Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ping.exe using 80% or more CPU


  • This topic is locked This topic is locked
13 replies to this topic

#1 mark91

mark91

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 12 December 2011 - 09:29 AM

Hello all!
My computer became sluggish one week ago, even browsing the internet became painfully slow. And the harddrive increased speed like it was thinking. so first i thought that my air vents in the computer was clogged with dust so i cleaned out the inside. that didnt help, so checking taskmanager i see that i have a new program that ive never seen before Ping.exe with a cpu usage of 80 or more.
posted in am i infected to get help, http://www.bleepingcomputer.com/forums/topic431372.html got told to run securitycheck, malwarebytes, super anti spyware and GMER.
after running them, malware bytes found 2 threats but the problem still exists.




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_29
Run by Marcus at 14:38:35 on 2011-12-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3062.1421 [GMT 1:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Windows\system32\dgdersvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\DriveXpert\XSrvSetup.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\DriveXpert\DriveXpertSetup.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Windows\System32\ping.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Marcus\AppData\Roaming\Spotify\spotify.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [KiesTrayAgent] c:\program files\samsung\kies\/\KiesTrayAgent.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [QFan Help] "c:\program files\asus\ai suite\qfan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "c:\program files\asus\ai suite\CpuLevelUpHelp.exe"
mRun: [TurboV] "c:\program files\asus\turbov\TurboV.exe" -b
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Diamondback] c:\program files\razer\diamondback 3g\razerhid.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 193.150.193.150 83.255.245.11
TCP: Interfaces\{0D2E8813-26D6-4774-9006-C4C26C5D4BE2} : DhcpNameServer = 193.150.193.150 83.255.245.11
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\marcus\appdata\roaming\mozilla\firefox\profiles\b9sj42zd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-9-13 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-9-13 744568]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-8-25 11448]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20111114.002\BHDrvx86.sys [2011-11-14 819320]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20111209.002\IDSvix86.sys [2011-12-10 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-9-13 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-9-13 331384]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-6-22 176128]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2010-8-25 96896]
R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2009-12-22 95568]
R2 DriveXpert;DriveXpert;c:\program files\drivexpert\XSrvSetup.exe [2010-8-25 69632]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-9-28 217088]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-9-13 130008]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-6-22 5882880]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-6-22 210944]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2009-12-22 18136]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-8-25 21504]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-9-28 36640]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2010-8-28 13225]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-9-28 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-9-28 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-9-28 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [2010-9-28 100224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-10 21:17:34 -------- d-----w- c:\users\marcus\appdata\local\NPE
2011-12-08 19:52:35 -------- d-----w- c:\programdata\Malwarebytes
2011-12-06 19:37:18 -------- d-----w- c:\users\marcus\appdata\local\SanctionedMedia
2011-11-27 19:09:41 -------- d-----w- c:\users\marcus\appdata\roaming\Spotify
.
==================== Find3M ====================
.
2011-10-03 04:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-02 21:37:56 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-10-02 21:37:56 22328 ----a-w- c:\users\marcus\appdata\roaming\PnkBstrK.sys
2011-10-02 21:37:46 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-10-02 21:37:36 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-10-02 21:37:36 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2011-10-01 20:01:31 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-09-28 13:50:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:39:27,72 ===============





GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-12 15:06:14
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 WDC_WD3200AAKS-00L6A0 rev.01.03E01
Running: gmer.exe; Driver: C:\Users\Marcus\AppData\Local\Temp\uxldypog.sys


---- System - GMER 1.0.15 ----

SSDT 88619280 ZwAlertResumeThread
SSDT 88617660 ZwAlertThread
SSDT 88615BD0 ZwAllocateVirtualMemory
SSDT 88533B50 ZwAlpcConnectPort
SSDT 886DA960 ZwAssignProcessToJobObject
SSDT 88CA92B0 ZwCreateMutant
SSDT 886197D8 ZwCreateSymbolicLinkObject
SSDT 88616500 ZwCreateThread
SSDT 8861D5D0 ZwDebugActiveProcess
SSDT 88615DA0 ZwDuplicateObject
SSDT 886159F0 ZwFreeVirtualMemory
SSDT 88CA9408 ZwImpersonateAnonymousToken
SSDT 886185F0 ZwImpersonateThread
SSDT 88533AD8 ZwLoadDriver
SSDT 886158F0 ZwMapViewOfSection
SSDT 88CA9278 ZwOpenEvent
SSDT 88615F80 ZwOpenProcess
SSDT 88615CC0 ZwOpenProcessToken
SSDT 886191E8 ZwOpenSection
SSDT 88615E90 ZwOpenThread
SSDT 886173B8 ZwProtectVirtualMemory
SSDT 886243A8 ZwResumeThread
SSDT 88615640 ZwSetContextThread
SSDT 88615720 ZwSetInformationProcess
SSDT 886190A0 ZwSetSystemInformation
SSDT 88C501A8 ZwSuspendProcess
SSDT 88615100 ZwSuspendThread
SSDT 886165E0 ZwTerminateProcess
SSDT 88649A10 ZwTerminateThread
SSDT 88615810 ZwUnmapViewOfSection
SSDT 88615AE0 ZwWriteVirtualMemory
SSDT 88617268 ZwCreateThreadEx

INT 0x51 ? 87498BF8
INT 0x51 ? 87498BF8
INT 0x51 ? 87498BF8
INT 0x62 ? 87498BF8
INT 0x72 ? 85F79BF8
INT 0x72 ? 85F79BF8
INT 0x72 ? 85F79BF8
INT 0x72 ? 85F79BF8
INT 0x72 ? 85F79BF8
INT 0x82 ? 85F79BF8
INT 0x82 ? 85F79BF8
INT 0x82 ? 87498BF8
INT 0x82 ? 85F79BF8
INT 0xB2 ? 87498BF8
INT 0xB2 ? 87498BF8
INT 0xB2 ? 87498BF8
INT 0xB3 ? 87498BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 820F9880 8 Bytes [80, 92, 61, 88, 60, 76, 61, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 820F9894 4 Bytes [D0, 5B, 61, 88]
.text ntkrnlpa.exe!KeSetEvent + 13D 820F98A0 4 Bytes [50, 3B, 53, 88] {PUSH EAX; CMP EDX, [EBX-0x78]}
.text ntkrnlpa.exe!KeSetEvent + 191 820F98F4 4 Bytes [60, A9, 6D, 88]
.text ntkrnlpa.exe!KeSetEvent + 1F5 820F9958 4 Bytes [B0, 92, CA, 88]
.text ...
? System32\Drivers\spdr.sys Det går inte att hitta sökvägen. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90205000, 0x31BC8E, 0xE8000020]
.text USBPORT.SYS!DllUnload 912D141B 5 Bytes JMP 874981D8
.text dfsc.sys!Luuqegtx 965CA000 2 Bytes [00, 00] {ADD [EAX], AL}
.text dfsc.sys!Luuqegtx 965CA004 35 Bytes [00, 00, 8B, FF, 55, 8B, EC, ...]
.text dfsc.sys!Luuqegtx 965CA028 51 Bytes [CC, CC, CC, CC, CC, CC, 8B, ...]
.text dfsc.sys!Luuqegtx 965CA05C 63 Bytes [CC, CC, CC, CC, CC, CC, 8B, ...]
.text dfsc.sys!Luuqegtx 965CA09C 15 Bytes [E0, 5C, 96, BE, 00, E0, 5C, ...]
.text ...
.text dfsc.sys!WriteRkhlqxlmg + FF 965CA2A8 166 Bytes [CC, CC, CC, CC, CC, CC, 8B, ...]
.text dfsc.sys!WriteRkhlqxlmg + 1A6 965CA34F 60 Bytes [CC, CC, CC, CC, CC, 8B, FF, ...]
.text dfsc.sys!WriteRkhlqxlmg + 1E3 965CA38C 157 Bytes [74, 05, 0F, B7, 10, EB, 03, ...]
.text dfsc.sys!Luuqegtx + 1C 965CA7DF 234 Bytes [00, 00, 85, D2, BB, 2A, C2, ...]
.text dfsc.sys!Luuqegtx + 107 965CA8CA 14 Bytes [EB, 02, 32, C0, 5E, 5D, C2, ...] {JMP 0x4; XOR AL, AL; POP ESI; POP EBP; RET 0x8; INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 }
.text dfsc.sys!Luuqegtx + 116 965CA8D9 28 Bytes [FF, 55, 8B, EC, 51, 51, 53, ...]
.text dfsc.sys!Luuqegtx + 133 965CA8F6 31 Bytes JMP 965CA9A0 \SystemRoot\System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation)
.text dfsc.sys!Luuqegtx + 153 965CA916 128 Bytes [39, 7D, FC, 75, 2B, 8D, 45, ...]
.text ...
? C:\Windows\System32\Drivers\dfsc.sys suspicious PE modification
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA920F300, 0x3AF78, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA9252300, 0x1BCE, 0xE8000020]
? C:\Users\Marcus\AppData\Local\Temp\mbr.sys Det går inte att hitta filen. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtProtectVirtualMemory 77954D34 5 Bytes JMP 009F000A
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtWriteVirtualMemory 77955674 5 Bytes JMP 00C0000A
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!KiUserExceptionDispatcher 77955DC8 5 Bytes JMP 009E000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4296] ntdll.dll!NtProtectVirtualMemory 77954D34 5 Bytes JMP 005B000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4296] ntdll.dll!NtWriteVirtualMemory 77955674 5 Bytes JMP 005C000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4296] ntdll.dll!KiUserExceptionDispatcher 77955DC8 5 Bytes JMP 0058000A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4776] USER32.dll!SetWindowLongA 773CE7CD 5 Bytes JMP 6249C350 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4776] USER32.dll!SetWindowLongW 773D13B4 5 Bytes JMP 6249C2E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4776] USER32.dll!GetWindowInfo 773D428E 5 Bytes JMP 6224E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4776] USER32.dll!TrackPopupMenu 773E14F3 5 Bytes JMP 6224E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85F7E1F8
Device \Driver\volmgr \Device\VolMgrControl 85F7B1F8
Device \Driver\usbuhci \Device\USBPDO-0 877A71F8
Device \Driver\netbt \Device\NetBT_Tcpip_{0D2E8813-26D6-4774-9006-C4C26C5D4BE2} 885721F8
Device \Driver\usbuhci \Device\USBPDO-1 877A71F8
Device \Driver\usbuhci \Device\USBPDO-2 877A71F8
Device \Driver\usbehci \Device\USBPDO-3 878181F8
Device \Driver\usbuhci \Device\USBPDO-4 877A71F8

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-5 877A71F8
Device \Driver\usbuhci \Device\USBPDO-6 877A71F8
Device \Driver\volmgr \Device\HarddiskVolume1 85F7B1F8
Device \Driver\usbehci \Device\USBPDO-7 878181F8
Device \Driver\volmgr \Device\HarddiskVolume2 85F7B1F8
Device \Driver\cdrom \Device\CdRom0 8780A1F8
Device \Driver\atapi \Device\Ide\IdePort0 85F7D1F8
Device \Driver\atapi \Device\Ide\IdePort1 85F7D1F8
Device \Driver\atapi \Device\Ide\IdePort2 85F7D1F8
Device \Driver\atapi \Device\Ide\IdePort3 85F7D1F8
Device \Driver\atapi \Device\Ide\IdePort4 85F7D1F8
Device \Driver\atapi \Device\Ide\IdePort5 85F7D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-4 85F7D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-5 85F7D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-7 85F7D1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 885721F8
Device \Driver\Smb \Device\NetbiosSmb 8851E1F8
Device \Driver\iScsiPrt \Device\RaidPort0 877A31F8

AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 877A71F8
Device \Driver\usbuhci \Device\USBFDO-1 877A71F8
Device \Driver\usbuhci \Device\USBFDO-2 877A71F8
Device \Driver\usbehci \Device\USBFDO-3 878181F8
Device \Driver\usbuhci \Device\USBFDO-4 877A71F8
Device \Driver\usbuhci \Device\USBFDO-5 877A71F8
Device \Driver\usbuhci \Device\USBFDO-6 877A71F8
Device \Driver\usbehci \Device\USBFDO-7 878181F8
Device \FileSystem\cdfs \Cdfs 85914500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xD4 0xA2 0xBC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x51 0xFA 0x7F 0x50 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6D 0x97 0xAC 0xD6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB6 0xDC 0xF8 0x67 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x57 0x95 0x40 0x88 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB57283$\1735500017 0 bytes
File C:\Windows\$NtUninstallKB57283$\718140686 0 bytes
File C:\Windows\$NtUninstallKB57283$\718140686\@ 2048 bytes
File C:\Windows\$NtUninstallKB57283$\718140686\bckfg.tmp 850 bytes
File C:\Windows\$NtUninstallKB57283$\718140686\cfg.ini 227 bytes
File C:\Windows\$NtUninstallKB57283$\718140686\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB57283$\718140686\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB57283$\718140686\L 0 bytes
File C:\Windows\$NtUninstallKB57283$\718140686\L\qnbwvoto 75264 bytes
File C:\Windows\$NtUninstallKB57283$\718140686\U 0 bytes
File C:\Windows\$NtUninstallKB57283$\718140686\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB57283$\718140686\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB57283$\718140686\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB57283$\718140686\U\80000000.@ 1024 bytes
File C:\Windows\$NtUninstallKB57283$\718140686\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB57283$\718140686\U\80000032.@ 98304 bytes

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:23 PM

Posted 13 December 2011 - 03:08 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It looks like you're infected with an infection known as ZeroAccess.

Please yield the following warning:

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



NEXT:




Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 mark91

mark91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 13 December 2011 - 04:58 PM

Hello mr Agent ST!
Thank you for the fast reply, and for trying to help me with my computer!:)

here comes the requested logs, kaspersky got two logs since i ran it once more after rebooting my computer.





