ECC0F2E8B}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-13 01:51 . 2011-05-14 19:53 404640 ----a-w- g:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-29 13:11 . 2010-06-28 05:49 39984 ----a-w- g:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2010-06-28 05:49 25912 ----a-w- g:\windows\system32\drivers\mbam.sys
2011-05-26 17:09 . 2011-02-28 18:18 266400 ----a-w- g:\windows\SysWow64\PnkBstrB.exe
2011-05-26 17:09 . 2010-01-06 02:49 266400 ----a-w- g:\windows\SysWow64\PnkBstrB.xtr
2011-05-25 06:09 . 2011-01-08 01:48 1016936 ----a-w- g:\windows\system32\nvvsvc.exe
2011-05-25 06:09 . 2011-01-08 01:49 3040872 ----a-w- g:\windows\system32\nvsvc64.dll
2011-05-25 06:09 . 2011-01-08 01:48 117864 ----a-w- g:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2010-04-03 22:42 61544 ----a-w- g:\windows\system32\nvshext.dll
2011-05-25 06:09 . 2011-01-08 01:49 739432 ----a-w- g:\windows\system32\easyUpdatusAPIU64.dll
2011-05-25 06:09 . 2011-01-08 01:49 6300776 ----a-w- g:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2010-04-21 02:52 8863336 ----a-w- g:\windows\system32\nvwgf2umx.dll
2011-05-25 06:09 . 2011-03-01 03:07 22286952 ----a-w- g:\windows\system32\nvoglv64.dll
2011-05-25 06:09 . 2010-04-21 02:52 15223912 ----a-w- g:\windows\system32\nvd3dumx.dll
2011-05-25 06:09 . 2010-07-10 09:38 2335848 ----a-w- g:\windows\SysWow64\nvapi.dll
2011-05-25 06:09 . 2010-04-21 02:52 2644584 ----a-w- g:\windows\system32\nvapi64.dll
2011-05-24 23:14 . 2009-12-01 23:52 270720 ------w- g:\windows\system32\MpSigStub.exe
2011-05-18 18:38 . 2011-04-19 02:16 884736 ----a-w- g:\windows\skincrafter3_vs2005.dll
2011-05-17 18:09 . 2011-04-18 21:54 174200 ----a-w- g:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-05-06 22:28 . 2009-12-02 00:00 737072 ----a-w- g:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-05-06 22:28 . 2010-05-19 16:46 4283672 ----a-w- g:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-05-06 22:27 . 2010-05-19 16:45 42776 ----a-w- g:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-29 06:18 . 2009-07-13 23:57 20789248 ----a-w- g:\windows\system32\imageres.dll
2011-04-28 18:34 . 2011-04-08 22:12 64272 ----a-w- g:\windows\system32\drivers\RapportKE64.sys
2011-04-18 10:23 . 2011-04-29 06:16 16432 ----a-w- g:\windows\system32\lsdelete.exe
2011-04-15 12:54 . 2010-01-29 22:33 737072 ----a-w- g:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-04-13 18:13 . 2009-12-01 23:59 4283672 ----a-w- g:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-13 17:34 . 2010-06-02 19:53 42776 ----a-w- g:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-10 23:31 . 2010-05-05 17:59 466520 ----a-w- g:\windows\system32\wrap_oal.dll
2011-04-10 23:31 . 2010-05-05 17:59 445016 ----a-w- g:\windows\SysWow64\wrap_oal.dll
2011-04-10 23:31 . 2010-05-05 17:59 123480 ----a-w- g:\windows\system32\OpenAL32.dll
2011-04-10 23:31 . 2010-05-05 17:59 109144 ----a-w- g:\windows\SysWow64\OpenAL32.dll
2011-04-09 22:55 . 2011-04-09 22:55 15453336 ----a-w- g:\windows\SysWow64\xlive.dll
2011-04-09 22:55 . 2011-04-09 22:55 13642904 ----a-w- g:\windows\SysWow64\xlivefnt.dll
2011-04-09 07:02 . 2011-05-11 21:23 5562240 ----a-w- g:\windows\system32\ntoskrnl.exe
2011-04-09 06:02 . 2011-05-11 21:23 3967872 ----a-w- g:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 21:23 3912576 ----a-w- g:\windows\SysWow64\ntoskrnl.exe
2011-04-06 20:26 . 2011-04-06 20:26 96544 ----a-w- g:\windows\system32\dnssd.dll
2011-04-06 20:26 . 2011-04-06 20:26 119584 ----a-w- g:\windows\system32\dns-sd.exe
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- g:\windows\SysWow64\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- g:\windows\SysWow64\dns-sd.exe
2011-04-05 04:00 . 2011-04-05 04:00 388096 ----a-r- g:\users\joe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-01 19:40 . 2010-07-28 02:47 266400 ----a-w- g:\windows\SysWow64\PnkBstrB.ex0
2011-03-31 18:27 . 2011-03-31 18:27 18960 ----a-w- g:\windows\system32\drivers\LNonPnP.sys
2011-03-31 03:46 . 2011-03-31 03:46 74752 ----a-w- g:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-31 03:46 . 2011-03-31 03:46 1797632 ----a-w- g:\windows\SysWow64\jscript9.dll
2011-03-31 03:46 . 2011-03-31 03:46 161792 ----a-w- g:\windows\SysWow64\msls31.dll
2011-03-31 03:46 . 2011-03-31 03:46 1126912 ----a-w- g:\windows\SysWow64\wininet.dll
2011-03-31 03:46 . 2011-03-31 03:46 110592 ----a-w- g:\windows\SysWow64\IEAdvpack.dll
2011-03-31 03:46 . 2011-03-31 03:46 86528 ----a-w- g:\windows\SysWow64\iesysprep.dll
2011-03-31 03:46 . 2011-03-31 03:46 76800 ----a-w- g:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-31 03:46 . 2011-03-31 03:46 63488 ----a-w- g:\windows\SysWow64\tdc.ocx
2011-03-31 03:46 . 2011-03-31 03:46 48640 ----a-w- g:\windows\SysWow64\mshtmler.dll
2011-03-31 03:46 . 2011-03-31 03:46 367104 ----a-w- g:\windows\SysWow64\html.iec
2011-03-31 03:46 . 2011-03-31 03:46 74752 ----a-w- g:\windows\SysWow64\iesetup.dll
2011-03-31 03:46 . 2011-03-31 03:46 420864 ----a-w- g:\windows\SysWow64\vbscript.dll
2011-03-31 03:46 . 2011-03-31 03:46 35840 ----a-w- g:\windows\SysWow64\imgutil.dll
2011-03-31 03:46 . 2011-03-31 03:46 2382848 ----a-w- g:\windows\SysWow64\mshtml.tlb
2011-03-31 03:46 . 2011-03-31 03:46 23552 ----a-w- g:\windows\SysWow64\licmgr10.dll
2011-03-31 03:46 . 2011-03-31 03:46 152064 ----a-w- g:\windows\SysWow64\wextract.exe
2011-03-31 03:46 . 2011-03-31 03:46 150528 ----a-w- g:\windows\SysWow64\iexpress.exe
2011-03-31 03:46 . 2011-03-31 03:46 142848 ----a-w- g:\windows\SysWow64\ieUnatt.exe
2011-03-31 03:46 . 2011-03-31 03:46 1427456 ----a-w- g:\windows\SysWow64\inetcpl.cpl
2011-03-31 03:46 . 2011-03-31 03:46 11776 ----a-w- g:\windows\SysWow64\mshta.exe
2011-03-31 03:46 . 2011-03-31 03:46 101888 ----a-w- g:\windows\SysWow64\admparse.dll
2011-03-31 03:46 . 2011-03-31 03:46 91648 ----a-w- g:\windows\system32\SetIEInstalledDate.exe
2011-03-31 03:46 . 2011-03-31 03:46 89088 ----a-w- g:\windows\system32\RegisterIEPKEYs.exe
2011-03-31 03:46 . 2011-03-31 03:46 49664 ----a-w- g:\windows\system32\imgutil.dll
2011-03-31 03:46 . 2011-03-31 03:46 48640 ----a-w- g:\windows\system32\mshtmler.dll
2011-03-31 03:46 . 2011-03-31 03:46 2382848 ----a-w- g:\windows\system32\mshtml.tlb
2011-03-31 03:46 . 2011-03-31 03:46 2303488 ----a-w- g:\windows\system32\jscript9.dll
2011-03-31 03:46 . 2011-03-31 03:46 222208 ----a-w- g:\windows\system32\msls31.dll
2011-03-31 03:46 . 2011-03-31 03:46 173056 ----a-w- g:\windows\system32\ieUnatt.exe
2011-03-31 03:46 . 2011-03-31 03:46 1389056 ----a-w- g:\windows\system32\wininet.dll
2011-03-31 03:46 . 2011-03-31 03:46 135168 ----a-w- g:\windows\system32\IEAdvpack.dll
2011-03-31 03:46 . 2011-03-31 03:46 12288 ----a-w- g:\windows\system32\mshta.exe
2011-03-31 03:46 . 2011-03-31 03:46 114176 ----a-w- g:\windows\system32\admparse.dll
2011-03-31 03:46 . 2011-03-31 03:46 111616 ----a-w- g:\windows\system32\iesysprep.dll
2011-03-31 03:46 . 2011-03-31 03:46 85504 ----a-w- g:\windows\system32\iesetup.dll
2011-03-31 03:46 . 2011-03-31 03:46 76800 ----a-w- g:\windows\system32\tdc.ocx
2011-03-31 03:46 . 2011-03-31 03:46 603648 ----a-w- g:\windows\system32\vbscript.dll
2011-03-31 03:46 . 2011-03-31 03:46 448512 ----a-w- g:\windows\system32\html.iec
2011-03-31 03:46 . 2011-03-31 03:46 30720 ----a-w- g:\windows\system32\licmgr10.dll
2011-03-31 03:46 . 2011-03-31 03:46 165888 ----a-w- g:\windows\system32\iexpress.exe
2011-03-31 03:46 . 2011-03-31 03:46 160256 ----a-w- g:\windows\system32\wextract.exe
2011-03-31 03:46 . 2011-03-31 03:46 1492992 ----a-w- g:\windows\system32\inetcpl.cpl
2011-03-31 03:32 . 2010-05-13 20:23 472808 ----a-w- g:\windows\SysWow64\deployJava1.dll
2011-03-26 00:04 . 2011-03-22 20:00 2926208 ----a-w- g:\windows\system32\BootMan.exe
2011-03-26 00:04 . 2011-03-22 20:00 18048 ----a-w- g:\windows\SysWow64\EuEpmGdi.dll
2011-03-26 00:03 . 2011-03-22 20:00 2340992 ----a-w- g:\windows\SysWow64\BootMan.exe
2011-03-25 03:29 . 2011-05-11 21:23 343040 ----a-w- g:\windows\system32\drivers\usbhub.sys
2011-03-25 03:29 . 2011-05-11 21:23 98816 ----a-w- g:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:29 . 2011-05-11 21:23 325120 ----a-w- g:\windows\system32\drivers\usbport.sys
2011-03-25 03:29 . 2011-05-11 21:23 52736 ----a-w- g:\windows\system32\drivers\usbehci.sys
2011-03-25 03:29 . 2011-05-11 21:23 30720 ----a-w- g:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:28 . 2011-05-11 21:23 7936 ----a-w- g:\windows\system32\drivers\usbd.sys
2011-03-24 14:57 . 2011-03-22 20:00 11264 ----a-w- g:\windows\system32\EuEpmGdi.dll
2011-03-24 14:57 . 2011-03-22 20:00 9096 ----a-w- g:\windows\system32\EuGdiDrv.sys
2011-03-24 14:57 . 2011-03-22 20:00 86408 ----a-w- g:\windows\SysWow64\setupempdrv03.exe
2011-03-24 14:57 . 2011-03-22 20:00 8456 ----a-w- g:\windows\SysWow64\EuGdiDrv.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- g:\users\joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- g:\users\joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- g:\users\joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- g:\users\joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="g:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"Steam"="g:\program files (x86)\Steam\steam.exe" [2010-11-17 1242448]
"Sidebar"="g:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Speech Recognition"="g:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"SUPERAntiSpyware"="g:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-12 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="g:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"VolPanel"="g:\program files (x86)\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"Adobe Reader Speed Launcher"="g:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="g:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="g:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="g:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"ArcSoft Connection Service"="g:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SunJavaUpdateSched"="g:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"iTunesHelper"="g:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Spy Protector"="g:\program files (x86)\Security Task Manager\SpyProtector.exe" [2010-11-10 140616]