22:20:54.0556 1348 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
22:20:54.0750 1348 ============================================================
22:20:54.0750 1348 Current date / time: 2011/12/13 22:20:54.0750
22:20:54.0750 1348 SystemInfo:
22:20:54.0750 1348
22:20:54.0750 1348 OS Version: 6.0.6002 ServicePack: 2.0
22:20:54.0750 1348 Product type: Workstation
22:20:54.0750 1348 ComputerName: M
22:20:54.0750 1348 UserName: Marcus
22:20:54.0750 1348 Windows directory: C:\Windows
22:20:54.0750 1348 System windows directory: C:\Windows
22:20:54.0750 1348 Processor architecture: Intel x86
22:20:54.0750 1348 Number of processors: 8
22:20:54.0750 1348 Page size: 0x1000
22:20:54.0750 1348 Boot type: Normal boot
22:20:54.0750 1348 ============================================================
22:20:56.0207 1348 Initialize success
22:20:56.0782 4992 ============================================================
22:23:37.0537 5476 Scan started
22:23:37.0537 5476 Mode: Manual; SigCheck; TDLFS;
22:23:37.0537 5476 ============================================================
22:23:37.0917 5476 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:23:37.0943 5476 ACPI - ok
22:23:37.0997 5476 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:23:38.0017 5476 adp94xx - ok
22:23:38.0032 5476 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:23:38.0047 5476 adpahci - ok
22:23:38.0061 5476 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:23:38.0072 5476 adpu160m - ok
22:23:38.0088 5476 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:23:38.0100 5476 adpu320 - ok
22:23:38.0127 5476 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
22:23:38.0152 5476 AFD - ok
22:23:38.0172 5476 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
22:23:38.0183 5476 agp440 - ok
22:23:38.0197 5476 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:23:38.0208 5476 aic78xx - ok
22:23:38.0224 5476 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
22:23:38.0233 5476 aliide - ok
22:23:38.0255 5476 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
22:23:38.0266 5476 amdagp - ok
22:23:38.0285 5476 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
22:23:38.0295 5476 amdide - ok
22:23:38.0311 5476 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:23:38.0361 5476 AmdK7 - ok
22:23:38.0376 5476 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
22:23:38.0425 5476 AmdK8 - ok
22:23:38.0536 5476 amdkmdag (fe6f4671e8a2b29bdabd6d522327fa78) C:\Windows\system32\DRIVERS\atikmdag.sys
22:23:38.0673 5476 amdkmdag - ok
22:23:38.0712 5476 amdkmdap (1dea3e5e6619755fcea772084f38dabe) C:\Windows\system32\DRIVERS\atikmpag.sys
22:23:38.0727 5476 amdkmdap - ok
22:23:38.0745 5476 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:23:38.0756 5476 arc - ok
22:23:38.0773 5476 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:23:38.0784 5476 arcsas - ok
22:23:38.0825 5476 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
22:23:38.0835 5476 AsIO - ok
22:23:38.0849 5476 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\Windows\system32\drivers\AsUpIO.sys
22:23:38.0857 5476 AsUpIO - ok
22:23:38.0869 5476 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:23:38.0898 5476 AsyncMac - ok
22:23:38.0919 5476 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:23:38.0932 5476 atapi - ok
22:23:38.0961 5476 AtiHdmiService (e6530b7887652ad6ca32401483ae6766) C:\Windows\system32\drivers\AtiHdmi.sys
22:23:38.0970 5476 AtiHdmiService - ok
22:23:38.0994 5476 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\Windows\system32\DRIVERS\atksgt.sys
22:23:39.0008 5476 atksgt - ok
22:23:39.0035 5476 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:23:39.0063 5476 Beep - ok
22:23:39.0164 5476 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111114.002\BHDrvx86.sys
22:23:39.0189 5476 BHDrvx86 - ok
22:23:39.0197 5476 blbdrive - ok
22:23:39.0226 5476 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
22:23:39.0254 5476 bowser - ok
22:23:39.0271 5476 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:23:39.0293 5476 BrFiltLo - ok
22:23:39.0305 5476 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:23:39.0327 5476 BrFiltUp - ok
22:23:39.0341 5476 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:23:39.0391 5476 Brserid - ok
22:23:39.0407 5476 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:23:39.0455 5476 BrSerWdm - ok
22:23:39.0473 5476 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:23:39.0502 5476 BrUsbMdm - ok
22:23:39.0513 5476 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:23:39.0542 5476 BrUsbSer - ok
22:23:39.0556 5476 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:23:39.0585 5476 BTHMODEM - ok
22:23:39.0609 5476 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:23:39.0626 5476 cdfs - ok
22:23:39.0643 5476 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:23:39.0656 5476 cdrom - ok
22:23:39.0680 5476 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:23:39.0709 5476 circlass - ok
22:23:39.0739 5476 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:23:39.0748 5476 CLFS - ok
22:23:39.0768 5476 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
22:23:39.0774 5476 cmdide - ok
22:23:39.0786 5476 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
22:23:39.0792 5476 Compbatt - ok
22:23:39.0799 5476 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:23:39.0805 5476 crcdisk - ok
22:23:39.0823 5476 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:23:39.0852 5476 Crusoe - ok
22:23:39.0869 5476 DfsC (730315da266ce0c840b3795635972b96) C:\Windows\system32\Drivers\dfsc.sys
22:23:39.0869 5476 Suspicious file (Forged): C:\Windows\system32\Drivers\dfsc.sys. Real md5: 730315da266ce0c840b3795635972b96, Fake md5: 218d8ae46c88e82014f5d73d0236d9b2
22:23:39.0870 5476 DfsC ( Rootkit.Win32.ZAccess.h ) - infected
22:23:39.0870 5476 DfsC - detected Rootkit.Win32.ZAccess.h (0)
22:23:39.0899 5476 dgderdrv (4f63ff698dc72ec2ec0262427f8b53cb) C:\Windows\system32\drivers\dgderdrv.sys
22:23:39.0904 5476 dgderdrv - ok
22:23:39.0926 5476 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:23:39.0933 5476 disk - ok
22:23:39.0957 5476 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:23:39.0970 5476 drmkaud - ok
22:23:40.0003 5476 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
22:23:40.0019 5476 DXGKrnl - ok
22:23:40.0047 5476 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:23:40.0078 5476 E1G60 - ok
22:23:40.0086 5476 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:23:40.0095 5476 Ecache - ok
22:23:40.0180 5476 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:23:40.0202 5476 eeCtrl - ok
22:23:40.0240 5476 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:23:40.0250 5476 elxstor - ok
22:23:40.0269 5476 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:23:40.0275 5476 EraserUtilRebootDrv - ok
22:23:40.0303 5476 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:23:40.0313 5476 exfat - ok
22:23:40.0351 5476 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:23:40.0366 5476 fastfat - ok
22:23:40.0382 5476 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:23:40.0414 5476 fdc - ok
22:23:40.0431 5476 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:23:40.0439 5476 FileInfo - ok
22:23:40.0457 5476 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:23:40.0476 5476 Filetrace - ok
22:23:40.0493 5476 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:23:40.0527 5476 flpydisk - ok
22:23:40.0545 5476 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:23:40.0555 5476 FltMgr - ok
22:23:40.0579 5476 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
22:23:40.0583 5476 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
22:23:40.0583 5476 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
22:23:40.0609 5476 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:23:40.0624 5476 Fs_Rec - ok
22:23:40.0645 5476 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:23:40.0652 5476 gagp30kx - ok
22:23:40.0666 5476 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:23:40.0671 5476 GEARAspiWDM - ok
22:23:40.0695 5476 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
22:23:40.0699 5476 giveio ( UnsignedFile.Multi.Generic ) - warning
22:23:40.0699 5476 giveio - detected UnsignedFile.Multi.Generic (1)
22:23:40.0740 5476 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
22:23:40.0752 5476 HdAudAddService - ok
22:23:40.0793 5476 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:23:40.0814 5476 HDAudBus - ok
22:23:40.0841 5476 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:23:40.0876 5476 HidBth - ok
22:23:40.0899 5476 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:23:40.0934 5476 HidIr - ok
22:23:40.0958 5476 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:23:40.0974 5476 HidUsb - ok
22:23:40.0991 5476 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:23:40.0999 5476 HpCISSs - ok
22:23:41.0030 5476 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:23:41.0046 5476 HTTP - ok
22:23:41.0066 5476 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:23:41.0074 5476 i2omp - ok
22:23:41.0099 5476 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:23:41.0117 5476 i8042prt - ok
22:23:41.0136 5476 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:23:41.0147 5476 iaStorV - ok
22:23:41.0248 5476 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111212.002\IDSvix86.sys
22:23:41.0257 5476 IDSVix86 - ok
22:23:41.0278 5476 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:23:41.0284 5476 iirsp - ok
22:23:41.0356 5476 IntcAzAudAddService (d3a0a2b1543eed8c9370eff3ae5abcfd) C:\Windows\system32\drivers\RTKVHDA.sys
22:23:41.0418 5476 IntcAzAudAddService - ok
22:23:41.0443 5476 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
22:23:41.0448 5476 intelide - ok
22:23:41.0472 5476 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:23:41.0489 5476 intelppm - ok
22:23:41.0520 5476 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:23:41.0536 5476 IpFilterDriver - ok
22:23:41.0542 5476 IpInIp - ok
22:23:41.0557 5476 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:23:41.0588 5476 IPMIDRV - ok
22:23:41.0604 5476 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:23:41.0622 5476 IPNAT - ok
22:23:41.0635 5476 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:23:41.0653 5476 IRENUM - ok
22:23:41.0665 5476 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
22:23:41.0672 5476 isapnp - ok
22:23:41.0697 5476 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:23:41.0706 5476 iScsiPrt - ok
22:23:41.0729 5476 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:23:41.0735 5476 iteatapi - ok
22:23:41.0753 5476 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:23:41.0759 5476 iteraid - ok
22:23:41.0789 5476 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:23:41.0796 5476 kbdclass - ok
22:23:41.0843 5476 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:23:41.0856 5476 kbdhid - ok
22:23:41.0881 5476 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
22:23:41.0889 5476 KMWDFILTER - ok
22:23:41.0913 5476 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:23:41.0926 5476 KSecDD - ok
22:23:41.0964 5476 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\Windows\system32\DRIVERS\lirsgt.sys
22:23:41.0969 5476 lirsgt - ok
22:23:41.0990 5476 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:23:42.0009 5476 lltdio - ok
22:23:42.0028 5476 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:23:42.0036 5476 LSI_FC - ok
22:23:42.0053 5476 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:23:42.0060 5476 LSI_SAS - ok
22:23:42.0072 5476 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:23:42.0079 5476 LSI_SCSI - ok
22:23:42.0086 5476 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:23:42.0104 5476 luafv - ok
22:23:42.0110 5476 MBAMSwissArmy - ok
22:23:42.0127 5476 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:23:42.0133 5476 megasas - ok
22:23:42.0170 5476 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:23:42.0189 5476 Modem - ok
22:23:42.0220 5476 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:23:42.0239 5476 monitor - ok
22:23:42.0253 5476 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:23:42.0261 5476 mouclass - ok
22:23:42.0275 5476 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:23:42.0295 5476 mouhid - ok
22:23:42.0314 5476 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:23:42.0322 5476 MountMgr - ok
22:23:42.0334 5476 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:23:42.0342 5476 mpio - ok
22:23:42.0356 5476 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:23:42.0371 5476 mpsdrv - ok
22:23:42.0403 5476 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:23:42.0410 5476 Mraid35x - ok
22:23:42.0435 5476 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:23:42.0446 5476 MRxDAV - ok
22:23:42.0463 5476 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:23:42.0473 5476 mrxsmb - ok
22:23:42.0492 5476 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:23:42.0503 5476 mrxsmb10 - ok
22:23:42.0510 5476 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:23:42.0520 5476 mrxsmb20 - ok
22:23:42.0538 5476 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
22:23:42.0545 5476 msahci - ok
22:23:42.0557 5476 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:23:42.0565 5476 msdsm - ok
22:23:42.0597 5476 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:23:42.0617 5476 Msfs - ok
22:23:42.0636 5476 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:23:42.0644 5476 msisadrv - ok
22:23:42.0674 5476 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:23:42.0694 5476 MSKSSRV - ok
22:23:42.0718 5476 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:23:42.0738 5476 MSPCLOCK - ok
22:23:42.0750 5476 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:23:42.0771 5476 MSPQM - ok
22:23:42.0785 5476 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:23:42.0796 5476 MsRPC - ok
22:23:42.0814 5476 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:23:42.0823 5476 mssmbios - ok
22:23:42.0840 5476 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:23:42.0862 5476 MSTEE - ok
22:23:42.0875 5476 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
22:23:42.0883 5476 MTsensor - ok
22:23:42.0890 5476 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:23:42.0899 5476 Mup - ok
22:23:42.0922 5476 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:23:42.0934 5476 NativeWifiP - ok
22:23:43.0048 5476 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111213.002\NAVENG.SYS