"LogMeIn Hamachi Ui"="g:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"Malwarebytes' Anti-Malware"="g:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"CTAutoUpdate"="g:\program files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" [2009-01-15 430968]
.
g:\users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CNET TechTracker.lnk - g:\users\joe\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-4-28 2619904]
CurseClientStartup.ccip [2009-12-23 0]
Dropbox.lnk - g:\users\joe\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OpenOffice.org 3.3.lnk - g:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;g:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;g:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);g:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 136176]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;g:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-05 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;g:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-02 79360]
R3 CT20XUT;CT20XUT;g:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;g:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;g:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 EagleX64;EagleX64;g:\windows\system32\drivers\EagleX64.sys [x]
R3 epmntdrv;epmntdrv;g:\windows\system32\epmntdrv.sys [2011-03-24 16776]
R3 EuGdiDrv;EuGdiDrv;g:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]
R3 gupdatem;Google Update Service (gupdatem);g:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 136176]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.2.0;g:\windows\system32\drivers\libusb0.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;g:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;g:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;g:\windows\system32\DRIVERS\LVUSBS64.sys [x]
R3 LVUVC64;Logitech HD Webcam C510(UVC);g:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 Revoflt;Revoflt;g:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;g:\windows\system32\DRIVERS\rtl8187.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;g:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;g:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;g:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;g:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;g:\windows\system32\Drivers\sptd.sys [x]
S0 Lbd;Lbd;g:\windows\system32\DRIVERS\Lbd.sys [x]
S0 RapportKE64;RapportKE64;g:\windows\System32\Drivers\RapportKE64.sys [x]
S0 SymDS;Symantec Data Store;g:\windows\system32\drivers\NISx64\1300000.06E\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;g:\windows\system32\drivers\NISx64\1300000.06E\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;g:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.108\Definitions\BASHDefs\20110531.021\BHDrvx64.sys [2011-05-19 1143416]
S1 ccSet_NIS;Norton Internet Security Settings Manager;g:\windows\system32\drivers\NISx64\1300000.06E\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;g:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.108\Definitions\IPSDefs\20110610.032\IDSvia64.sys [2011-06-01 488056]
S1 RapportEI64;RapportEI64;g:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-04-28 52496]
S1 RapportPG64;RapportPG64;g:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-04-28 61200]
S1 SASDIFSV;SASDIFSV;g:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;g:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 SymIRON;Symantec Iron Driver;g:\windows\system32\drivers\NISx64\1300000.06E\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;g:\windows\System32\Drivers\NISx64\1300000.06E\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;g:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;g:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 Akamai;Akamai NetSession Interface;g:\windows\System32\svchost.exe [2009-07-14 27136]
S2 cpuz135;cpuz135;g:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;g:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;g:\windows\Installer\MSIC40F.tmp [2011-01-01 102400]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;g:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-05-16 2151128]
S2 MBAMService;MBAMService;g:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;g:\program files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2011-02-16 101048]
S2 NIS;Norton Internet Security;g:\program files (x86)\Norton Internet Security\Engine\19.0.0.110\ccSvcHst.exe [2011-05-10 138760]
S2 NSL;Norton Safe Web Lite;g:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2010-11-24 130000]
S2 nvUpdatusService;NVIDIA Update Service Daemon;g:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 RapportMgmtService;Rapport Management Service;g:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-04-28 870200]
S2 SBSDWSCService;SBSD Security Center Service;g:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;g:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S2 TeamViewer6;TeamViewer 6;g:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 wlcrasvc;Windows Live Mesh remote connections service;g:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S3 CT20XUT.SYS;CT20XUT.SYS;g:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;g:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;g:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;g:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-04 136824]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;g:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-02-04 17152]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;g:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;g:\windows\system32\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;g:\windows\system32\drivers\mbam.sys [x]
S3 pbfilter;pbfilter;g:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
S3 RDPDISPM;RDPDISPM;g:\windows\system32\DRIVERS\rdpdispm.sys [x]
S3 RTCore64;RTCore64;g:\program files (x86)\EVGA Precision\RTCore64.sys [2011-05-03 14440]
S3 RTL8167;Realtek 8167 NT Driver;g:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;g:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
*NewlyCreated* - PBFILTER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-13 g:\windows\Tasks\Ad-Aware Update (Weekly).job
- g:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 09:11]
.
2011-06-13 g:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- g:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 16:54]
.
2011-06-13 g:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- g:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 16:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- g:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- g:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- g:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- g:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- g:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- g:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- g:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- g:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- g:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- g:\users\joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- g:\users\joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- g:\users\joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- g:\users\joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateSVNs"="g:\program files (x86)\Steam\steamapps\jkiejr\garrysmod\garrysmod\addons" [X]
"CanonMyPrinter"="g:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
"CanonSolutionMenu"="g:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"Launch LCore"="g:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008]
"EvtMgr6"="g:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = g:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
mLocal Page = g:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{02AA06FD-111E-4862-9DF5-9F8BD337DE81}: NameServer = 170.215.255.114,65.73.172.4
FF - ProfilePath - g:\users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\c5w6u6nt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - g:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"g:\program files (x86)\Norton Internet Security\Engine\19.0.0.110\ccSvcHst.exe\" /s \"NIS\" /m \"g:\program files (x86)\Norton Internet Security\Engine\19.0.0.110\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
"ImagePath"="\"g:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"g:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"g:\windows\Installer\MSIC40F.tmp\" -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-817275548-1800543030-2340799207-1001\Software\SecuROM\License information*]
"datasecu"=hex:bf,3a,64,92,1b,36,ff,0b,b4,8e,72,b1,be,2b,fd,f6,ba,08,68,36,0c,
ef,d6,83,4e,23,ea,75,21,d9,c4,42,2c,22,f5,db,7f,f9,de,62,7d,5a,38,ed,1b,76,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@g:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="g:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="g:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="g:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="g:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="g:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
g:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
g:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
g:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
g:\program files (x86)\Bonjour\mDNSResponder.exe
g:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
g:\windows\SysWOW64\rundll32.exe
g:\windows\SysWOW64\PnkBstrA.exe
g:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
g:\program files (x86)\EVGA Precision\EVGAPrecision.exe
g:\program files (x86)\Windows Media Player\wmplayer.exe
g:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
g:\program files (x86)\OpenOffice.org 3\program\soffice.exe
g:\program files (x86)\OpenOffice.org 3\program\soffice.bin
g:\windows\SysWOW64\CTXFISPI.EXE
.
**************************************************************************
.
Completion time: 2011-06-13 18:34:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-13 22:34
.
Pre-Run: 57,964,257,280 bytes free
Post-Run: 57,393,999,872 bytes free
.
- - End Of File - - 388F70A7B4016CA5673889CF72A54D97

#10 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:12 AM

Posted 14 June 2011 - 07:33 AM

Hi jkiejr,

I see you still have two antivirus programs installed.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

Even if you have one of them disabled there are still processes, services / drivers that are running that can cause conflicts and use up resources in addition to reducing boot time and other issues. I suggest keeping your Norton product and uninstalling Ad-Watch Live! Anti-Virus.



Step 1.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Step 2.


I see you have Malwarebytes' Anti-Malware installed. :thumbup2:

I need you to run MBAM.
  • Open MBAM
  • Click on the UpdateTab before performing a scan. Click on the Check for Updates button. If an update is found, the program will automatically update itself. After the update press the OK button to close that box and continue.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Step 3.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Note: If ESET does not find anything there will be no log.


In your next reply please include the following:


MBAM log
ESET Scan results (if any)



How is your computer running?



Thanks!!
PW

#11 jkiejr

jkiejr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 14 June 2011 - 08:18 PM

2011/06/14 16:32:04.0616 4612 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/14 16:32:05.0305 4612 ================================================================================
2011/06/14 16:32:05.0305 4612 SystemInfo:
2011/06/14 16:32:05.0305 4612
2011/06/14 16:32:05.0305 4612 OS Version: 6.1.7601 ServicePack: 1.0
2011/06/14 16:32:05.0305 4612 Product type: Workstation
2011/06/14 16:32:05.0305 4612 ComputerName: JOE-PC
2011/06/14 16:32:05.0305 4612 UserName: joe
2011/06/14 16:32:05.0305 4612 Windows directory: G:\Windows
2011/06/14 16:32:05.0305 4612 System windows directory: G:\Windows
2011/06/14 16:32:05.0305 4612 Running under WOW64
2011/06/14 16:32:05.0305 4612 Processor architecture: Intel x64
2011/06/14 16:32:05.0305 4612 Number of processors: 2
2011/06/14 16:32:05.0305 4612 Page size: 0x1000
2011/06/14 16:32:05.0305 4612 Boot type: Normal boot
2011/06/14 16:32:05.0306 4612 ================================================================================
2011/06/14 16:32:07.0768 4612 Initialize success
2011/06/14 16:32:16.0428 7308 ================================================================================
2011/06/14 16:32:16.0428 7308 Scan started
2011/06/14 16:32:16.0428 7308 Mode: Manual;
2011/06/14 16:32:16.0428 7308 ================================================================================
2011/06/14 16:32:18.0021 7308 1394ohci (a87d604aea360176311474c87a63bb88) G:\Windows\system32\drivers\1394ohci.sys
2011/06/14 16:32:18.0104 7308 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) G:\Windows\system32\drivers\ACPI.sys
2011/06/14 16:32:18.0153 7308 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) G:\Windows\system32\drivers\acpipmi.sys
2011/06/14 16:32:18.0252 7308 ADIHdAudAddService (1c090e86afd15231377ad37436c3c719) G:\Windows\system32\drivers\ADIHdAud.sys
2011/06/14 16:32:18.0355 7308 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) G:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/14 16:32:18.0417 7308 adpahci (597f78224ee9224ea1a13d6350ced962) G:\Windows\system32\DRIVERS\adpahci.sys
2011/06/14 16:32:18.0451 7308 adpu320 (e109549c90f62fb570b9540c4b148e54) G:\Windows\system32\DRIVERS\adpu320.sys
2011/06/14 16:32:18.0591 7308 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) G:\Windows\system32\drivers\afd.sys
2011/06/14 16:32:18.0656 7308 agp440 (608c14dba7299d8cb6ed035a68a15799) G:\Windows\system32\drivers\agp440.sys
2011/06/14 16:32:18.0724 7308 aliide (5812713a477a3ad7363c7438ca2ee038) G:\Windows\system32\drivers\aliide.sys
2011/06/14 16:32:18.0778 7308 amdide (1ff8b4431c353ce385c875f194924c0c) G:\Windows\system32\drivers\amdide.sys
2011/06/14 16:32:18.0834 7308 AmdK8 (7024f087cff1833a806193ef9d22cda9) G:\Windows\system32\DRIVERS\amdk8.sys
2011/06/14 16:32:18.0900 7308 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) G:\Windows\system32\DRIVERS\amdppm.sys
2011/06/14 16:32:18.0975 7308 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) G:\Windows\system32\drivers\amdsata.sys
2011/06/14 16:32:19.0024 7308 amdsbs (f67f933e79241ed32ff46a4f29b5120b) G:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/14 16:32:19.0075 7308 amdxata (540daf1cea6094886d72126fd7c33048) G:\Windows\system32\drivers\amdxata.sys
2011/06/14 16:32:19.0127 7308 AppID (89a69c3f2f319b43379399547526d952) G:\Windows\system32\drivers\appid.sys
2011/06/14 16:32:19.0192 7308 arc (c484f8ceb1717c540242531db7845c4e) G:\Windows\system32\DRIVERS\arc.sys
2011/06/14 16:32:19.0238 7308 arcsas (019af6924aefe7839f61c830227fe79c) G:\Windows\system32\DRIVERS\arcsas.sys
2011/06/14 16:32:19.0286 7308 AsyncMac (769765ce2cc62867468cea93969b2242) G:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/14 16:32:19.0333 7308 atapi (02062c0b390b7729edc9e69c680a6f3c) G:\Windows\system32\drivers\atapi.sys
2011/06/14 16:32:19.0389 7308 b06bdrv (3e5b191307609f7514148c6832bb0842) G:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/14 16:32:19.0465 7308 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) G:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/14 16:32:19.0544 7308 Beep (16a47ce2decc9b099349a5f840654746) G:\Windows\system32\drivers\Beep.sys
2011/06/14 16:32:19.0904 7308 BHDrvx64 (2175fbc1639e623872081b0f057409c8) G:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.108\Definitions\BASHDefs\20110531.021\BHDrvx64.sys
2011/06/14 16:32:19.0997 7308 blbdrive (61583ee3c3a17003c4acd0475646b4d3) G:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/14 16:32:20.0088 7308 bowser (6c02a83164f5cc0a262f4199f0871cf5) G:\Windows\system32\DRIVERS\bowser.sys
2011/06/14 16:32:20.0134 7308 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) G:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/14 16:32:20.0177 7308 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) G:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/14 16:32:20.0247 7308 Brserid (43bea8d483bf1870f018e2d02e06a5bd) G:\Windows\System32\Drivers\Brserid.sys
2011/06/14 16:32:20.0273 7308 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) G:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/14 16:32:20.0295 7308 BrUsbMdm (b79968002c277e869cf38bd22cd61524) G:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/14 16:32:20.0321 7308 BrUsbSer (a87528880231c54e75ea7a44943b38bf) G:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/14 16:32:20.0344 7308 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) G:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/14 16:32:20.0493 7308 ccSet_NIS (34022b4707bac719673051673af855a1) G:\Windows\system32\drivers\NISx64\1300000.06E\ccSetx64.sys
2011/06/14 16:32:20.0530 7308 cdfs (b8bd2bb284668c84865658c77574381a) G:\Windows\system32\DRIVERS\cdfs.sys
2011/06/14 16:32:20.0611 7308 cdrom (f036ce71586e93d94dab220d7bdf4416) G:\Windows\system32\drivers\cdrom.sys
2011/06/14 16:32:20.0658 7308 circlass (d7cd5c4e1b71fa62050515314cfb52cf) G:\Windows\system32\DRIVERS\circlass.sys
2011/06/14 16:32:20.0720 7308 CLFS (fe1ec06f2253f691fe36217c592a0206) G:\Windows\system32\CLFS.sys
2011/06/14 16:32:20.0793 7308 CmBatt (0840155d0bddf1190f84a663c284bd33) G:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/14 16:32:20.0843 7308 cmdide (e19d3f095812725d88f9001985b94edd) G:\Windows\system32\drivers\cmdide.sys
2011/06/14 16:32:20.0910 7308 CNG (d5fea92400f12412b3922087c09da6a5) G:\Windows\system32\Drivers\cng.sys
2011/06/14 16:32:20.0954 7308 Compbatt (102de219c3f61415f964c88e9085ad14) G:\Windows\system32\DRIVERS\compbatt.sys
2011/06/14 16:32:21.0033 7308 CompositeBus (03edb043586cceba243d689bdda370a8) G:\Windows\system32\drivers\CompositeBus.sys