22:23:43.0055 5476 NAVENG - ok
22:23:43.0111 5476 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111213.002\NAVEX15.SYS
22:23:43.0145 5476 NAVEX15 - ok
22:23:43.0190 5476 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:23:43.0208 5476 NDIS - ok
22:23:43.0250 5476 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:23:43.0267 5476 NdisTapi - ok
22:23:43.0283 5476 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:23:43.0306 5476 Ndisuio - ok
22:23:43.0325 5476 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:23:43.0344 5476 NdisWan - ok
22:23:43.0358 5476 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:23:43.0377 5476 NDProxy - ok
22:23:43.0384 5476 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:23:43.0409 5476 NetBIOS - ok
22:23:43.0423 5476 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:23:43.0444 5476 netbt - ok
22:23:43.0471 5476 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:23:43.0477 5476 nfrd960 - ok
22:23:43.0490 5476 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:23:43.0503 5476 Npfs - ok
22:23:43.0510 5476 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:23:43.0527 5476 nsiproxy - ok
22:23:43.0552 5476 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:23:43.0574 5476 Ntfs - ok
22:23:43.0596 5476 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:23:43.0625 5476 ntrigdigi - ok
22:23:43.0631 5476 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:23:43.0647 5476 Null - ok
22:23:43.0662 5476 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
22:23:43.0669 5476 nvraid - ok
22:23:43.0685 5476 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
22:23:43.0691 5476 nvstor - ok
22:23:43.0703 5476 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
22:23:43.0710 5476 nv_agp - ok
22:23:43.0715 5476 NwlnkFlt - ok
22:23:43.0721 5476 NwlnkFwd - ok
22:23:43.0745 5476 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:23:43.0759 5476 ohci1394 - ok
22:23:43.0779 5476 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:23:43.0809 5476 Parport - ok
22:23:43.0830 5476 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:23:43.0837 5476 partmgr - ok
22:23:43.0850 5476 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:23:43.0880 5476 Parvdm - ok
22:23:43.0899 5476 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
22:23:43.0906 5476 pccsmcfd - ok
22:23:43.0920 5476 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:23:43.0929 5476 pci - ok
22:23:43.0943 5476 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
22:23:43.0950 5476 pciide - ok
22:23:43.0974 5476 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:23:43.0982 5476 pcmcia - ok
22:23:44.0013 5476 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:23:44.0054 5476 PEAUTH - ok
22:23:44.0118 5476 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:23:44.0135 5476 PptpMiniport - ok
22:23:44.0152 5476 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:23:44.0184 5476 Processor - ok
22:23:44.0201 5476 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:23:44.0215 5476 PSched - ok
22:23:44.0245 5476 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:23:44.0265 5476 ql2300 - ok
22:23:44.0307 5476 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:23:44.0314 5476 ql40xx - ok
22:23:44.0327 5476 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:23:44.0336 5476 QWAVEdrv - ok
22:23:44.0342 5476 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:23:44.0361 5476 RasAcd - ok
22:23:44.0376 5476 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:23:44.0394 5476 Rasl2tp - ok
22:23:44.0411 5476 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:23:44.0425 5476 RasPppoe - ok
22:23:44.0432 5476 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:23:44.0441 5476 RasSstp - ok
22:23:44.0454 5476 Razerlow (116c340acf37602d12cac6de6b8107cd) C:\Windows\system32\Drivers\DB3G.sys
22:23:44.0461 5476 Razerlow - ok
22:23:44.0487 5476 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:23:44.0503 5476 rdbss - ok
22:23:44.0511 5476 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:23:44.0530 5476 RDPCDD - ok
22:23:44.0551 5476 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
22:23:44.0587 5476 rdpdr - ok
22:23:44.0594 5476 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:23:44.0613 5476 RDPENCDD - ok
22:23:44.0643 5476 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:23:44.0660 5476 RDPWD - ok
22:23:44.0685 5476 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:23:44.0705 5476 rspndr - ok
22:23:44.0725 5476 RTL8169 (2cc77c65216a8bb4677e637120d5731d) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:23:44.0741 5476 RTL8169 - ok
22:23:44.0760 5476 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:23:44.0768 5476 sbp2port - ok
22:23:44.0780 5476 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:23:44.0816 5476 secdrv - ok
22:23:44.0835 5476 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:23:44.0870 5476 Serenum - ok
22:23:44.0884 5476 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:23:44.0920 5476 Serial - ok
22:23:44.0941 5476 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:23:44.0959 5476 sermouse - ok
22:23:44.0974 5476 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
22:23:45.0003 5476 sffdisk - ok
22:23:45.0021 5476 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
22:23:45.0051 5476 sffp_mmc - ok
22:23:45.0066 5476 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
22:23:45.0094 5476 sffp_sd - ok
22:23:45.0104 5476 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:23:45.0133 5476 sfloppy - ok
22:23:45.0149 5476 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
22:23:45.0155 5476 sisagp - ok
22:23:45.0169 5476 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:23:45.0175 5476 SiSRaid2 - ok
22:23:45.0188 5476 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:23:45.0194 5476 SiSRaid4 - ok
22:23:45.0227 5476 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:23:45.0240 5476 Smb - ok
22:23:45.0262 5476 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\Windows\system32\speedfan.sys
22:23:45.0268 5476 speedfan - ok
22:23:45.0291 5476 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:23:45.0297 5476 spldr - ok
22:23:45.0322 5476 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
22:23:45.0322 5476 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
22:23:45.0323 5476 sptd ( LockedFile.Multi.Generic ) - warning
22:23:45.0323 5476 sptd - detected LockedFile.Multi.Generic (1)
22:23:45.0360 5476 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS
22:23:45.0371 5476 SRTSP - ok
22:23:45.0422 5476 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
22:23:45.0427 5476 SRTSPX - ok
22:23:45.0453 5476 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
22:23:45.0464 5476 srv - ok
22:23:45.0478 5476 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
22:23:45.0488 5476 srv2 - ok
22:23:45.0501 5476 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
22:23:45.0511 5476 srvnet - ok
22:23:45.0537 5476 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\Windows\system32\DRIVERS\ss_bbus.sys
22:23:45.0543 5476 ss_bbus - ok
22:23:45.0569 5476 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
22:23:45.0573 5476 ss_bmdfl - ok
22:23:45.0602 5476 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\Windows\system32\DRIVERS\ss_bmdm.sys
22:23:45.0608 5476 ss_bmdm - ok
22:23:45.0634 5476 ss_bserd (994d2e5378cc337ec7dd73c1e04fcaa4) C:\Windows\system32\DRIVERS\ss_bserd.sys
22:23:45.0640 5476 ss_bserd - ok
22:23:45.0665 5476 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:23:45.0671 5476 swenum - ok
22:23:45.0701 5476 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:23:45.0708 5476 Symc8xx - ok
22:23:45.0735 5476 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
22:23:45.0745 5476 SymDS - ok
22:23:45.0782 5476 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
22:23:45.0798 5476 SymEFA - ok
22:23:45.0850 5476 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
22:23:45.0856 5476 SymEvent - ok
22:23:45.0871 5476 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
22:23:45.0878 5476 SymIRON - ok
22:23:45.0897 5476 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS
22:23:45.0907 5476 SYMTDIv - ok
22:23:45.0927 5476 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:23:45.0934 5476 Sym_hi - ok
22:23:45.0970 5476 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:23:45.0977 5476 Sym_u3 - ok
22:23:46.0027 5476 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
22:23:46.0049 5476 Tcpip - ok
22:23:46.0094 5476 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
22:23:46.0116 5476 Tcpip6 - ok
22:23:46.0164 5476 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:23:46.0174 5476 tcpipreg - ok
22:23:46.0199 5476 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:23:46.0218 5476 TDPIPE - ok
22:23:46.0235 5476 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:23:46.0254 5476 TDTCP - ok
22:23:46.0284 5476 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:23:46.0300 5476 tdx - ok
22:23:46.0325 5476 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:23:46.0334 5476 TermDD - ok
22:23:46.0372 5476 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:23:46.0393 5476 tssecsrv - ok
22:23:46.0422 5476 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:23:46.0438 5476 tunmp - ok
22:23:46.0463 5476 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
22:23:46.0479 5476 tunnel - ok
22:23:46.0493 5476 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:23:46.0502 5476 uagp35 - ok
22:23:46.0528 5476 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:23:46.0546 5476 udfs - ok
22:23:46.0572 5476 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
22:23:46.0579 5476 uliagpkx - ok
22:23:46.0599 5476 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:23:46.0607 5476 uliahci - ok
22:23:46.0619 5476 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:23:46.0626 5476 UlSata - ok
22:23:46.0636 5476 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:23:46.0643 5476 ulsata2 - ok
22:23:46.0664 5476 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:23:46.0681 5476 umbus - ok
22:23:46.0696 5476 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:23:46.0709 5476 usbccgp - ok
22:23:46.0729 5476 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:23:46.0759 5476 usbcir - ok
22:23:46.0786 5476 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:23:46.0799 5476 usbehci - ok
22:23:46.0843 5476 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:23:46.0857 5476 usbhub - ok
22:23:46.0875 5476 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:23:46.0904 5476 usbohci - ok
22:23:46.0928 5476 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:23:46.0945 5476 usbprint - ok
22:23:46.0959 5476 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:23:46.0973 5476 USBSTOR - ok
22:23:46.0998 5476 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:23:47.0011 5476 usbuhci - ok
22:23:47.0037 5476 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:23:47.0054 5476 vga - ok
22:23:47.0078 5476 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:23:47.0095 5476 VgaSave - ok
22:23:47.0114 5476 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
22:23:47.0121 5476 viaagp - ok
22:23:47.0143 5476 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:23:47.0176 5476 ViaC7 - ok
22:23:47.0196 5476 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
22:23:47.0203 5476 viaide - ok
22:23:47.0220 5476 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:23:47.0227 5476 volmgr - ok
22:23:47.0258 5476 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:23:47.0268 5476 volmgrx - ok
22:23:47.0283 5476 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:23:47.0294 5476 volsnap - ok
22:23:47.0311 5476 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:23:47.0319 5476 vsmraid - ok
22:23:47.0355 5476 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:23:47.0388 5476 WacomPen - ok
22:23:47.0403 5476 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:23:47.0418 5476 Wanarp - ok
22:23:47.0420 5476 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:23:47.0435 5476 Wanarpv6 - ok
22:23:47.0457 5476 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:23:47.0464 5476 Wd - ok
22:23:47.0559 5476 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:23:47.0587 5476 Wdf01000 - ok
22:23:47.0643 5476 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
22:23:47.0653 5476 WinUSB - ok
22:23:47.0671 5476 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
22:23:47.0704 5476 WmiAcpi - ok
22:23:47.0736 5476 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:23:47.0745 5476 WpdUsb - ok
22:23:47.0764 5476 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:23:47.0783 5476 ws2ifsl - ok
22:23:47.0809 5476 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:23:47.0829 5476 WUDFRd - ok
22:23:47.0837 5476 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:23:47.0907 5476 \Device\Harddisk0\DR0 - ok
22:23:47.0921 5476 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
22:23:47.0978 5476 \Device\Harddisk1\DR1 - ok
22:23:47.0980 5476 Boot (0x1200) (05cc15fa2d3dbac72a133908003b0d37) \Device\Harddisk0\DR0\Partition0
22:23:47.0981 5476 \Device\Harddisk0\DR0\Partition0 - ok
22:23:48.0005 5476 Boot (0x1200) (f6ee3be932291f5f94f7e59d9a9962c5) \Device\Harddisk1\DR1\Partition0
22:23:48.0006 5476 \Device\Harddisk1\DR1\Partition0 - ok
22:23:48.0006 5476 ============================================================
22:23:48.0006 5476 Scan finished
22:23:48.0006 5476 ============================================================
22:23:48.0011 5552 Detected object count: 4
22:23:48.0011 5552 Actual detected object count: 4
22:23:54.0122 5552 Backup copy not found, trying to cure infected file..
22:23:54.0148 5552 Cure success, using it..
22:23:54.0293 5552 C:\Windows\system32\Drivers\dfsc.sys - will be cured on reboot
22:23:56.0151 5552 DfsC ( Rootkit.Win32.ZAccess.h ) - User select action: Cure
22:23:56.0151 5552 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:56.0151 5552 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:56.0153 5552 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:56.0153 5552 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:56.0154 5552 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:23:56.0154 5552 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:23:59.0268 4552 Deinitialize success