2011/06/14 16:32:21.0109 7308 cpuz135 (262969a3fab32b9e17e63e2d17a57744) G:\Windows\system32\drivers\cpuz135_x64.sys
2011/06/14 16:32:21.0136 7308 crcdisk (1c827878a998c18847245fe1f34ee597) G:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/14 16:32:21.0246 7308 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) G:\Windows\system32\drivers\csc.sys
2011/06/14 16:32:21.0300 7308 CT20XUT (229e3b8f266abdafd54e4a372b9d5ddc) G:\Windows\system32\drivers\CT20XUT.SYS
2011/06/14 16:32:21.0334 7308 CT20XUT.SYS (229e3b8f266abdafd54e4a372b9d5ddc) G:\Windows\System32\drivers\CT20XUT.SYS
2011/06/14 16:32:21.0376 7308 ctac32k (eb3843a91a10150c9e05607cbcb44090) G:\Windows\system32\drivers\ctac32k.sys
2011/06/14 16:32:21.0430 7308 ctaud2k (bc06efb59a2316537765462dfe40f764) G:\Windows\system32\drivers\ctaud2k.sys
2011/06/14 16:32:21.0509 7308 CTEXFIFX (63b2b6ce9d3ef182981fb64bd5433da4) G:\Windows\system32\drivers\CTEXFIFX.SYS
2011/06/14 16:32:21.0604 7308 CTEXFIFX.SYS (63b2b6ce9d3ef182981fb64bd5433da4) G:\Windows\System32\drivers\CTEXFIFX.SYS
2011/06/14 16:32:21.0631 7308 CTHWIUT (6d115cc80873b85fd80dda1c41f75a2c) G:\Windows\system32\drivers\CTHWIUT.SYS
2011/06/14 16:32:21.0661 7308 CTHWIUT.SYS (6d115cc80873b85fd80dda1c41f75a2c) G:\Windows\System32\drivers\CTHWIUT.SYS
2011/06/14 16:32:21.0693 7308 ctprxy2k (ebc9548ef5838cb5aa8f18b3ac28af12) G:\Windows\system32\drivers\ctprxy2k.sys
2011/06/14 16:32:21.0741 7308 ctsfm2k (459bee1682121842285c162e2d98d81a) G:\Windows\system32\drivers\ctsfm2k.sys
2011/06/14 16:32:21.0867 7308 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) G:\Windows\system32\Drivers\dfsc.sys
2011/06/14 16:32:21.0916 7308 discache (13096b05847ec78f0977f2c0f79e9ab3) G:\Windows\system32\drivers\discache.sys
2011/06/14 16:32:21.0960 7308 Disk (9819eee8b5ea3784ec4af3b137a5244c) G:\Windows\system32\DRIVERS\disk.sys
2011/06/14 16:32:22.0031 7308 drmkaud (9b19f34400d24df84c858a421c205754) G:\Windows\system32\drivers\drmkaud.sys
2011/06/14 16:32:22.0094 7308 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) G:\Windows\System32\drivers\dxgkrnl.sys
2011/06/14 16:32:22.0291 7308 ebdrv (dc5d737f51be844d8c82c695eb17372f) G:\Windows\system32\DRIVERS\evbda.sys
2011/06/14 16:32:22.0503 7308 eeCtrl (eb0883462ac43829e47929d705d40933) G:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/06/14 16:32:22.0596 7308 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) G:\Windows\system32\Drivers\ElbyCDIO.sys
2011/06/14 16:32:22.0649 7308 elxstor (0e5da5369a0fcaea12456dd852545184) G:\Windows\system32\DRIVERS\elxstor.sys
2011/06/14 16:32:22.0698 7308 emupia (c26133b6165928fbd156c6fe570f9ed2) G:\Windows\system32\drivers\emupia2k.sys
2011/06/14 16:32:22.0739 7308 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) G:\Windows\system32\epmntdrv.sys
2011/06/14 16:32:22.0797 7308 EraserUtilRebootDrv (86fc0d272f6bb43e7214d4ba955a41e7) G:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/06/14 16:32:22.0869 7308 ErrDev (34a3c54752046e79a126e15c51db409b) G:\Windows\system32\drivers\errdev.sys
2011/06/14 16:32:22.0940 7308 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) G:\Windows\system32\EuGdiDrv.sys
2011/06/14 16:32:22.0994 7308 exfat (a510c654ec00c1e9bdd91eeb3a59823b) G:\Windows\system32\drivers\exfat.sys
2011/06/14 16:32:23.0058 7308 fastfat (0adc83218b66a6db380c330836f3e36d) G:\Windows\system32\drivers\fastfat.sys
2011/06/14 16:32:23.0246 7308 fdc (d765d19cd8ef61f650c384f62fac00ab) G:\Windows\system32\DRIVERS\fdc.sys
2011/06/14 16:32:23.0323 7308 FileInfo (655661be46b5f5f3fd454e2c3095b930) G:\Windows\system32\drivers\fileinfo.sys
2011/06/14 16:32:23.0364 7308 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) G:\Windows\system32\drivers\filetrace.sys
2011/06/14 16:32:23.0385 7308 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) G:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/14 16:32:23.0461 7308 FltMgr (da6b67270fd9db3697b20fce94950741) G:\Windows\system32\drivers\fltmgr.sys
2011/06/14 16:32:23.0496 7308 FsDepends (d43703496149971890703b4b1b723eac) G:\Windows\system32\drivers\FsDepends.sys
2011/06/14 16:32:23.0575 7308 fssfltr (6c06701bf1db05405804d7eb610991ce) G:\Windows\system32\DRIVERS\fssfltr.sys
2011/06/14 16:32:23.0632 7308 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) G:\Windows\system32\drivers\Fs_Rec.sys
2011/06/14 16:32:23.0724 7308 fvevol (1f7b25b858fa27015169fe95e54108ed) G:\Windows\system32\DRIVERS\fvevol.sys
2011/06/14 16:32:23.0780 7308 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) G:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/14 16:32:23.0850 7308 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) G:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/14 16:32:24.0007 7308 ha20x2k (a3f010d5dbfb589a3b3288c05c2ea3f9) G:\Windows\system32\drivers\ha20x2k.sys
2011/06/14 16:32:24.0097 7308 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) G:\Windows\system32\DRIVERS\hamachi.sys
2011/06/14 16:32:24.0177 7308 hcw85cir (f2523ef6460fc42405b12248338ab2f0) G:\Windows\system32\drivers\hcw85cir.sys
2011/06/14 16:32:24.0239 7308 HdAudAddService (975761c778e33cd22498059b91e7373a) G:\Windows\system32\drivers\HdAudio.sys
2011/06/14 16:32:24.0319 7308 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) G:\Windows\system32\drivers\HDAudBus.sys
2011/06/14 16:32:24.0345 7308 HidBatt (78e86380454a7b10a5eb255dc44a355f) G:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/14 16:32:24.0403 7308 HidBth (7fd2a313f7afe5c4dab14798c48dd104) G:\Windows\system32\DRIVERS\hidbth.sys
2011/06/14 16:32:24.0448 7308 HidIr (0a77d29f311b88cfae3b13f9c1a73825) G:\Windows\system32\DRIVERS\hidir.sys
2011/06/14 16:32:24.0520 7308 HidUsb (9592090a7e2b61cd582b612b6df70536) G:\Windows\system32\drivers\hidusb.sys
2011/06/14 16:32:24.0626 7308 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) G:\Windows\system32\drivers\HpSAMD.sys
2011/06/14 16:32:24.0700 7308 HTTP (0ea7de1acb728dd5a369fd742d6eee28) G:\Windows\system32\drivers\HTTP.sys
2011/06/14 16:32:24.0794 7308 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) G:\Windows\system32\drivers\hwpolicy.sys
2011/06/14 16:32:24.0866 7308 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) G:\Windows\system32\drivers\i8042prt.sys
2011/06/14 16:32:24.0923 7308 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) G:\Windows\system32\drivers\iaStorV.sys
2011/06/14 16:32:25.0253 7308 IDSVia64 (d321ff68ff6986bcc18fe85943cb55ef) G:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.108\Definitions\IPSDefs\20110610.034\IDSvia64.sys
2011/06/14 16:32:25.0438 7308 iirsp (5c18831c61933628f5bb0ea2675b9d21) G:\Windows\system32\DRIVERS\iirsp.sys
2011/06/14 16:32:25.0516 7308 intelide (f00f20e70c6ec3aa366910083a0518aa) G:\Windows\system32\drivers\intelide.sys
2011/06/14 16:32:25.0564 7308 intelppm (ada036632c664caa754079041cf1f8c1) G:\Windows\system32\DRIVERS\intelppm.sys
2011/06/14 16:32:25.0626 7308 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) G:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/14 16:32:25.0689 7308 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) G:\Windows\system32\drivers\IPMIDrv.sys
2011/06/14 16:32:25.0743 7308 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) G:\Windows\system32\drivers\ipnat.sys
2011/06/14 16:32:25.0799 7308 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) G:\Windows\system32\drivers\irenum.sys
2011/06/14 16:32:25.0862 7308 isapnp (2f7b28dc3e1183e5eb418df55c204f38) G:\Windows\system32\drivers\isapnp.sys
2011/06/14 16:32:25.0925 7308 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) G:\Windows\system32\drivers\msiscsi.sys
2011/06/14 16:32:25.0982 7308 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) G:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/14 16:32:26.0046 7308 kbdhid (0705eff5b42a9db58548eec3b26bb484) G:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/14 16:32:26.0083 7308 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) G:\Windows\system32\Drivers\ksecdd.sys
2011/06/14 16:32:26.0152 7308 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) G:\Windows\system32\Drivers\ksecpkg.sys
2011/06/14 16:32:26.0184 7308 ksthunk (6869281e78cb31a43e969f06b57347c4) G:\Windows\system32\drivers\ksthunk.sys
2011/06/14 16:32:26.0273 7308 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) G:\Windows\system32\DRIVERS\Lbd.sys
2011/06/14 16:32:26.0339 7308 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) G:\Windows\system32\drivers\LGBusEnum.sys
2011/06/14 16:32:26.0384 7308 LGVirHid (94b29ce153765e768f004fb3440be2b0) G:\Windows\system32\drivers\LGVirHid.sys
2011/06/14 16:32:26.0443 7308 LHidFilt (24e09882ba51b9830ae029888a3aaf18) G:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/06/14 16:32:26.0540 7308 libusb0 (285954c6c6ef43b78ab84034750fac6a) G:\Windows\system32\drivers\libusb0.sys
2011/06/14 16:32:26.0588 7308 lltdio (1538831cf8ad2979a04c423779465827) G:\Windows\system32\DRIVERS\lltdio.sys
2011/06/14 16:32:26.0619 7308 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) G:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/06/14 16:32:26.0665 7308 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) G:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/14 16:32:26.0707 7308 LSI_SAS (1047184a9fdc8bdbff857175875ee810) G:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/14 16:32:26.0731 7308 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) G:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/14 16:32:26.0761 7308 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) G:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/14 16:32:26.0806 7308 luafv (43d0f98e1d56ccddb0d5254cff7b356e) G:\Windows\system32\drivers\luafv.sys
2011/06/14 16:32:26.0857 7308 LUsbFilt (9d9714e78eac9e5368208649489c920e) G:\Windows\system32\Drivers\LUsbFilt.Sys
2011/06/14 16:32:26.0907 7308 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) G:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/06/14 16:32:26.0932 7308 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) G:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/06/14 16:32:27.0003 7308 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) G:\Windows\system32\DRIVERS\LVUSBS64.sys
2011/06/14 16:32:27.0086 7308 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) G:\Windows\system32\drivers\mbam.sys
2011/06/14 16:32:27.0129 7308 megasas (a55805f747c6edb6a9080d7c633bd0f4) G:\Windows\system32\DRIVERS\megasas.sys
2011/06/14 16:32:27.0161 7308 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) G:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/14 16:32:27.0202 7308 Modem (800ba92f7010378b09f9ed9270f07137) G:\Windows\system32\drivers\modem.sys
2011/06/14 16:32:27.0269 7308 monitor (b03d591dc7da45ece20b3b467e6aadaa) G:\Windows\system32\DRIVERS\monitor.sys
2011/06/14 16:32:27.0347 7308 mouclass (7d27ea49f3c1f687d357e77a470aea99) G:\Windows\system32\DRIVERS\mouclass.sys
2011/06/14 16:32:27.0374 7308 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) G:\Windows\system32\DRIVERS\mouhid.sys
2011/06/14 16:32:27.0435 7308 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) G:\Windows\system32\drivers\mountmgr.sys
2011/06/14 16:32:27.0491 7308 mpio (a44b420d30bd56e145d6a2bc8768ec58) G:\Windows\system32\drivers\mpio.sys
2011/06/14 16:32:27.0541 7308 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) G:\Windows\system32\drivers\mpsdrv.sys
2011/06/14 16:32:27.0591 7308 MRxDAV (dc722758b8261e1abafd31a3c0a66380) G:\Windows\system32\drivers\mrxdav.sys
2011/06/14 16:32:27.0673 7308 mrxsmb (c2b4651001a867ff3f8865863b592991) G:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/14 16:32:27.0729 7308 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) G:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/14 16:32:27.0808 7308 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) G:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/14 16:32:27.0862 7308 msahci (c25f0bafa182cbca2dd3c851c2e75796) G:\Windows\system32\drivers\msahci.sys
2011/06/14 16:32:27.0906 7308 msdsm (db801a638d011b9633829eb6f663c900) G:\Windows\system32\drivers\msdsm.sys
2011/06/14 16:32:27.0953 7308 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) G:\Windows\system32\drivers\Msfs.sys
2011/06/14 16:32:28.0125 7308 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) G:\Windows\System32\drivers\mshidkmdf.sys
2011/06/14 16:32:28.0184 7308 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) G:\Windows\system32\drivers\msisadrv.sys
2011/06/14 16:32:28.0277 7308 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) G:\Windows\system32\drivers\MSKSSRV.sys
2011/06/14 16:32:28.0367 7308 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) G:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/14 16:32:28.0418 7308 MSPQM (4ed981241db27c3383d72092b618a1d0) G:\Windows\system32\drivers\MSPQM.sys
2011/06/14 16:32:28.0498 7308 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) G:\Windows\system32\drivers\MsRPC.sys
2011/06/14 16:32:28.0562 7308 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) G:\Windows\system32\drivers\mssmbios.sys
2011/06/14 16:32:28.0583 7308 MSTEE (2e66f9ecb30b4221a318c92ac2250779) G:\Windows\system32\drivers\MSTEE.sys
2011/06/14 16:32:28.0607 7308 MTConfig (7ea404308934e675bffde8edf0757bcd) G:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/14 16:32:28.0656 7308 MTsensor (03b7145c889603537e9ffeabb1ad1089) G:\Windows\system32\DRIVERS\ASACPI.sys
2011/06/14 16:32:28.0702 7308 Mup (f9a18612fd3526fe473c1bda678d61c8) G:\Windows\system32\Drivers\mup.sys
2011/06/14 16:32:28.0751 7308 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) G:\Windows\system32\DRIVERS\nwifi.sys
2011/06/14 16:32:29.0032 7308 NAVENG (f594e1acbbb3ba48586b5dd69b3a6bc2) G:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.108\Definitions\VirusDefs\20110613.005\ENG64.SYS
2011/06/14 16:32:29.0169 7308 NAVEX15 (cfe00b55488acf0cd9f62b0401297864) G:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.108\Definitions\VirusDefs\20110613.005\EX64.SYS
2011/06/14 16:32:29.0426 7308 NDIS (79b47fd40d9a817e932f9d26fac0a81c) G:\Windows\system32\drivers\ndis.sys
2011/06/14 16:32:29.0509 7308 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) G:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/14 16:32:29.0541 7308 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) G:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/14 16:32:29.0604 7308 Ndisuio (136185f9fb2cc61e573e676aa5402356) G:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/14 16:32:29.0670 7308 NdisWan (53f7305169863f0a2bddc49e116c2e11) G:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/14 16:32:29.0731 7308 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) G:\Windows\system32\drivers\NDProxy.sys
2011/06/14 16:32:29.0774 7308 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) G:\Windows\system32\DRIVERS\netbios.sys
2011/06/14 16:32:29.0849 7308 NetBT (09594d1089c523423b32a4229263f068) G:\Windows\system32\DRIVERS\netbt.sys
2011/06/14 16:32:29.0943 7308 nfrd960 (77889813be4d166cdab78ddba990da92) G:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/14 16:32:30.0000 7308 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) G:\Windows\system32\drivers\Npfs.sys
2011/06/14 16:32:30.0022 7308 nsiproxy (e7f5ae18af4168178a642a9247c63001) G:\Windows\system32\drivers\nsiproxy.sys
2011/06/14 16:32:30.0118 7308 Ntfs (a2f74975097f52a00745f9637451fdd8) G:\Windows\system32\drivers\Ntfs.sys
2011/06/14 16:32:30.0217 7308 Null (9899284589f75fa8724ff3d16aed75c1) G:\Windows\system32\drivers\Null.sys
2011/06/14 16:32:30.0495 7308 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) G:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/14 16:32:30.0795 7308 nvraid (0a92cb65770442ed0dc44834632f66ad) G:\Windows\system32\drivers\nvraid.sys