22:31:19.0181 4072 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
22:31:19.0352 4072 ============================================================
22:31:19.0352 4072 Current date / time: 2011/12/13 22:31:19.0352
22:31:19.0352 4072 SystemInfo:
22:31:19.0352 4072
22:31:19.0352 4072 OS Version: 6.0.6002 ServicePack: 2.0
22:31:19.0352 4072 Product type: Workstation
22:31:19.0352 4072 ComputerName: M
22:31:19.0352 4072 UserName: Marcus
22:31:19.0352 4072 Windows directory: C:\Windows
22:31:19.0352 4072 System windows directory: C:\Windows
22:31:19.0352 4072 Processor architecture: Intel x86
22:31:19.0352 4072 Number of processors: 8
22:31:19.0352 4072 Page size: 0x1000
22:31:19.0352 4072 Boot type: Normal boot
22:31:19.0352 4072 ============================================================
22:31:20.0834 4072 Initialize success
22:31:24.0485 3656 ============================================================
22:31:24.0485 3656 Scan started
22:31:24.0485 3656 Mode: Manual; SigCheck; TDLFS;
22:31:24.0485 3656 ============================================================
22:31:25.0889 3656 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:31:25.0982 3656 ACPI - ok
22:31:26.0060 3656 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:31:26.0076 3656 adp94xx - ok
22:31:26.0107 3656 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:31:26.0123 3656 adpahci - ok
22:31:26.0123 3656 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:31:26.0138 3656 adpu160m - ok
22:31:26.0263 3656 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:31:26.0279 3656 adpu320 - ok
22:31:26.0326 3656 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
22:31:26.0341 3656 AFD - ok
22:31:26.0372 3656 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
22:31:26.0388 3656 agp440 - ok
22:31:26.0404 3656 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:31:26.0404 3656 aic78xx - ok
22:31:26.0419 3656 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
22:31:26.0435 3656 aliide - ok
22:31:26.0450 3656 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
22:31:26.0466 3656 amdagp - ok
22:31:26.0482 3656 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
22:31:26.0497 3656 amdide - ok
22:31:26.0544 3656 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:31:26.0575 3656 AmdK7 - ok
22:31:26.0684 3656 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
22:31:26.0716 3656 AmdK8 - ok
22:31:28.0229 3656 amdkmdag (fe6f4671e8a2b29bdabd6d522327fa78) C:\Windows\system32\DRIVERS\atikmdag.sys
22:31:28.0369 3656 amdkmdag - ok
22:31:28.0775 3656 amdkmdap (1dea3e5e6619755fcea772084f38dabe) C:\Windows\system32\DRIVERS\atikmpag.sys
22:31:28.0790 3656 amdkmdap - ok
22:31:28.0853 3656 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:31:28.0868 3656 arc - ok
22:31:28.0900 3656 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:31:28.0915 3656 arcsas - ok
22:31:28.0946 3656 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
22:31:28.0978 3656 AsIO - ok
22:31:28.0993 3656 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\Windows\system32\drivers\AsUpIO.sys
22:31:29.0009 3656 AsUpIO - ok
22:31:29.0024 3656 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:31:29.0056 3656 AsyncMac - ok
22:31:29.0212 3656 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:31:29.0212 3656 atapi - ok
22:31:29.0274 3656 AtiHdmiService (e6530b7887652ad6ca32401483ae6766) C:\Windows\system32\drivers\AtiHdmi.sys
22:31:29.0290 3656 AtiHdmiService - ok
22:31:29.0321 3656 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\Windows\system32\DRIVERS\atksgt.sys
22:31:29.0336 3656 atksgt - ok
22:31:29.0383 3656 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:31:29.0399 3656 Beep - ok
22:31:29.0945 3656 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111114.002\BHDrvx86.sys
22:31:29.0976 3656 BHDrvx86 - ok
22:31:30.0023 3656 blbdrive - ok
22:31:30.0038 3656 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
22:31:30.0070 3656 bowser - ok
22:31:30.0101 3656 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:31:30.0116 3656 BrFiltLo - ok
22:31:30.0132 3656 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:31:30.0148 3656 BrFiltUp - ok
22:31:30.0194 3656 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:31:30.0241 3656 Brserid - ok
22:31:30.0257 3656 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:31:30.0335 3656 BrSerWdm - ok
22:31:30.0366 3656 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:31:30.0413 3656 BrUsbMdm - ok
22:31:30.0460 3656 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:31:30.0506 3656 BrUsbSer - ok
22:31:30.0538 3656 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:31:30.0584 3656 BTHMODEM - ok
22:31:30.0600 3656 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:31:30.0616 3656 cdfs - ok
22:31:30.0647 3656 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:31:30.0662 3656 cdrom - ok
22:31:30.0678 3656 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:31:30.0709 3656 circlass - ok
22:31:30.0834 3656 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:31:30.0865 3656 CLFS - ok
22:31:30.0896 3656 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
22:31:30.0912 3656 cmdide - ok
22:31:30.0928 3656 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
22:31:30.0928 3656 Compbatt - ok
22:31:30.0943 3656 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:31:30.0959 3656 crcdisk - ok
22:31:30.0959 3656 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:31:30.0990 3656 Crusoe - ok
22:31:31.0021 3656 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
22:31:31.0052 3656 DfsC - ok
22:31:31.0099 3656 dgderdrv (4f63ff698dc72ec2ec0262427f8b53cb) C:\Windows\system32\drivers\dgderdrv.sys
22:31:31.0099 3656 dgderdrv - ok
22:31:31.0146 3656 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:31:31.0146 3656 disk - ok
22:31:31.0193 3656 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:31:31.0208 3656 drmkaud - ok
22:31:31.0240 3656 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
22:31:31.0255 3656 DXGKrnl - ok
22:31:31.0286 3656 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:31:31.0318 3656 E1G60 - ok
22:31:31.0349 3656 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:31:31.0364 3656 Ecache - ok
22:31:31.0552 3656 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:31:31.0583 3656 eeCtrl - ok
22:31:31.0630 3656 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:31:31.0630 3656 elxstor - ok
22:31:31.0692 3656 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:31:31.0692 3656 EraserUtilRebootDrv - ok
22:31:31.0786 3656 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:31:31.0786 3656 exfat - ok
22:31:31.0832 3656 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:31:31.0848 3656 fastfat - ok
22:31:31.0864 3656 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:31:31.0895 3656 fdc - ok
22:31:32.0051 3656 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:31:32.0082 3656 FileInfo - ok
22:31:32.0113 3656 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:31:32.0129 3656 Filetrace - ok
22:31:32.0238 3656 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:31:32.0285 3656 flpydisk - ok
22:31:32.0456 3656 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:31:32.0488 3656 FltMgr - ok
22:31:32.0550 3656 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
22:31:32.0550 3656 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
22:31:32.0550 3656 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
22:31:32.0581 3656 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:31:32.0612 3656 Fs_Rec - ok
22:31:32.0644 3656 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:31:32.0659 3656 gagp30kx - ok
22:31:32.0784 3656 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:31:32.0800 3656 GEARAspiWDM - ok
22:31:33.0002 3656 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
22:31:33.0002 3656 giveio ( UnsignedFile.Multi.Generic ) - warning
22:31:33.0002 3656 giveio - detected UnsignedFile.Multi.Generic (1)
22:31:33.0112 3656 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
22:31:33.0143 3656 HdAudAddService - ok
22:31:33.0190 3656 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:31:33.0236 3656 HDAudBus - ok
22:31:33.0252 3656 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:31:33.0299 3656 HidBth - ok
22:31:33.0314 3656 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:31:33.0361 3656 HidIr - ok
22:31:33.0424 3656 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:31:33.0439 3656 HidUsb - ok
22:31:33.0455 3656 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:31:33.0470 3656 HpCISSs - ok
22:31:33.0502 3656 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:31:33.0517 3656 HTTP - ok
22:31:33.0533 3656 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:31:33.0548 3656 i2omp - ok
22:31:33.0580 3656 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:31:33.0611 3656 i8042prt - ok
22:31:33.0626 3656 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:31:33.0642 3656 iaStorV - ok
22:31:33.0876 3656 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111212.002\IDSvix86.sys
22:31:33.0923 3656 IDSVix86 - ok
22:31:33.0970 3656 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:31:33.0985 3656 iirsp - ok
22:31:34.0110 3656 IntcAzAudAddService (d3a0a2b1543eed8c9370eff3ae5abcfd) C:\Windows\system32\drivers\RTKVHDA.sys
22:31:34.0188 3656 IntcAzAudAddService - ok
22:31:34.0235 3656 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
22:31:34.0235 3656 intelide - ok
22:31:34.0266 3656 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:31:34.0297 3656 intelppm - ok
22:31:34.0328 3656 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:31:34.0360 3656 IpFilterDriver - ok
22:31:34.0360 3656 IpInIp - ok
22:31:34.0453 3656 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:31:34.0516 3656 IPMIDRV - ok
22:31:34.0531 3656 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:31:34.0562 3656 IPNAT - ok
22:31:34.0594 3656 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:31:34.0609 3656 IRENUM - ok
22:31:34.0718 3656 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
22:31:34.0750 3656 isapnp - ok
22:31:34.0812 3656 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:31:34.0828 3656 iScsiPrt - ok
22:31:34.0874 3656 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:31:34.0906 3656 iteatapi - ok
22:31:34.0952 3656 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:31:34.0952 3656 iteraid - ok
22:31:34.0984 3656 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:31:34.0999 3656 kbdclass - ok
22:31:35.0062 3656 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:31:35.0108 3656 kbdhid - ok
22:31:35.0155 3656 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
22:31:35.0171 3656 KMWDFILTER - ok
22:31:35.0405 3656 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:31:35.0436 3656 KSecDD - ok
22:31:35.0483 3656 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\Windows\system32\DRIVERS\lirsgt.sys
22:31:35.0483 3656 lirsgt - ok
22:31:35.0514 3656 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:31:35.0545 3656 lltdio - ok
22:31:35.0561 3656 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:31:35.0576 3656 LSI_FC - ok
22:31:35.0592 3656 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:31:35.0608 3656 LSI_SAS - ok
22:31:35.0623 3656 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:31:35.0639 3656 LSI_SCSI - ok
22:31:35.0670 3656 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:31:35.0686 3656 luafv - ok
22:31:35.0717 3656 MBAMSwissArmy - ok
22:31:35.0764 3656 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:31:35.0779 3656 megasas - ok
22:31:35.0904 3656 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:31:35.0935 3656 Modem - ok
22:31:35.0982 3656 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:31:36.0013 3656 monitor - ok
22:31:36.0122 3656 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:31:36.0138 3656 mouclass - ok
22:31:36.0278 3656 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:31:36.0341 3656 mouhid - ok
22:31:36.0419 3656 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:31:36.0466 3656 MountMgr - ok
22:31:36.0497 3656 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:31:36.0512 3656 mpio - ok
22:31:36.0528 3656 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:31:36.0559 3656 mpsdrv - ok
22:31:36.0575 3656 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:31:36.0590 3656 Mraid35x - ok
22:31:36.0622 3656 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:31:36.0637 3656 MRxDAV - ok
22:31:36.0668 3656 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:31:36.0684 3656 mrxsmb - ok
22:31:36.0700 3656 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:31:36.0715 3656 mrxsmb10 - ok
22:31:36.0731 3656 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:31:36.0746 3656 mrxsmb20 - ok
22:31:36.0793 3656 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
22:31:36.0793 3656 msahci - ok
22:31:36.0902 3656 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:31:36.0934 3656 msdsm - ok
22:31:36.0996 3656 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:31:37.0043 3656 Msfs - ok
22:31:37.0074 3656 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:31:37.0090 3656 msisadrv - ok
22:31:37.0121 3656 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:31:37.0152 3656 MSKSSRV - ok
22:31:37.0183 3656 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:31:37.0214 3656 MSPCLOCK - ok
22:31:37.0230 3656 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:31:37.0261 3656 MSPQM - ok
22:31:37.0277 3656 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:31:37.0292 3656 MsRPC - ok
22:31:37.0308 3656 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:31:37.0324 3656 mssmbios - ok
22:31:37.0339 3656 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:31:37.0355 3656 MSTEE - ok
22:31:37.0370 3656 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
22:31:37.0386 3656 MTsensor - ok
22:31:37.0386 3656 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:31:37.0402 3656 Mup - ok
22:31:37.0433 3656 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:31:37.0448 3656 NativeWifiP - ok
22:31:37.0823 3656 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111213.002\NAVENG.SYS
22:31:37.0823 3656 NAVENG - ok
22:31:38.0400 3656 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111213.002\NAVEX15.SYS
22:31:38.0431 3656 NAVEX15 - ok
22:31:38.0696 3656 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:31:38.0728 3656 NDIS - ok
22:31:38.0790 3656 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:31:38.0806 3656 NdisTapi - ok
22:31:38.0852 3656 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:31:38.0868 3656 Ndisuio - ok
22:31:38.0915 3656 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:31:38.0930 3656 NdisWan - ok
22:31:38.0946 3656 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:31:38.0962 3656 NDProxy - ok
22:31:38.0977 3656 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:31:38.0993 3656 NetBIOS - ok
22:31:39.0008 3656 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:31:39.0024 3656 netbt - ok
22:31:39.0055 3656 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:31:39.0071 3656 nfrd960 - ok
22:31:39.0086 3656 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:31:39.0102 3656 Npfs - ok
22:31:39.0118 3656 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:31:39.0133 3656 nsiproxy - ok
22:31:39.0180 3656 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:31:39.0211 3656 Ntfs - ok
22:31:39.0227 3656 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:31:39.0274 3656 ntrigdigi - ok
22:31:39.0336 3656 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:31:39.0367 3656 Null - ok
22:31:39.0398 3656 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
22:31:39.0398 3656 nvraid - ok
22:31:39.0414 3656 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
22:31:39.0430 3656 nvstor - ok
22:31:39.0445 3656 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
22:31:39.0461 3656 nv_agp - ok
22:31:39.0461 3656 NwlnkFlt - ok
22:31:39.0461 3656 NwlnkFwd - ok
22:31:39.0508 3656 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:31:39.0523 3656 ohci1394 - ok
22:31:39.0554 3656 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:31:39.0586 3656 Parport - ok
22:31:39.0664 3656 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:31:39.0695 3656 partmgr - ok
22:31:39.0726 3656 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:31:39.0773 3656 Parvdm - ok
22:31:39.0804 3656 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
22:31:39.0820 3656 pccsmcfd - ok
22:31:39.0944 3656 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:31:39.0960 3656 pci - ok
22:31:40.0007 3656 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
22:31:40.0007 3656 pciide - ok
22:31:40.0132 3656 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:31:40.0163 3656 pcmcia - ok
22:31:40.0225 3656 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:31:40.0288 3656 PEAUTH - ok
22:31:40.0381 3656 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:31:40.0412 3656 PptpMiniport - ok
22:31:40.0428 3656 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:31:40.0475 3656 Processor - ok
22:31:40.0553 3656 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:31:40.0568 3656 PSched - ok
22:31:40.0631 3656 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:31:40.0693 3656 ql2300 - ok
22:31:40.0740 3656 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:31:40.0771 3656 ql40xx - ok
22:31:40.0818 3656 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:31:40.0834 3656 QWAVEdrv - ok
22:31:40.0896 3656 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:31:40.0943 3656 RasAcd - ok
22:31:40.0974 3656 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:31:41.0021 3656 Rasl2tp - ok
22:31:41.0114 3656 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:31:41.0161 3656 RasPppoe - ok
22:31:41.0177 3656 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:31:41.0177 3656 RasSstp - ok
22:31:41.0224 3656 Razerlow (116c340acf37602d12cac6de6b8107cd) C:\Windows\system32\Drivers\DB3G.sys
22:31:41.0239 3656 Razerlow - ok
22:31:41.0426 3656 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:31:41.0473 3656 rdbss - ok
22:31:41.0504 3656 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:31:41.0536 3656 RDPCDD - ok
22:31:41.0551 3656 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
22:31:41.0614 3656 rdpdr - ok
22:31:41.0614 3656 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:31:41.0645 3656 RDPENCDD - ok
22:31:41.0676 3656 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:31:41.0707 3656 RDPWD - ok
22:31:41.0738 3656 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:31:41.0770 3656 rspndr - ok
22:31:41.0785 3656 RTL8169 (2cc77c65216a8bb4677e637120d5731d) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:31:41.0816 3656 RTL8169 - ok
22:31:41.0863 3656 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:31:41.0894 3656 sbp2port - ok
22:31:41.0941 3656 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:31:41.0988 3656 secdrv - ok
22:31:42.0050 3656 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:31:42.0144 3656 Serenum - ok
22:31:42.0284 3656 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:31:42.0362 3656 Serial - ok
22:31:42.0394 3656 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:31:42.0425 3656 sermouse - ok
22:31:42.0503 3656 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
22:31:42.0581 3656 sffdisk - ok
22:31:42.0643 3656 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
22:31:42.0690 3656 sffp_mmc - ok
22:31:42.0799 3656 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
22:31:42.0846 3656 sffp_sd - ok
22:31:42.0877 3656 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:31:42.0924 3656 sfloppy - ok
22:31:43.0033 3656 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
22:31:43.0064 3656 sisagp - ok
22:31:43.0111 3656 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:31:43.0111 3656 SiSRaid2 - ok
22:31:43.0127 3656 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:31:43.0142 3656 SiSRaid4 - ok
22:31:43.0174 3656 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:31:43.0205 3656 Smb - ok
22:31:43.0330 3656 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\Windows\system32\speedfan.sys
22:31:43.0330 3656 speedfan - ok
22:31:43.0361 3656 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:31:43.0376 3656 spldr - ok
22:31:43.0408 3656 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
22:31:43.0408 3656 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
22:31:43.0408 3656 sptd ( LockedFile.Multi.Generic ) - warning
22:31:43.0408 3656 sptd - detected LockedFile.Multi.Generic (1)
22:31:43.0579 3656 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS
22:31:43.0610 3656 SRTSP - ok
22:31:43.0642 3656 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
22:31:43.0657 3656 SRTSPX - ok
22:31:43.0798 3656 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
22:31:43.0829 3656 srv - ok
22:31:43.0860 3656 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
22:31:43.0876 3656 srv2 - ok
22:31:43.0922 3656 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
22:31:43.0938 3656 srvnet - ok
22:31:43.0985 3656 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\Windows\system32\DRIVERS\ss_bbus.sys
22:31:44.0000 3656 ss_bbus - ok
22:31:44.0032 3656 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
22:31:44.0032 3656 ss_bmdfl - ok
22:31:44.0063 3656 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\Windows\system32\DRIVERS\ss_bmdm.sys
22:31:44.0078 3656 ss_bmdm - ok
22:31:44.0094 3656 ss_bserd (994d2e5378cc337ec7dd73c1e04fcaa4) C:\Windows\system32\DRIVERS\ss_bserd.sys
22:31:44.0110 3656 ss_bserd - ok
22:31:44.0156 3656 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:31:44.0156 3656 swenum - ok
22:31:44.0281 3656 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:31:44.0312 3656 Symc8xx - ok
22:31:44.0468 3656 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
22:31:44.0500 3656 SymDS - ok
22:31:44.0546 3656 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
22:31:44.0593 3656 SymEFA - ok
22:31:44.0624 3656 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
22:31:44.0640 3656 SymEvent - ok
22:31:44.0656 3656 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
22:31:44.0656 3656 SymIRON - ok
22:31:44.0812 3656 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS
22:31:44.0843 3656 SYMTDIv - ok
22:31:44.0874 3656 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:31:44.0874 3656 Sym_hi - ok
22:31:44.0952 3656 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:31:44.0952 3656 Sym_u3 - ok
22:31:45.0014 3656 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
22:31:45.0092 3656 Tcpip - ok
22:31:45.0186 3656 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
22:31:45.0217 3656 Tcpip6 - ok
22:31:45.0264 3656 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:31:45.0295 3656 tcpipreg - ok
22:31:45.0311 3656 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:31:45.0342 3656 TDPIPE - ok
22:31:45.0373 3656 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:31:45.0404 3656 TDTCP - ok
22:31:45.0436 3656 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:31:45.0482 3656 tdx - ok
22:31:45.0514 3656 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:31:45.0529 3656 TermDD - ok
22:31:45.0670 3656 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:31:45.0701 3656 tssecsrv - ok
22:31:45.0826 3656 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:31:45.0841 3656 tunmp - ok
22:31:45.0904 3656 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
22:31:45.0935 3656 tunnel - ok
22:31:46.0013 3656 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:31:46.0044 3656 uagp35 - ok
22:31:46.0106 3656 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:31:46.0138 3656 udfs - ok
22:31:46.0169 3656 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
22:31:46.0169 3656 uliagpkx - ok
22:31:46.0200 3656 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:31:46.0216 3656 uliahci - ok
22:31:46.0231 3656 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:31:46.0247 3656 UlSata - ok
22:31:46.0247 3656 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:31:46.0262 3656 ulsata2 - ok
22:31:46.0294 3656 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:31:46.0325 3656 umbus - ok
22:31:46.0356 3656 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:31:46.0387 3656 usbccgp - ok
22:31:46.0403 3656 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:31:46.0450 3656 usbcir - ok
22:31:46.0496 3656 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:31:46.0543 3656 usbehci - ok
22:31:46.0684 3656 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:31:46.0699 3656 usbhub - ok
22:31:46.0730 3656 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:31:46.0777 3656 usbohci - ok
22:31:46.0918 3656 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:31:46.0949 3656 usbprint - ok
22:31:46.0980 3656 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:31:47.0027 3656 USBSTOR - ok
22:31:47.0058 3656 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:31:47.0089 3656 usbuhci - ok
22:31:47.0120 3656 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:31:47.0136 3656 vga - ok
22:31:47.0276 3656 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:31:47.0323 3656 VgaSave - ok
22:31:47.0354 3656 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
22:31:47.0370 3656 viaagp - ok
22:31:47.0386 3656 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:31:47.0432 3656 ViaC7 - ok
22:31:47.0495 3656 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
22:31:47.0510 3656 viaide - ok
22:31:47.0604 3656 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:31:47.0620 3656 volmgr - ok
22:31:47.0666 3656 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:31:47.0682 3656 volmgrx - ok
22:31:47.0698 3656 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:31:47.0713 3656 volsnap - ok
22:31:47.0744 3656 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:31:47.0744 3656 vsmraid - ok
22:31:47.0776 3656 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:31:47.0822 3656 WacomPen - ok
22:31:47.0947 3656 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:31:47.0963 3656 Wanarp - ok
22:31:48.0010 3656 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:31:48.0041 3656 Wanarpv6 - ok
22:31:48.0056 3656 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:31:48.0072 3656 Wd - ok
22:31:48.0384 3656 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:31:48.0446 3656 Wdf01000 - ok
22:31:48.0509 3656 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
22:31:48.0540 3656 WinUSB - ok
22:31:48.0571 3656 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
22:31:48.0618 3656 WmiAcpi - ok
22:31:48.0665 3656 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:31:48.0680 3656 WpdUsb - ok
22:31:48.0712 3656 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:31:48.0727 3656 ws2ifsl - ok
22:31:48.0758 3656 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:31:48.0774 3656 WUDFRd - ok
22:31:48.0774 3656 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:31:48.0992 3656 \Device\Harddisk0\DR0 - ok
22:31:49.0024 3656 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
22:31:49.0070 3656 \Device\Harddisk1\DR1 - ok
22:31:49.0086 3656 Boot (0x1200) (05cc15fa2d3dbac72a133908003b0d37) \Device\Harddisk0\DR0\Partition0
22:31:49.0086 3656 \Device\Harddisk0\DR0\Partition0 - ok
22:31:49.0117 3656 Boot (0x1200) (f6ee3be932291f5f94f7e59d9a9962c5) \Device\Harddisk1\DR1\Partition0
22:31:49.0117 3656 \Device\Harddisk1\DR1\Partition0 - ok
22:31:49.0117 3656 ============================================================
22:31:49.0117 3656 Scan finished
22:31:49.0117 3656 ============================================================
22:31:49.0117 3416 Detected object count: 3
22:31:49.0117 3416 Actual detected object count: 3
22:31:53.0844 3416 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:53.0844 3416 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:53.0844 3416 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:53.0844 3416 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:53.0844 3416 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:31:53.0844 3416 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:33:37.0866 4028 Deinitialize success






OTL logfile created on: 2011-12-13 22:35:25 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marcus\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,99 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,96% Memory free
6,18 Gb Paging File | 4,93 Gb Available in Paging File | 79,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 117,93 Gb Free Space | 39,56% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 123,12 Gb Free Space | 13,22% Space Free | Partition Type: NTFS

Computer Name: M | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-12-13 22:33:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
PRC - [2011-11-08 19:30:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program\Mozilla Firefox\firefox.exe
PRC - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011-04-17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2010-06-22 22:30:36 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010-06-22 22:30:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010-04-16 21:12:46 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe
PRC - [2010-03-08 15:51:58 | 005,672,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program\ASUS\TurboV\TurboV.exe
PRC - [2010-03-08 15:22:18 | 007,283,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009-12-28 20:33:00 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009-12-22 03:31:26 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009-12-22 03:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe
PRC - [2009-07-01 19:23:52 | 001,435,136 | ---- | M] () -- C:\Program\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2009-07-01 19:19:18 | 000,601,088 | ---- | M] () -- C:\Program\ASUS\AI Suite\QFan3\QFanHelp.exe
PRC - [2009-04-10 22:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Sidebar\sidebar.exe
PRC - [2009-04-10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-11-07 09:45:24 | 011,195,904 | ---- | M] () -- C:\Program\DriveXpert\DriveXpertSetup.exe
PRC - [2008-11-07 09:45:06 | 000,069,632 | ---- | M] () -- C:\Program\DriveXpert\XSrvSetup.exe
PRC - [2008-01-18 22:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe
PRC - [2008-01-18 22:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnscfg.exe
PRC - [2007-08-01 13:07:06 | 000,147,456 | ---- | M] () -- C:\Program\Razer\Diamondback 3G\razerhid.exe
PRC - [2007-08-01 12:42:30 | 000,131,072 | ---- | M] () -- C:\Program\Razer\Diamondback 3G\razertra.exe
PRC - [2007-02-14 10:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program\Razer\Diamondback 3G\razerofa.exe


========== Modules (No Company Name) ==========

MOD - [2011-11-08 19:30:44 | 001,989,592 | ---- | M] () -- C:\Program\Mozilla Firefox\mozjs.dll
MOD - [2011-06-07 17:35:34 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\62dfd8797881fd7a0d0de3f448a18c01\System.Web.ni.dll
MOD - [2011-06-07 17:35:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\9b8e883fd5fa51f026577156a0ee9d57\System.Runtime.Remoting.ni.dll
MOD - [2010-08-26 11:22:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ca467e23bbfcffac8809b9e21dcbd9a6\System.Configuration.ni.dll
MOD - [2010-08-26 11:17:03 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\88593f5f0fc6de5d5f4a85aa2b1466f3\System.Xml.ni.dll
MOD - [2010-08-26 11:16:51 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d9ab6e29eba6cb0d8459fcbb2c40c1a7\System.Windows.Forms.ni.dll
MOD - [2010-08-26 11:16:44 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\887fa2d6b76e7302b0c664effad4f91f\System.Drawing.ni.dll
MOD - [2010-08-26 11:15:50 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ed6ae2749d12c4729ee43ff339de4bb8\System.ni.dll
MOD - [2010-08-26 11:15:42 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\98bbdd8c400493ad228b8283665cc9da\mscorlib.ni.dll
MOD - [2010-06-22 22:07:40 | 000,270,336 | ---- | M] () -- C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010-06-22 21:40:22 | 000,023,040 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2010-04-08 11:23:26 | 000,430,080 | R--- | M] () -- C:\Program\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009-12-08 20:37:18 | 000,565,248 | ---- | M] () -- C:\Program\ASUS\TurboV\pngio.dll
MOD - [2009-12-08 20:37:18 | 000,135,680 | ---- | M] () -- C:\Program\ASUS\TurboV\TvOcLib.dll
MOD - [2009-09-30 10:33:08 | 000,024,576 | ---- | M] () -- C:\Windows\System32\AsIO.dll
MOD - [2009-08-27 18:41:46 | 000,565,248 | ---- | M] () -- C:\Program\ASUS\EPU-6 Engine\pngio.dll
MOD - [2009-08-27 18:41:46 | 000,053,248 | ---- | M] () -- C:\Program\ASUS\EPU-6 Engine\AsSpindownTimeout.dll
MOD - [2009-07-01 19:23:52 | 001,435,136 | ---- | M] () -- C:\Program\ASUS\AI Suite\AiNap\AiNap.exe
MOD - [2009-07-01 19:19:18 | 000,601,088 | ---- | M] () -- C:\Program\ASUS\AI Suite\QFan3\QFanHelp.exe
MOD - [2009-04-22 19:20:00 | 000,179,712 | ---- | M] () -- C:\Program\ASUS\EPU-6 Engine\AsusService.dll
MOD - [2009-03-31 10:05:06 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_sv_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009-03-31 10:05:06 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008-02-25 14:08:54 | 000,208,896 | ---- | M] () -- C:\Program\ASUS\AI Suite\AiNap\AiNap.dll
MOD - [2007-08-01 13:07:06 | 000,147,456 | ---- | M] () -- C:\Program\Razer\Diamondback 3G\razerhid.exe
MOD - [2007-08-01 12:42:30 | 000,131,072 | ---- | M] () -- C:\Program\Razer\Diamondback 3G\razertra.exe
MOD - [2007-01-03 21:25:56 | 000,008,704 | ---- | M] () -- C:\Program\ASUS\AI Suite\AiNap\vvc.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-04-17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010-06-22 22:30:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009-12-28 20:33:00 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009-12-22 03:31:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009-12-22 03:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc)
SRV - [2008-11-11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-11-07 09:45:06 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program\DriveXpert\XSrvSetup.exe -- (DriveXpert)


========== Driver Services (SafeList) ==========

DRV - [2011-12-09 12:17:55 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111213.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011-12-09 12:17:55 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111213.002\NAVENG.SYS -- (NAVENG)
DRV - [2011-11-14 20:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111114.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011-11-09 08:35:27 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011-11-09 08:35:27 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011-09-13 10:47:48 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011-09-12 05:25:02 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111212.002\IDSvix86.sys -- (IDSVix86)
DRV - [2011-03-31 04:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011-03-31 04:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011-03-22 01:39:49 | 000,331,384 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011-03-15 03:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011-01-27 07:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011-01-27 06:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010-12-18 12:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2010-10-29 21:37:02 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010-10-29 21:37:00 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010-08-27 22:15:40 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-06-22 23:01:28 | 005,882,880 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010-06-22 21:41:30 | 000,210,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010-05-06 04:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009-12-22 03:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009-12-22 03:31:02 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2009-09-19 06:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009-09-19 06:30:10 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2009-09-19 06:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009-09-19 06:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009-08-04 09:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009-07-06 09:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2008-10-09 14:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008-10-04 00:17:24 | 000,133,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-08-26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006-10-18 12:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2005-04-24 21:43:58 | 000,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DB3G.sys -- (Razerlow)
DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-111834513-2771941432-1042714578-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKU\S-1-5-21-111834513-2771941432-1042714578-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-111834513-2771941432-1042714578-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKU\S-1-5-21-111834513-2771941432-1042714578-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 1B 11 4C 09 45 CB 01 [binary data]
IE - HKU\S-1-5-21-111834513-2771941432-1042714578-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.se/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.90: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011-09-28 05:12:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_3_6 [2011-12-13 22:25:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-11-08 19:30:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-12-08 22:57:41 | 000,000,000 | ---D | M]