2011/06/14 16:32:30.0854 7308 nvstor (dab0e87525c10052bf65f06152f37e4a) G:\Windows\system32\drivers\nvstor.sys
2011/06/14 16:32:30.0958 7308 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) G:\Windows\system32\drivers\nv_agp.sys
2011/06/14 16:32:31.0029 7308 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) G:\Windows\system32\drivers\ohci1394.sys
2011/06/14 16:32:31.0082 7308 ossrv (0e2de427ebe106e7e5b52869d5c99f68) G:\Windows\system32\drivers\ctoss2k.sys
2011/06/14 16:32:31.0112 7308 Parport (0086431c29c35be1dbc43f52cc273887) G:\Windows\system32\DRIVERS\parport.sys
2011/06/14 16:32:31.0181 7308 partmgr (871eadac56b0a4c6512bbe32753ccf79) G:\Windows\system32\drivers\partmgr.sys
2011/06/14 16:32:31.0310 7308 pbfilter (7c0582921913d00180ec2b8518ba135c) G:\Program Files\PeerBlock\pbfilter.sys
2011/06/14 16:32:31.0366 7308 pci (94575c0571d1462a0f70bde6bd6ee6b3) G:\Windows\system32\drivers\pci.sys
2011/06/14 16:32:31.0385 7308 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) G:\Windows\system32\drivers\pciide.sys
2011/06/14 16:32:31.0433 7308 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) G:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/14 16:32:31.0460 7308 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) G:\Windows\system32\drivers\pcw.sys
2011/06/14 16:32:31.0486 7308 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) G:\Windows\system32\drivers\peauth.sys
2011/06/14 16:32:31.0642 7308 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) G:\Windows\system32\DRIVERS\raspptp.sys
2011/06/14 16:32:31.0666 7308 Processor (0d922e23c041efb1c3fac2a6f943c9bf) G:\Windows\system32\DRIVERS\processr.sys
2011/06/14 16:32:31.0753 7308 Psched (0557cf5a2556bd58e26384169d72438d) G:\Windows\system32\DRIVERS\pacer.sys
2011/06/14 16:32:31.0803 7308 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) G:\Windows\system32\DRIVERS\ql2300.sys
2011/06/14 16:32:31.0886 7308 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) G:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/14 16:32:31.0950 7308 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) G:\Windows\system32\drivers\qwavedrv.sys
2011/06/14 16:32:32.0067 7308 RapportEI64 (26e1ac6f302c16a07c0577770d0ec3cd) G:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
2011/06/14 16:32:32.0121 7308 RapportKE64 (0b6dab824ea1a0b1728395ee69aa31e9) G:\Windows\system32\Drivers\RapportKE64.sys
2011/06/14 16:32:32.0197 7308 RapportPG64 (f7e75548cf5ed4af1a45c07af4f229df) G:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
2011/06/14 16:32:32.0256 7308 RasAcd (5a0da8ad5762fa2d91678a8a01311704) G:\Windows\system32\DRIVERS\rasacd.sys
2011/06/14 16:32:32.0337 7308 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) G:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/14 16:32:32.0397 7308 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) G:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/14 16:32:32.0422 7308 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) G:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/14 16:32:32.0477 7308 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) G:\Windows\system32\DRIVERS\rassstp.sys
2011/06/14 16:32:32.0548 7308 rdbss (77f665941019a1594d887a74f301fa2f) G:\Windows\system32\DRIVERS\rdbss.sys
2011/06/14 16:32:32.0567 7308 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) G:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/14 16:32:32.0594 7308 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) G:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/14 16:32:32.0667 7308 RDPDISPM (bdf2db2f19945afaf102a2c03062efb1) G:\Windows\system32\DRIVERS\rdpdispm.sys
2011/06/14 16:32:32.0727 7308 RDPDR (1b6163c503398b23ff8b939c67747683) G:\Windows\system32\drivers\rdpdr.sys
2011/06/14 16:32:32.0778 7308 RDPENCDD (bb5971a4f00659529a5c44831af22365) G:\Windows\system32\drivers\rdpencdd.sys
2011/06/14 16:32:32.0797 7308 RDPREFMP (216f3fa57533d98e1f74ded70113177a) G:\Windows\system32\drivers\rdprefmp.sys
2011/06/14 16:32:32.0853 7308 RDPWD (15b66c206b5cb095bab980553f38ed23) G:\Windows\system32\drivers\RDPWD.sys
2011/06/14 16:32:32.0934 7308 rdyboost (34ed295fa0121c241bfef24764fc4520) G:\Windows\system32\drivers\rdyboost.sys
2011/06/14 16:32:33.0006 7308 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) G:\Windows\system32\DRIVERS\revoflt.sys
2011/06/14 16:32:33.0067 7308 rspndr (ddc86e4f8e7456261e637e3552e804ff) G:\Windows\system32\DRIVERS\rspndr.sys
2011/06/14 16:32:33.0196 7308 RTCore64 (2d91d45cd09dfc3f8e89da1c261fd1ac) G:\Program Files (x86)\EVGA Precision\RTCore64.sys
2011/06/14 16:32:33.0282 7308 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) G:\Windows\system32\DRIVERS\Rt64win7.sys
2011/06/14 16:32:33.0395 7308 RTL8187 (333224d4d25f9bcca488e08345083e1c) G:\Windows\system32\DRIVERS\rtl8187.sys
2011/06/14 16:32:33.0454 7308 s3cap (e60c0a09f997826c7627b244195ab581) G:\Windows\system32\drivers\vms3cap.sys
2011/06/14 16:32:33.0581 7308 SASDIFSV (99df79c258b3342b6c8a5f802998de56) G:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/06/14 16:32:33.0649 7308 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) G:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/06/14 16:32:33.0705 7308 sbp2port (ac03af3329579fffb455aa2daabbe22b) G:\Windows\system32\drivers\sbp2port.sys
2011/06/14 16:32:33.0801 7308 scfilter (253f38d0d7074c02ff8deb9836c97d2b) G:\Windows\system32\DRIVERS\scfilter.sys
2011/06/14 16:32:33.0879 7308 ScreamBAudioSvc (490b0b68bb938d5c628ec4a67277be75) G:\Windows\system32\drivers\ScreamingBAudio64.sys
2011/06/14 16:32:33.0994 7308 secdrv (3ea8a16169c26afbeb544e0e48421186) G:\Windows\system32\drivers\secdrv.sys
2011/06/14 16:32:34.0085 7308 Serenum (cb624c0035412af0debec78c41f5ca1b) G:\Windows\system32\DRIVERS\serenum.sys
2011/06/14 16:32:34.0112 7308 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) G:\Windows\system32\DRIVERS\serial.sys
2011/06/14 16:32:34.0168 7308 sermouse (1c545a7d0691cc4a027396535691c3e3) G:\Windows\system32\DRIVERS\sermouse.sys
2011/06/14 16:32:34.0234 7308 sffdisk (a554811bcd09279536440c964ae35bbf) G:\Windows\system32\drivers\sffdisk.sys
2011/06/14 16:32:34.0288 7308 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) G:\Windows\system32\drivers\sffp_mmc.sys
2011/06/14 16:32:34.0316 7308 sffp_sd (dd85b78243a19b59f0637dcf284da63c) G:\Windows\system32\drivers\sffp_sd.sys
2011/06/14 16:32:34.0333 7308 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) G:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/14 16:32:34.0389 7308 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) G:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/14 16:32:34.0443 7308 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) G:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/14 16:32:34.0470 7308 Smb (548260a7b8654e024dc30bf8a7c5baa4) G:\Windows\system32\DRIVERS\smb.sys
2011/06/14 16:32:34.0519 7308 spldr (b9e31e5cacdfe584f34f730a677803f9) G:\Windows\system32\drivers\spldr.sys
2011/06/14 16:32:34.0596 7308 sptd (602884696850c86434530790b110e8eb) G:\Windows\system32\Drivers\sptd.sys
2011/06/14 16:32:34.0714 7308 SRTSP (c1d179bc9d3b527de9ef0b52bd4404ae) G:\Windows\System32\Drivers\NISx64\1300000.06E\SRTSP64.SYS
2011/06/14 16:32:34.0816 7308 SRTSPX (3d5204d556c6ed4d1ea049309ef295e2) G:\Windows\system32\drivers\NISx64\1300000.06E\SRTSPX64.SYS
2011/06/14 16:32:34.0870 7308 srv (65bbf4920148c2ee279055da7228fc7b) G:\Windows\system32\DRIVERS\srv.sys
2011/06/14 16:32:34.0927 7308 srv2 (da939f762a1ccc2d77428621ddbd40a7) G:\Windows\system32\DRIVERS\srv2.sys
2011/06/14 16:32:34.0958 7308 srvnet (3f847c9dc87299516f7dc82fb6572865) G:\Windows\system32\DRIVERS\srvnet.sys
2011/06/14 16:32:35.0029 7308 stexstor (f3817967ed533d08327dc73bc4d5542a) G:\Windows\system32\DRIVERS\stexstor.sys