[2010-08-27 19:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Extensions
[2011-08-26 21:37:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\b9sj42zd.default\extensions
[2010-08-28 21:41:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\b9sj42zd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-12-08 20:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\extensions
[2011-10-14 20:19:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-09-27 15:46:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011-12-08 20:41:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B9SJ42ZD.DEFAULT\EXTENSIONS\{4C7097F7-08F2-4EF2-9B9F-F95FA4CBB064}.XPI
[2011-11-08 19:30:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-10-03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-10-01 23:21:17 | 000,001,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2011-10-01 23:21:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011-10-01 23:21:17 | 000,002,670 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2011-10-01 23:21:17 | 000,000,948 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2011-10-01 23:21:17 | 000,001,174 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2011-10-01 23:21:17 | 000,000,951 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-sv-SE.xml

Hosts file not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-111834513-2771941432-1042714578-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-111834513-2771941432-1042714578-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [Diamondback] C:\Program\Razer\Diamondback 3G\razerhid.exe ()
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-111834513-2771941432-1042714578-1000..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe ()
O4 - HKU\S-1-5-21-111834513-2771941432-1042714578-1000..\Run: [WMPNSCFG] C:\Program\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xportera till Microsoft Excel - C:\Program\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.150.193.150 83.255.245.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D2E8813-26D6-4774-9006-C4C26C5D4BE2}: DhcpNameServer = 193.150.193.150 83.255.245.11
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows Photo Gallery\Skrivbordsunderlägg från Windows Fotogalleri.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows Photo Gallery\Skrivbordsunderlägg från Windows Fotogalleri.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a58098ad-b272-11df-ba30-00248c5b1128}\Shell - "" = AutoRun
O33 - MountPoints2\{a58098ad-b272-11df-ba30-00248c5b1128}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-12-13 22:33:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2011-12-13 22:20:33 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Marcus\Desktop\tdsskiller.exe
[2011-12-10 22:17:34 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\NPE
[2011-12-08 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-12-08 20:44:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011-12-08 20:41:13 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011-12-08 20:41:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011-12-08 20:41:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011-12-06 20:37:18 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\SanctionedMedia
[2011-11-27 20:09:41 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Spotify

========== Files - Modified Within 30 Days ==========

[2011-12-13 22:36:57 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4F1278F8-324D-4C64-8967-F0B401239E0A}.job
[2011-12-13 22:33:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2011-12-13 22:25:40 | 000,004,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-12-13 22:25:40 | 000,004,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-12-13 22:25:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-12-13 22:20:33 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Marcus\Desktop\tdsskiller.exe
[2011-12-13 02:42:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011-12-13 02:14:57 | 000,127,488 | ---- | M] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-12-13 01:59:33 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011-12-13 00:42:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011-12-12 23:42:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011-12-12 22:42:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011-12-12 21:42:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011-12-12 20:42:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011-12-12 19:42:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011-12-12 18:42:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011-12-12 17:42:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011-12-12 16:42:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011-12-12 15:42:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011-12-12 14:42:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011-12-12 13:42:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011-12-11 23:20:03 | 274,818,280 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011-12-11 07:42:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011-12-09 12:42:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011-12-08 20:02:58 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011-12-08 20:02:58 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011-12-08 20:02:58 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011-12-08 20:02:58 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011-12-08 20:02:58 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011-12-08 20:02:58 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011-12-08 20:02:58 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011-12-08 20:02:58 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011-12-08 16:29:29 | 000,000,000 | ---- | M] () -- C:\ProgramData\W24u3lCr.dat
[2011-11-27 20:09:44 | 000,000,843 | ---- | M] () -- C:\Users\Marcus\Desktop\Spotify.lnk

========== Files Created - No Company Name ==========

[2011-12-11 23:20:03 | 274,818,280 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011-12-08 20:45:15 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011-12-08 16:29:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\W24u3lCr.dat
[2011-12-08 16:29:28 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011-12-08 16:29:27 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011-12-08 16:29:26 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011-12-08 16:29:25 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011-12-08 16:29:24 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011-12-08 16:29:23 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011-12-08 16:29:22 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011-12-08 16:29:21 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011-12-08 16:29:21 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011-12-08 16:29:20 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011-12-08 16:29:19 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011-12-08 16:29:18 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011-12-08 16:29:17 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011-12-08 16:29:17 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011-12-08 16:29:15 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011-12-08 16:29:14 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011-12-08 16:29:13 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011-12-08 16:29:12 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011-12-08 16:29:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011-12-08 16:29:10 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011-12-08 16:29:09 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011-12-08 16:29:08 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011-12-08 16:29:07 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011-12-08 16:29:06 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011-11-27 20:09:44 | 000,000,843 | ---- | C] () -- C:\Users\Marcus\Desktop\Spotify.lnk
[2011-11-27 20:09:43 | 000,000,829 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011-08-02 22:33:17 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011-08-02 22:33:17 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011-08-02 22:33:17 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011-04-29 21:49:17 | 000,000,978 | ---- | C] () -- C:\Windows\eReg.dat
[2011-03-22 19:35:40 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011-01-20 19:42:35 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011-01-20 19:42:34 | 000,022,328 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\PnkBstrK.sys
[2011-01-20 19:42:17 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011-01-20 19:41:43 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011-01-20 19:41:42 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010-10-29 21:37:01 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010-10-29 21:37:00 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010-09-28 15:48:36 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010-09-28 15:48:36 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010-09-06 18:01:26 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010-09-06 16:37:18 | 000,000,374 | ---- | C] () -- C:\Windows\ODBC.INI
[2010-08-28 01:23:21 | 000,036,161 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010-08-28 00:55:02 | 000,035,281 | ---- | C] () -- C:\Windows\scunin.dat
[2010-08-27 22:30:25 | 000,000,031 | ---- | C] () -- C:\Program Files\plugins-04041e-fe8.dat
[2010-08-27 19:54:29 | 000,127,488 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-27 19:19:58 | 000,040,227 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010-08-27 19:18:29 | 000,029,843 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010-08-26 12:02:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010-08-26 10:18:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010-08-26 10:18:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010-08-26 02:25:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010-08-25 14:38:45 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2010-08-25 14:38:45 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2010-08-25 14:37:30 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2010-08-25 14:36:57 | 000,011,448 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys
[2010-08-25 14:36:55 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2010-08-25 14:36:55 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010-08-25 14:27:58 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010-08-25 13:12:30 | 000,001,356 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
[2010-06-22 21:40:22 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010-06-15 17:28:58 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010-05-11 15:42:08 | 000,205,156 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009-11-09 03:08:10 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2009-11-09 03:08:10 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2009-11-09 03:08:10 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2009-11-09 03:08:10 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2009-08-02 23:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009-08-02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009-08-02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009-02-18 12:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009-02-03 15:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2007-12-28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2006-11-21 06:03:10 | 000,605,900 | ---- | C] () -- C:\Windows\System32\perfh01D.dat
[2006-11-21 06:03:10 | 000,290,490 | ---- | C] () -- C:\Windows\System32\perfi01D.dat
[2006-11-21 06:03:10 | 000,120,302 | ---- | C] () -- C:\Windows\System32\perfc01D.dat
[2006-11-21 06:03:10 | 000,035,978 | ---- | C] () -- C:\Windows\System32\perfd01D.dat
[2006-11-02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 13:47:37 | 000,247,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 11:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 11:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:661DFA1C

< End of report >





OTL Extras logfile created on: 2011-12-13 22:35:25 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marcus\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,99 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,96% Memory free
6,18 Gb Paging File | 4,93 Gb Available in Paging File | 79,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 117,93 Gb Free Space | 39,56% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 123,12 Gb Free Space | 13,22% Space Free | Partition Type: NTFS

Computer Name: M | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-111834513-2771941432-1042714578-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{143806BE-382F-4B30-859D-196246475DAF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{16064627-69C2-47AE-B4DE-2A8BB674491F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1D3818B4-D5EB-4A80-87F8-0BE96C3C61BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{488EF69E-035D-4400-9187-F003019C5811}" = lport=139 | protocol=6 | dir=in | app=system |
"{4CDC742D-AB7D-44DA-8D0E-BE4CC8587854}" = rport=445 | protocol=6 | dir=out | app=system |
"{651266CF-BF99-440F-8ADC-16C55F1CADED}" = rport=137 | protocol=17 | dir=out | app=system |
"{87AA99A1-FA4F-40F8-8BA6-56BAA46B2235}" = lport=445 | protocol=6 | dir=in | app=system |
"{A614B354-3E6D-422E-93B7-35EC4F9357B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AD8B9AA3-3E12-4870-9D57-95FA3E7AD808}" = lport=137 | protocol=17 | dir=in | app=system |
"{C279DA92-A56C-486A-BED6-DC7486D558ED}" = rport=139 | protocol=6 | dir=out | app=system |
"{D7614CA7-767B-47F1-82CF-27642B8CB8C3}" = lport=138 | protocol=17 | dir=in | app=system |
"{F1B74803-913C-4CE6-B0FF-C7127BE61C1A}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004C0F8A-2A97-4247-8310-21D4FA41CC5D}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{0663D08D-93E1-4781-9992-65E4F42BE9B3}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{089FFE44-E959-4581-8633-B30D9FE6F2CF}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\roaming\spotify\spotify.exe |
"{0CD0AB7E-6D34-4C3A-9BC2-F218990663BC}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{1C3D6F35-E97F-4CCB-A2D2-DBD121A69C7A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2447ECB7-5141-492A-BF35-3102BF0E12FC}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{2477482E-410C-4810-9F7B-D1707C1961BD}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{2A530D2B-675D-4378-A39E-B64227E4C2B1}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{2A863D2C-F078-4346-95BD-D3B686C34A35}" = protocol=6 | dir=in | app=c:\program files\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe |
"{311583E5-A0F3-4C9A-8BC3-A432BA84A1D4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{32FFCD78-BB49-4B52-9CAF-CF312A48BFCF}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{336E030A-7CFA-42EE-8AEA-1AE22FF33BB2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{3EFA75EF-6C12-4DFA-B89C-1E73EDFBBA95}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{3F98C49B-F4D1-4477-8430-91DBB3D5D21F}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\roaming\spotify\spotify.exe |
"{41E031FD-71CB-45E7-9CC2-4D0E578584B6}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{499DB319-2AF3-45AD-B437-36B55BF1526E}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{5036E6CC-05AF-44EC-9BE8-CAF0A015B614}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5200CB96-3A8B-4AA8-BF28-66B585D73F0F}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{59D30E02-C599-438F-B4BC-18A401FF818D}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{5CC5F7D3-D0CB-4CBC-9A6E-9B3AA4CD9491}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\roaming\spotify\spotify.exe |
"{5FEAB2F6-67A1-4AF9-AE52-E9321B4775CB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{60B2C011-2042-496C-BCC1-71EAD0EB86B5}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{63DC223F-B4F8-43FF-A318-AC5AE2AB2850}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{6985BBAA-6582-4B82-A106-CFB867EAF180}" = protocol=6 | dir=in | app=c:\program files\ea games\the battle for middle-earth ™\game.dat |
"{69999160-365C-4205-9DFF-A56715E89552}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{6A9CD350-E3B5-42EB-A653-945E93D70D92}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{6F1AA4CB-EF87-492D-9BDB-1F8BAA805577}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\roaming\spotify\spotify.exe |
"{7455AE04-5880-44CA-B5E8-3B86D50DA740}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{770E60A9-E09B-4C1F-9FCD-19135D6AA402}" = protocol=6 | dir=in | app=c:\program files\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe |
"{8B4AD999-9065-446D-BDF4-C3459918D3BE}" = protocol=17 | dir=in | app=c:\program files\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe |
"{8F46643C-C764-4BF8-82B0-803B78661420}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{952E1A50-8661-4C77-9503-1102B029F222}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{98340B2E-D092-489F-B75D-5D16A8538285}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{A069E302-8E50-44BF-B0F8-61E519A82984}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A45AA536-9051-44F7-9A10-92299D65EF57}" = protocol=17 | dir=in | app=c:\program files\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe |
"{A69AC732-7C7A-4009-B3B9-C557F5031BB5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A6E9E0A6-A344-48CB-9A3C-35E4945FA730}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{AB2D7062-0D5D-4CA4-AA58-120817776652}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B164B27F-6557-4488-891E-79FBCD1EE2F0}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{B3A15F17-33C2-4246-9DF6-7488AB12AAE7}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B499CAE7-50A1-4DB7-B9FC-432B6C59C187}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{B5EAED12-A8B9-4487-8744-3D0E7F242BC4}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{B705EC7B-19DB-4193-959F-AC9985BB0988}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C64E7877-F868-4BF1-A562-00ECEDA42AB8}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{D08E62D4-C063-4C8A-B7EE-D0C00FDA8C4F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D844B7BD-05B7-4C86-A32B-D3ADFE31C7CF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{E67EE860-869A-468A-8593-1D6838AF07EA}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{E9B1DBB4-D533-4649-9B00-20EAF022D729}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{F065AD28-8E17-4DE5-9F1D-7379B296F542}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F380A0AF-BBBF-469A-9814-9E993B308B24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F73F3F6C-18EB-4AA8-8612-3494A211E3CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F7F46BB5-D8AF-4385-A52A-3D49D329BD1D}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{FCA99F53-842F-404E-8BBA-F37D96095F60}" = protocol=17 | dir=in | app=c:\program files\ea games\the battle for middle-earth ™\game.dat |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0179D5EB-F3E6-56F3-C48D-C80E5F4C1F8B}" = CCC Help Chinese Standard
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0706E78A-1507-415C-2AA1-F25297B190B6}" = CCC Help Hungarian
"{0E93710D-31E5-477C-8A4B-5032B484BE74}" = Windows Live inloggningsassistenten
"{104D3FB8-3082-D309-9E1D-CCB91C6889F7}" = CCC Help Czech
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{2016E377-07D3-32C7-9D74-B413E4FF4273}" = CCC Help Spanish
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24990A39-5F20-4FCA-BAFE-EEF1E4800709}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 29
"{303376EE-FE06-BDAF-77FE-863E38CC6809}" = CCC Help English
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{36A9D951-25EE-4F37-5056-0A47BBF0BF64}" = CCC Help German
"{383ABF8C-CAD5-C005-1003-D21925C08B6E}" = CCC Help Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = The Battle for Middle-earth ™
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C1C3767-8AB6-AB88-4331-4F4D7B750B8B}" = CCC Help Polish
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5D633128-DA3D-2466-A815-D248E9651ED4}" = CCC Help Danish
"{62484608-B20B-B81D-7D9F-51FDADC185CA}" = Catalyst Control Center Graphics Previews Vista
"{642BAAA1-923D-44EB-B10A-295C96BE4579}" = CCC Help Finnish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74B39B29-2CBF-9F5B-ED1B-E729BC41751F}" = CCC Help Japanese
"{7538F734-6D5F-5532-B44F-576B0CF40D4B}" = ATI Catalyst Install Manager
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A5C6261-6FCD-285A-0D9A-A124925C950E}" = CCC Help Turkish
"{7D7152AF-581B-316F-8CA4-15342C3EFA4B}" = Microsoft .NET Framework 3.5 Language Pack SP1 - sve
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{8535B529-A58A-20AC-3C76-1E52B9EC62F7}" = CCC Help Korean
"{8614115C-65CC-252E-1DBB-11338138E593}" = CCC Help French
"{87ADB312-5383-7619-B68D-286065922A9D}" = CCC Help Swedish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89842288-22E6-83B3-8DA2-96C086E33ADE}" = ccc-core-static
"{8A837B60-A4D8-FA75-728D-751C79532973}" = Skins
"{8EE7C8DA-CE41-A202-9CD9-D768462E5C46}" = CCC Help Greek
"{9112041D-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9D71329D-95A5-4297-8F79-DCDBD156420A}" = Windows Live Essentials
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB8020DA-F712-1993-6865-475165F321E2}" = CCC Help Russian
"{AC76BA86-7AD7-1053-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Svenska
"{ACDE6F8D-F748-4535-AB8F-B6A7F9344868}" = ASUS Android USB Drivers
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C60AAF4C-A72C-36E0-8CA4-41FF753D74F6}" = Microsoft .NET Framework 4 Client Profile SVE Language Pack
"{CD9A77C9-1D6B-AA3A-8EE9-46AB60AA22BB}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{DD76C449-16B1-4832-B485-308CDAD5BEAE}" = ASUS Sync
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{E0A1029B-BAB7-025B-B856-A801F32ED464}" = Catalyst Control Center Localization All
"{E24F8C8C-8591-3452-B7EB-CAE99A1D07AF}" = ccc-utility
"{E41950D3-F371-3640-77AC-18554C86C74C}" = CCC Help Thai
"{E4547AFF-F985-D54B-BB36-9204B2A57617}" = CCC Help Chinese Traditional
"{E548D4E5-B73B-3938-0EB6-B5DAC3516AA1}" = CCC Help Dutch
"{E90AB454-B875-3DBC-437D-64EAF8CE175A}" = CCC Help Norwegian
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F13225E2-6533-4923-A657-083A151E667E}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FA357241-1917-47BA-ADBC-CA5B7443A244}" = Wallpaper Master Pro
"{FA752B4E-E37C-C10B-15EF-A1E766EC7F18}" = CCC Help Italian
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-drivrutinspaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BitTorrent" = BitTorrent
"Diablo II" = Diablo II
"DriveXpert" = ASUS Drive Xpert
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"Microsoft .NET Framework 3.5 Language Pack SP1 - sve" = Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile SVE Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - SVE
"Mozilla Firefox 8.0 (x86 sv-SE)" = Mozilla Firefox 8.0 (x86 sv-SE)
"N360" = Norton 360
"PunkBusterSvc" = PunkBuster Services
"S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky [v1.0007]
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
"SpeedFan" = SpeedFan (remove only)
"Starcraft" = Starcraft
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VLC media player 1.1.4
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-111834513-2771941432-1042714578-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smad" = SanctionedMedia
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011-12-09 07:54:17 | Computer Name = M | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-12-09 07:54:17 | Computer Name = M | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-12-09 07:54:17 | Computer Name = M | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-12-11 18:22:31 | Computer Name = M | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-12-11 18:22:31 | Computer Name = M | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-12-11 18:22:33 | Computer Name = M | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-12-11 18:22:33 | Computer Name = M | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-12-11 18:22:33 | Computer Name = M | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-12-11 18:22:33 | Computer Name = M | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-12-12 09:53:38 | Computer Name = M | Source = Perflib | ID = 1010
Description =

[ System Events ]
Error - 2011-12-12 08:36:32 | Computer Name = M | Source = Service Control Manager | ID = 7003
Description =

Error - 2011-12-13 07:56:50 | Computer Name = M | Source = Service Control Manager | ID = 7023
Description =

Error - 2011-12-13 07:56:50 | Computer Name = M | Source = Service Control Manager | ID = 7003
Description =

Error - 2011-12-13 07:56:50 | Computer Name = M | Source = Service Control Manager | ID = 7003
Description =

Error - 2011-12-13 16:56:34 | Computer Name = M | Source = Service Control Manager | ID = 7023
Description =

Error - 2011-12-13 16:56:34 | Computer Name = M | Source = Service Control Manager | ID = 7003
Description =

Error - 2011-12-13 16:56:34 | Computer Name = M | Source = Service Control Manager | ID = 7003
Description =

Error - 2011-12-13 17:27:09 | Computer Name = M | Source = Service Control Manager | ID = 7023
Description =

Error - 2011-12-13 17:27:09 | Computer Name = M | Source = Service Control Manager | ID = 7003
Description =

Error - 2011-12-13 17:27:09 | Computer Name = M | Source = Service Control Manager | ID = 7003
Description =


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:23 PM

Posted 14 December 2011 - 08:25 AM

Hello mark91!

It looks like TDSSKiller did find something.

Please yield this warning:

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 mark91

mark91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 14 December 2011 - 05:41 PM

deactivated my norton, ran combofix, but still got an error that norton was running. so i removed it and ran combofix again. still got the error that it was running:/
Anyhow here is the log:


ComboFix 11-12-13.03 - Marcus 2011-12-14 23:09:13.1.8 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3062.2057 [GMT 1:00]
Körs från: c:\users\Marcus\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Skapade en ny återställningspunkt
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\$NtUninstallKB57283$
c:\windows\$NtUninstallKB57283$\1735500017
c:\windows\$NtUninstallKB57283$\718140686\@
c:\windows\$NtUninstallKB57283$\718140686\bckfg.tmp
c:\windows\$NtUninstallKB57283$\718140686\cfg.ini
c:\windows\$NtUninstallKB57283$\718140686\Desktop.ini
c:\windows\$NtUninstallKB57283$\718140686\kwrd.dll
c:\windows\$NtUninstallKB57283$\718140686\L\qnbwvoto
c:\windows\$NtUninstallKB57283$\718140686\U\00000001.@
c:\windows\$NtUninstallKB57283$\718140686\U\00000002.@
c:\windows\$NtUninstallKB57283$\718140686\U\00000004.@
c:\windows\$NtUninstallKB57283$\718140686\U\80000000.@
c:\windows\$NtUninstallKB57283$\718140686\U\80000004.@
c:\windows\$NtUninstallKB57283$\718140686\U\80000032.@
c:\windows\system32\muzapp.exe
.
.
(((((((((((((((((((((((( Filer skapade från 2011-11-14 till 2011-12-14 ))))))))))))))))))))))))))))))
.
.
2011-12-14 21:39 . 2008-04-17 20:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-12-10 21:17 . 2011-12-10 21:34 -------- d-----w- c:\users\Marcus\AppData\Local\NPE
2011-12-08 19:52 . 2011-12-08 19:52 -------- d-----w- c:\programdata\Malwarebytes
2011-12-06 19:37 . 2011-12-06 19:37 -------- d-----w- c:\users\Marcus\AppData\Local\SanctionedMedia
2011-11-27 19:09 . 2011-12-14 12:14 -------- d-----w- c:\users\Marcus\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-13 21:25 . 2010-08-26 09:18 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-03 04:06 . 2010-08-26 11:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-02 21:37 . 2011-01-20 18:42 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-10-02 21:37 . 2011-01-20 18:42 22328 ----a-w- c:\users\Marcus\AppData\Roaming\PnkBstrK.sys
2011-10-02 21:37 . 2011-01-20 18:42 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-10-02 21:37 . 2011-01-20 18:41 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-10-02 21:37 . 2011-01-20 18:41 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2011-10-01 20:01 . 2010-11-06 16:02 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-09-28 13:50 . 2011-05-16 09:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-08 18:30 . 2011-10-01 22:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"KiesTrayAgent"="c:\program files\Samsung\Kies\/\KiesTrayAgent.exe" [2010-01-28 3404600]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-07 7346720]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2009-07-01 1435136]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-01 601088]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2010-03-08 5672576]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-22 98304]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Sync Loader]
2011-09-30 09:47 638976 ----a-w- c:\program files\ASUS\ASUS Sync\asusUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 09:45 19550344 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2011-11-23 18:21 6856528 ----a-w- c:\users\Marcus\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WallpaperChanger]
2009-09-25 12:07 1664000 ----a-w- c:\program files\Wallpaper Master Pro\Wallpaper.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-27 691696]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-22 176128]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2009-12-22 95568]
S2 DriveXpert;DriveXpert;c:\program files\DriveXpert\XSrvSetup.exe [2008-11-07 69632]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-22 217088]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-06-22 5882880]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-06-22 210944]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2009-12-22 18136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\Drivers\DB3G.sys [2005-04-24 13225]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2011-12-14 c:\windows\Tasks\User_Feed_Synchronization-{4F1278F8-324D-4C64-8967-F0B401239E0A}.job
- c:\windows\system32\msfeedssync.exe [2010-08-26 04:24]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.se/
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 193.150.193.150 83.255.245.11
FF - ProfilePath - c:\users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\b9sj42zd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/
FF - prefs.js: network.proxy.type - 0
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
SafeBoot-72900510.sys
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_USERS\S-1-5-21-111834513-2771941432-1042714578-1000\Software\SecuROM\License information*]
"datasecu"=hex:22,15,7d,3c,ca,66,1d,6f,92,d5,e1,56,d7,b8,9f,47,f9,d0,a9,f9,d9,
c4,5f,9d,fd,a2,01,ee,93,68,f9,0a,32,32,85,88,19,7d,8e,d4,d5,d9,9a,7b,8d,a7,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Sluttid: 2011-12-14 23:16:15
ComboFix-quarantined-files.txt 2011-12-14 22:16
.
Före genomsökningen: 125 027 786 752 byte ledigt
Efter genomsökningen: 126 090 326 016 byte ledigt
.
- - End Of File - - 5A705D1E702FE98E9E1120AF70EC40D5

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:23 PM

Posted 15 December 2011 - 01:13 AM

Hi!

Thanks for posting that log file.

It looks like ComboFix also found some items.

Lets run a removal tool to clean-up Norton, and then you can re-install it if you choose, or I can recommend some free alternatives to Norton.

Remove Norton Tool

ONLY if you don't have an active subscription, use below link to uninstall Norton.

Please click HERE and follow the instructions to download and run the Norton Removal Tool for your own version.

It is strongly recommended that you run only one anti-virus program at a time. Having more than one anti-virus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


NEXT:



Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 mark91

mark91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 15 December 2011 - 07:44 PM

hello again!

my computer is running alot faster now for some reason=D
and as always the logs:
cant find the log for ESET since there was no show log button :S
got the malware and the securitycheck though:)