2011/06/14 16:32:35.0123 7308 storflt (7785dc213270d2fc066538daf94087e7) G:\Windows\system32\drivers\vmstorfl.sys
2011/06/14 16:32:35.0201 7308 storvsc (d34e4943d5ac096c8edeebfd80d76e23) G:\Windows\system32\drivers\storvsc.sys
2011/06/14 16:32:35.0266 7308 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) G:\Windows\system32\drivers\swenum.sys
2011/06/14 16:32:35.0312 7308 SymDS (615148d3a3c70e8f28fd4e539e4516f5) G:\Windows\system32\drivers\NISx64\1300000.06E\SYMDS64.SYS
2011/06/14 16:32:35.0432 7308 SymEFA (a166b3489e865038258d7bd6c0f1ffff) G:\Windows\system32\drivers\NISx64\1300000.06E\SYMEFA64.SYS
2011/06/14 16:32:35.0542 7308 SymEvent (36b77f5c9e21f88a8c8ec67ad5415819) G:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/06/14 16:32:35.0635 7308 SymIRON (eed8224332a3f066a40173dd031ff31f) G:\Windows\system32\drivers\NISx64\1300000.06E\Ironx64.SYS
2011/06/14 16:32:35.0709 7308 SymNetS (5ea027a364116963e37a281b1949ffd5) G:\Windows\System32\Drivers\NISx64\1300000.06E\SYMNETS.SYS
2011/06/14 16:32:35.0789 7308 taphss (f33fdc72298df4bf9813a55d21f4eb31) G:\Windows\system32\DRIVERS\taphss.sys
2011/06/14 16:32:35.0890 7308 Tcpip (509383e505c973ed7534a06b3d19688d) G:\Windows\system32\drivers\tcpip.sys
2011/06/14 16:32:35.0972 7308 TCPIP6 (509383e505c973ed7534a06b3d19688d) G:\Windows\system32\DRIVERS\tcpip.sys
2011/06/14 16:32:36.0026 7308 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) G:\Windows\system32\drivers\tcpipreg.sys
2011/06/14 16:32:36.0099 7308 TDPIPE (3371d21011695b16333a3934340c4e7c) G:\Windows\system32\drivers\tdpipe.sys
2011/06/14 16:32:36.0150 7308 TDTCP (e4245bda3190a582d55ed09e137401a9) G:\Windows\system32\drivers\tdtcp.sys
2011/06/14 16:32:36.0210 7308 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) G:\Windows\system32\DRIVERS\tdx.sys
2011/06/14 16:32:36.0289 7308 TermDD (561e7e1f06895d78de991e01dd0fb6e5) G:\Windows\system32\drivers\termdd.sys
2011/06/14 16:32:36.0375 7308 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) G:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/14 16:32:36.0427 7308 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) G:\Windows\system32\drivers\tsusbflt.sys
2011/06/14 16:32:36.0528 7308 tunnel (3566a8daafa27af944f5d705eaa64894) G:\Windows\system32\DRIVERS\tunnel.sys
2011/06/14 16:32:36.0566 7308 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) G:\Windows\system32\DRIVERS\uagp35.sys
2011/06/14 16:32:36.0639 7308 udfs (ff4232a1a64012baa1fd97c7b67df593) G:\Windows\system32\DRIVERS\udfs.sys
2011/06/14 16:32:36.0713 7308 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) G:\Windows\system32\drivers\uliagpkx.sys
2011/06/14 16:32:36.0788 7308 umbus (dc54a574663a895c8763af0fa1ff7561) G:\Windows\system32\drivers\umbus.sys
2011/06/14 16:32:36.0824 7308 UmPass (b2e8e8cb557b156da5493bbddcc1474d) G:\Windows\system32\DRIVERS\umpass.sys
2011/06/14 16:32:36.0951 7308 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) G:\Windows\system32\Drivers\usbaapl64.sys
2011/06/14 16:32:37.0012 7308 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) G:\Windows\system32\drivers\usbaudio.sys
2011/06/14 16:32:37.0105 7308 usbccgp (6f1a3157a1c89435352ceb543cdb359c) G:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/14 16:32:37.0151 7308 usbcir (af0892a803fdda7492f595368e3b68e7) G:\Windows\system32\drivers\usbcir.sys
2011/06/14 16:32:37.0223 7308 usbehci (c025055fe7b87701eb042095df1a2d7b) G:\Windows\system32\DRIVERS\usbehci.sys
2011/06/14 16:32:37.0256 7308 usbhub (287c6c9410b111b68b52ca298f7b8c24) G:\Windows\system32\DRIVERS\usbhub.sys
2011/06/14 16:32:37.0316 7308 usbohci (58e546bbaf87664fc57e0f6081e4f609) G:\Windows\system32\DRIVERS\usbohci.sys
2011/06/14 16:32:37.0348 7308 usbprint (73188f58fb384e75c4063d29413cee3d) G:\Windows\system32\DRIVERS\usbprint.sys
2011/06/14 16:32:37.0405 7308 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) G:\Windows\system32\DRIVERS\usbscan.sys
2011/06/14 16:32:37.0470 7308 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) G:\Windows\system32\drivers\USBSTOR.SYS
2011/06/14 16:32:37.0523 7308 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) G:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/14 16:32:37.0607 7308 VClone (fd911873c0bb6945fa38c16e9a2b58f9) G:\Windows\system32\DRIVERS\VClone.sys
2011/06/14 16:32:37.0666 7308 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) G:\Windows\system32\drivers\vdrvroot.sys
2011/06/14 16:32:37.0687 7308 vga (da4da3f5e02943c2dc8c6ed875de68dd) G:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/14 16:32:37.0737 7308 VgaSave (53e92a310193cb3c03bea963de7d9cfc) G:\Windows\System32\drivers\vga.sys
2011/06/14 16:32:37.0801 7308 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) G:\Windows\system32\drivers\vhdmp.sys
2011/06/14 16:32:37.0869 7308 viaide (e5689d93ffe4e5d66c0178761240dd54) G:\Windows\system32\drivers\viaide.sys
2011/06/14 16:32:37.0945 7308 vmbus (86ea3e79ae350fea5331a1303054005f) G:\Windows\system32\drivers\vmbus.sys
2011/06/14 16:32:38.0017 7308 VMBusHID (7de90b48f210d29649380545db45a187) G:\Windows\system32\drivers\VMBusHID.sys
2011/06/14 16:32:38.0151 7308 volmgr (d2aafd421940f640b407aefaaebd91b0) G:\Windows\system32\drivers\volmgr.sys
2011/06/14 16:32:38.0281 7308 volmgrx (a255814907c89be58b79ef2f189b843b) G:\Windows\system32\drivers\volmgrx.sys
2011/06/14 16:32:38.0360 7308 volsnap (0d08d2f3b3ff84e433346669b5e0f639) G:\Windows\system32\drivers\volsnap.sys
2011/06/14 16:32:38.0423 7308 vsmraid (5e2016ea6ebaca03c04feac5f330d997) G:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/14 16:32:38.0484 7308 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) G:\Windows\System32\drivers\vwifibus.sys
2011/06/14 16:32:38.0554 7308 vwififlt (6a3d66263414ff0d6fa754c646612f3f) G:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/14 16:32:38.0585 7308 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) G:\Windows\system32\DRIVERS\wacompen.sys
2011/06/14 16:32:38.0613 7308 WANARP (356afd78a6ed4457169241ac3965230c) G:\Windows\system32\DRIVERS\wanarp.sys
2011/06/14 16:32:38.0624 7308 Wanarpv6 (356afd78a6ed4457169241ac3965230c) G:\Windows\system32\DRIVERS\wanarp.sys
2011/06/14 16:32:38.0671 7308 Wd (72889e16ff12ba0f235467d6091b17dc) G:\Windows\system32\DRIVERS\wd.sys
2011/06/14 16:32:38.0707 7308 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) G:\Windows\system32\drivers\Wdf01000.sys
2011/06/14 16:32:38.0787 7308 WfpLwf (611b23304bf067451a9fdee01fbdd725) G:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/14 16:32:38.0809 7308 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) G:\Windows\system32\drivers\wimmount.sys
2011/06/14 16:32:38.0923 7308 WinUsb (fe88b288356e7b47b74b13372add906d) G:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/14 16:32:39.0009 7308 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) G:\Windows\system32\drivers\wmiacpi.sys
2011/06/14 16:32:39.0093 7308 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) G:\Windows\system32\drivers\ws2ifsl.sys
2011/06/14 16:32:39.0158 7308 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) G:\Windows\system32\drivers\WudfPf.sys
2011/06/14 16:32:39.0192 7308 WUDFRd (cf8d590be3373029d57af80914190682) G:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/14 16:32:39.0275 7308 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) G:\Windows\system32\DRIVERS\yk62x64.sys
2011/06/14 16:32:39.0326 7308 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk0\DR0
2011/06/14 16:32:39.0364 7308 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
2011/06/14 16:32:39.0368 7308 ================================================================================
2011/06/14 16:32:39.0368 7308 Scan finished
2011/06/14 16:32:39.0368 7308 ================================================================================
2011/06/14 16:32:39.0377 8688 Detected object count: 0
2011/06/14 16:32:39.0378 8688 Actual detected object count: 0


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6856

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

6/14/2011 4:39:45 PM
mbam-log-2011-06-14 (16-39-45).txt

Scan type: Quick scan
Objects scanned: 204158
Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:12 AM

Posted 15 June 2011 - 07:06 AM

Hi jkiejr,


You now appear to be all clean. :thumbsup:

We need to do a little house cleaning.

Step 1.

Re-enable emulation

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger might ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

The following two procedures need to be done in the order listed. If you can not do so please let me know.

Step 2.

Uninstall ComboFix

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall Note the space between the X and the /U.

Please advise if this step is missed for any reason as it performs some important functions.

Step 3.

Please open OTL
  • Double click on the Posted Image icon on your desktop.
  • Click the "Cleanup" checkbox.
  • You will be asked, "Begin Cleanup Process"
  • Select Yes
  • You will be prompted to restart your computer.
You can now uninstall any other programs we may have used, delete any logs that may have been generated and re-enable any programs we may have disabled.

Step 4.

Here are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of them, however, by following the rest of them you will reduce the risk of becoming re-infected.

It is critical to stay up to date with the latest upgrades to your Operating System, as this can help prevent future problems. You can find microsoft updates here

I recommend that you visit the link above and either enable 'Automatic Updates' under Start | Control Panel | Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

New viruses come out every minute, so it is essential that you keep your antivirus program updated and have the latest signatures to provide you with the best possible protection from malicious software.
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Make sure you use a firewall. A tutorial on understanding and using firewalls may be found here. For most users the built in Windows Firewall is sufficient. Only use one firewall at a time though.

Install Spyware Blaster and update it regularly
If you wish, the commercial version provides automatic updating.

Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
SuperAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide
a resident and do not nag if you purchase the paid versions. I personally prefer and highly recommend the licensed version of MBAM.

Please read and follow How did I get infected?, With steps so it does not happen again! as well as How to prevent Malware by Miekiemoes

If you have any questions please do not hesitate to ask.


Thanks!!
PW

#13 jkiejr

jkiejr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 15 June 2011 - 07:46 PM

thanks for the help if on the off chance i do get reinfected im coming back here

#14 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:12 AM

Posted 16 June 2011 - 05:52 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
PW




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users