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8377

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

2011-12-15 22:54:16
mbam-log-2011-12-15 (22-54-16).txt

Scan type: Quick scan
Objects scanned: 156990
Time elapsed: 2 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Results of screen317's Security Check version 0.99.28
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 29
Adobe Flash Player ( 10.3.183.10) Flash Player out of Date!
Adobe Reader X (10.1.0) Adobe Reader out of Date!
Mozilla Firefox (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
ESET ESET Online Scanner OnlineScannerApp.exe
``````````End of Log````````````

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:23 PM

Posted 16 December 2011 - 02:28 AM

Hi!

Great! Glad to hear that things are running better with your computer. That's what I love to hear from the users I help. :)



____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586-s.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 mark91

mark91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 16 December 2011 - 09:28 PM

Computer is running as smooth as it was when i built it:)
almost feels like a new machine, only thing i lack is the videocard im getting for xmas;)


and as requested here is the logs:


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
IP-konfiguration f”r Windows
DNS-matcharens cacheminne har rensats.
C:\Users\Marcus\Desktop\cmd.bat deleted successfully.
C:\Users\Marcus\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Marcus
->Temp folder emptied: 27973527 bytes
->Temporary Internet Files folder emptied: 1961226 bytes
->Java cache emptied: 6188670 bytes
->FireFox cache emptied: 435123479 bytes
->Flash cache emptied: 149959 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 22341944 bytes

Total Files Cleaned = 471,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Marcus
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12172011_025600

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





OTL logfile created on: 2011-12-17 03:05:26 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marcus\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,99 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,65% Memory free
6,19 Gb Paging File | 5,15 Gb Available in Paging File | 83,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 109,99 Gb Free Space | 36,90% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 120,92 Gb Free Space | 12,98% Space Free | Partition Type: NTFS

Computer Name: M | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-12-17 02:55:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
PRC - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011-04-17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2010-06-22 22:30:36 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010-06-22 22:30:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010-03-08 15:51:58 | 005,672,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program\ASUS\TurboV\TurboV.exe
PRC - [2010-03-08 15:22:18 | 007,283,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009-12-28 20:33:00 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009-12-22 03:31:26 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009-12-22 03:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe
PRC - [2009-07-01 19:23:52 | 001,435,136 | ---- | M] () -- C:\Program\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2009-07-01 19:19:18 | 000,601,088 | ---- | M] () -- C:\Program\ASUS\AI Suite\QFan3\QFanHelp.exe
PRC - [2009-04-10 22:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Sidebar\sidebar.exe
PRC - [2009-04-10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-11-07 09:45:24 | 011,195,904 | ---- | M] () -- C:\Program\DriveXpert\DriveXpertSetup.exe
PRC - [2008-11-07 09:45:06 | 000,069,632 | ---- | M] () -- C:\Program\DriveXpert\XSrvSetup.exe
PRC - [2008-01-18 22:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe
PRC - [2008-01-18 22:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnscfg.exe


========== Modules (No Company Name) ==========

MOD - [2011-06-07 17:35:34 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\62dfd8797881fd7a0d0de3f448a18c01\System.Web.ni.dll
MOD - [2011-06-07 17:35:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\9b8e883fd5fa51f026577156a0ee9d57\System.Runtime.Remoting.ni.dll
MOD - [2010-08-26 11:22:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ca467e23bbfcffac8809b9e21dcbd9a6\System.Configuration.ni.dll
MOD - [2010-08-26 11:17:03 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\88593f5f0fc6de5d5f4a85aa2b1466f3\System.Xml.ni.dll
MOD - [2010-08-26 11:16:51 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d9ab6e29eba6cb0d8459fcbb2c40c1a7\System.Windows.Forms.ni.dll
MOD - [2010-08-26 11:16:44 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\887fa2d6b76e7302b0c664effad4f91f\System.Drawing.ni.dll
MOD - [2010-08-26 11:15:50 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ed6ae2749d12c4729ee43ff339de4bb8\System.ni.dll
MOD - [2010-08-26 11:15:42 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\98bbdd8c400493ad228b8283665cc9da\mscorlib.ni.dll
MOD - [2010-06-22 22:07:40 | 000,270,336 | ---- | M] () -- C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010-06-22 21:40:22 | 000,023,040 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2010-04-08 11:23:26 | 000,430,080 | R--- | M] () -- C:\Program\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009-12-08 20:37:18 | 000,565,248 | ---- | M] () -- C:\Program\ASUS\TurboV\pngio.dll
MOD - [2009-12-08 20:37:18 | 000,135,680 | ---- | M] () -- C:\Program\ASUS\TurboV\TvOcLib.dll
MOD - [2009-09-30 10:33:08 | 000,024,576 | ---- | M] () -- C:\Windows\System32\AsIO.dll
MOD - [2009-08-27 18:41:46 | 000,565,248 | ---- | M] () -- C:\Program\ASUS\EPU-6 Engine\pngio.dll
MOD - [2009-07-01 19:23:52 | 001,435,136 | ---- | M] () -- C:\Program\ASUS\AI Suite\AiNap\AiNap.exe
MOD - [2009-07-01 19:19:18 | 000,601,088 | ---- | M] () -- C:\Program\ASUS\AI Suite\QFan3\QFanHelp.exe
MOD - [2009-04-22 19:20:00 | 000,179,712 | ---- | M] () -- C:\Program\ASUS\EPU-6 Engine\AsusService.dll
MOD - [2009-03-31 10:05:06 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_sv_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009-03-31 10:05:06 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008-02-25 14:08:54 | 000,208,896 | ---- | M] () -- C:\Program\ASUS\AI Suite\AiNap\AiNap.dll
MOD - [2007-01-03 21:25:56 | 000,008,704 | ---- | M] () -- C:\Program\ASUS\AI Suite\AiNap\vvc.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-04-17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010-06-22 22:30:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009-12-28 20:33:00 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009-12-22 03:31:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009-12-22 03:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc)
SRV - [2008-11-11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-11-07 09:45:06 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program\DriveXpert\XSrvSetup.exe -- (DriveXpert)


========== Driver Services (SafeList) ==========

DRV - [2011-12-16 01:00:47 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111216.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011-12-16 01:00:47 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011-12-16 01:00:47 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011-12-16 01:00:47 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111216.002\NAVENG.SYS -- (NAVENG)
DRV - [2011-12-16 00:37:45 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011-12-15 17:05:08 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111215.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011-12-10 02:24:18 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111210.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011-03-31 04:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011-03-31 04:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011-03-22 01:39:49 | 000,331,384 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011-03-15 03:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011-01-27 07:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011-01-27 06:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010-12-18 12:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2010-10-29 21:37:02 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010-10-29 21:37:00 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010-08-27 22:15:40 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-06-22 23:01:28 | 005,882,880 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010-06-22 21:41:30 | 000,210,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010-05-06 04:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009-12-22 03:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009-12-22 03:31:02 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2009-09-19 06:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009-09-19 06:30:10 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2009-09-19 06:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009-09-19 06:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009-08-04 09:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009-07-06 09:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2008-10-09 14:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008-10-04 00:17:24 | 000,133,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-08-26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006-10-18 12:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2005-04-24 21:43:58 | 000,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DB3G.sys -- (Razerlow)
DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 1B 11 4C 09 45 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.se/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.90: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011-12-17 02:29:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_0_8 [2011-12-17 03:00:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-11-08 19:30:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-12-17 02:53:00 | 000,000,000 | ---D | M]

[2010-08-27 19:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Extensions
[2011-08-26 21:37:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\b9sj42zd.default\extensions
[2010-08-28 21:41:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\b9sj42zd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-12-17 02:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\extensions
[2011-10-14 20:19:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-09-27 15:46:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B9SJ42ZD.DEFAULT\EXTENSIONS\{4C7097F7-08F2-4EF2-9B9F-F95FA4CBB064}.XPI
[2011-11-08 19:30:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-10-01 23:21:17 | 000,001,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2011-10-01 23:21:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011-10-01 23:21:17 | 000,002,670 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2011-10-01 23:21:17 | 000,000,948 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2011-10-01 23:21:17 | 000,001,174 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2011-10-01 23:21:17 | 000,000,951 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2011-12-17 02:56:06 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportera till Microsoft Excel - C:\Program\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.150.193.150 83.255.245.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D2E8813-26D6-4774-9006-C4C26C5D4BE2}: DhcpNameServer = 193.150.193.150 83.255.245.11
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows Photo Gallery\Skrivbordsunderlägg från Windows Fotogalleri.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows Photo Gallery\Skrivbordsunderlägg från Windows Fotogalleri.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011-12-17 02:56:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-12-17 02:55:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2011-12-17 02:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011-12-17 02:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011-12-16 00:37:45 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011-12-16 00:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011-12-16 00:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011-12-16 00:37:16 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\SymEFA.sys
[2011-12-16 00:37:16 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys
[2011-12-16 00:37:16 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\SymDS.sys
[2011-12-16 00:37:16 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011-12-16 00:37:16 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys
[2011-12-16 00:37:16 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\Ironx86.sys
[2011-12-16 00:37:16 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys
[2011-12-16 00:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011-12-16 00:37:09 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011-12-15 00:00:40 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011-12-14 23:18:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011-12-14 23:18:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0501000.01D
[2011-12-14 23:16:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011-12-14 23:16:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011-12-14 23:14:16 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\temp
[2011-12-14 22:47:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011-12-10 22:17:34 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\NPE
[2011-12-08 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-12-06 20:37:18 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\SanctionedMedia
[2011-11-27 20:09:41 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Spotify

========== Files - Modified Within 30 Days ==========

[2011-12-17 03:06:03 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4F1278F8-324D-4C64-8967-F0B401239E0A}.job
[2011-12-17 03:00:34 | 000,004,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-12-17 03:00:33 | 000,004,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-12-17 03:00:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-12-17 02:56:06 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011-12-17 02:55:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2011-12-17 02:53:02 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011-12-17 01:00:08 | 000,131,584 | ---- | M] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-12-16 00:37:45 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011-12-16 00:37:45 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011-12-16 00:37:45 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011-12-14 23:21:14 | 001,972,840 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011-12-11 23:20:03 | 274,818,280 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011-12-08 16:29:29 | 000,000,000 | ---- | M] () -- C:\ProgramData\W24u3lCr.dat
[2011-11-27 20:09:44 | 000,000,843 | ---- | M] () -- C:\Users\Marcus\Desktop\Spotify.lnk

========== Files Created - No Company Name ==========

[2011-12-17 02:53:00 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011-12-17 02:53:00 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011-12-16 00:37:45 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011-12-16 00:37:45 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011-12-16 00:37:16 | 000,000,000 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymDS.cat
[2011-12-16 00:37:11 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.cat
[2011-12-16 00:37:11 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.cat
[2011-12-16 00:37:11 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymNet.cat
[2011-12-16 00:37:11 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymEFA.cat
[2011-12-16 00:37:11 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.cat
[2011-12-16 00:37:11 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.cat
[2011-12-16 00:37:11 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymEFA.inf
[2011-12-16 00:37:11 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymDS.inf
[2011-12-16 00:37:11 | 000,001,474 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymNetV.inf
[2011-12-16 00:37:11 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymNet.inf
[2011-12-16 00:37:11 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.inf
[2011-12-16 00:37:11 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.inf
[2011-12-16 00:37:11 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Iron.inf
[2011-12-16 00:37:11 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\isolate.ini
[2011-12-14 23:21:01 | 001,972,840 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011-12-11 23:20:03 | 274,818,280 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011-12-08 16:29:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\W24u3lCr.dat
[2011-11-27 20:09:44 | 000,000,843 | ---- | C] () -- C:\Users\Marcus\Desktop\Spotify.lnk
[2011-11-27 20:09:43 | 000,000,829 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011-08-02 22:33:17 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011-08-02 22:33:17 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011-08-02 22:33:17 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011-04-29 21:49:17 | 000,000,978 | ---- | C] () -- C:\Windows\eReg.dat
[2011-03-22 19:35:40 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011-01-20 19:42:35 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011-01-20 19:42:34 | 000,022,328 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\PnkBstrK.sys
[2011-01-20 19:42:17 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011-01-20 19:41:43 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011-01-20 19:41:42 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010-10-29 21:37:01 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010-10-29 21:37:00 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010-09-28 15:48:36 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010-09-28 15:48:36 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010-09-06 18:01:26 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010-09-06 16:37:18 | 000,000,374 | ---- | C] () -- C:\Windows\ODBC.INI
[2010-08-28 01:23:21 | 000,036,161 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010-08-28 00:55:02 | 000,035,281 | ---- | C] () -- C:\Windows\scunin.dat
[2010-08-27 22:30:25 | 000,000,031 | ---- | C] () -- C:\Program Files\plugins-04041e-fe8.dat
[2010-08-27 19:54:29 | 000,131,584 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-27 19:19:58 | 000,040,227 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010-08-27 19:18:29 | 000,029,843 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010-08-26 12:02:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010-08-26 10:18:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010-08-26 10:18:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010-08-26 02:25:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010-08-25 14:38:45 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2010-08-25 14:38:45 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2010-08-25 14:37:30 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2010-08-25 14:36:57 | 000,011,448 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys
[2010-08-25 14:36:55 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2010-08-25 14:36:55 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010-08-25 14:27:58 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010-08-25 13:12:30 | 000,001,356 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
[2010-06-22 21:40:22 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010-06-15 17:28:58 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010-05-11 15:42:08 | 000,205,156 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009-11-09 03:08:10 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2009-11-09 03:08:10 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2009-11-09 03:08:10 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2009-11-09 03:08:10 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2009-08-02 23:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009-08-02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009-08-02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009-02-18 12:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009-02-03 15:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2007-12-28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2006-11-21 06:03:10 | 000,605,900 | ---- | C] () -- C:\Windows\System32\perfh01D.dat
[2006-11-21 06:03:10 | 000,290,490 | ---- | C] () -- C:\Windows\System32\perfi01D.dat
[2006-11-21 06:03:10 | 000,120,302 | ---- | C] () -- C:\Windows\System32\perfc01D.dat
[2006-11-21 06:03:10 | 000,035,978 | ---- | C] () -- C:\Windows\System32\perfd01D.dat
[2006-11-02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 13:47:37 | 000,247,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 11:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 11:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2011-09-18 19:18:27 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\.minecraft
[2011-05-04 23:12:40 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\AnvSoft
[2011-11-04 21:15:28 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ASUS
[2011-11-04 21:32:01 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ASUS.AF361EFD06694D11175EA8BF6E21597A36AD9F1D.1
[2011-12-17 00:41:39 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BitTorrent
[2009-05-29 15:07:28 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DAEMON Tools Lite
[2010-06-13 16:00:25 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Facebook
[2011-09-24 22:11:59 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\My Battle for Middle-earth Files
[2010-10-19 12:08:03 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\My Games
[2010-09-28 15:58:34 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\PC Suite
[2011-08-02 23:12:54 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\RIFT
[2010-09-28 15:46:11 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Samsung
[2011-12-17 01:32:31 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Spotify
[2011-09-27 15:21:26 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\SystemRequirementsLab
[2010-09-16 18:23:51 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TS3Client
[2010-10-04 20:34:17 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Wallpaper Master
[2010-10-31 21:43:04 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\XRay Engine
[2011-12-17 02:59:08 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011-12-17 03:06:03 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4F1278F8-324D-4C64-8967-F0B401239E0A}.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011-11-08 19:30:44 | 000,714,512 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011-11-08 19:30:44 | 000,714,512 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011-11-08 19:30:44 | 000,714,512 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011-11-08 19:30:44 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011-11-08 19:30:44 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011-11-08 19:30:44 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010-06-26 05:24:51 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010-06-26 05:24:51 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010-06-26 05:24:51 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010-06-26 07:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2010-06-26 07:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-07 14:14:43

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:661DFA1C

< End of report >

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:23 PM

Posted 17 December 2011 - 03:18 AM

Hi!

Computer is running as smooth as it was when i built it:)

Great! That's what I like to hear!!

I just see a few things I want to remove, but assuming all goes well with the OTL fix, we should be able to proced with the clean-up procedure in my next reply.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2011-12-08 16:29:29 | 000,000,000 | ---- | M] () -- C:\ProgramData\W24u3lCr.dat
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 mark91

mark91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 17 December 2011 - 05:59 AM

thanks for all the dedication to get my machine clean:)



All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\ProgramData\W24u3lCr.dat moved successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
C:\Users\Marcus\Desktop\cmd.bat deleted successfully.
C:\Users\Marcus\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
IP-konfiguration f”r Windows
DNS-matcharens cacheminne har rensats.
C:\Users\Marcus\Desktop\cmd.bat deleted successfully.
C:\Users\Marcus\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Marcus
->Temp folder emptied: 34869 bytes
->Temporary Internet Files folder emptied: 209327 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 181896268 bytes
->Flash cache emptied: 1442 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 20967029 bytes

Total Files Cleaned = 194,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Marcus
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12172011_114321

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:23 PM

Posted 18 December 2011 - 03:07 AM

Hello,

You're more than welcome!

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
    [ClearAllRestorePoints]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 mark91

mark91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 18 December 2011 - 03:58 AM

Computer is clean!:)

thanks alot for the time and dedication youve put into it! really appreciated it:)

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:23 PM

Posted 18 December 2011 - 03:59 AM

Great glad to hear that! It's been my pleasure getting the opportunity to work with you. Since this issue has been resolved, this thread will be closed. You will still have access to this thread, so that if you need future access to it, you'll have it.

Please take care, and remain safe out there on the internet.

Kindest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users