Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a Virus but not sure what exactly it is


  • This topic is locked This topic is locked
15 replies to this topic

#1 tasteven

tasteven

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 31 December 2011 - 02:32 PM

My link

This was my previous post that I was receiving help with. I was directed to make a new post here.

When I first got this virus, I was just browsing the internet. A message popped up asking me to allow a program to run. I looked at it quick and didn't notice anything suspicious and allowed it. Then my computer went black and restarted. I entered safemode and ran malware bytes and deleted everything. When I started my computer back up into normal mode all of my desktop icons were missing.

With the help from my previous post, I now have about half of my desktop icons back. When i click the start menu and click all programs, all of the folders are shown but when I try to look in them, it says they are empty. However I can go into my computer and get to any programs or files(so it is simply an inconvenience). My computer does not seem to be running any slower, but the hourglass next to my mouse constantly flickers on and off. I can live with my computer the way it is, but I really would like to have it completely virus free and back to the way it was.

I was able to get the d.d.s log, and from the previous post was able to get a gmer log, but when I ran it again, it would not produce a log. The first time I ran it, the IAT/EAT,
Drives/Partition other than Systemdrive, and Show All boxes were unchecked, but all other boxes above "services" were also grayed out and unchecked.

I also attached the TDDS Killer log that I was asked to supply in my last post

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:18 AM

Posted 06 January 2012 - 11:52 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 tasteven

tasteven
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 06 January 2012 - 04:51 PM

My computer is basically in the same state that I listed before. The flashing hourglass by my mouse has stopped since. Here are the reports.

OTL logfile created on: 1/6/2012 4:43:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rabble Rouser\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.83 Gb Available Physical Memory | 85.39% Memory free
16.00 Gb Paging File | 12.51 Gb Available in Paging File | 78.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 818.73 Gb Free Space | 87.90% Space Free | Partition Type: NTFS
Drive E: | 465.73 Gb Total Space | 120.67 Gb Free Space | 25.91% Space Free | Partition Type: NTFS

Computer Name: RABBLEROUSER-PC | User Name: Rabble Rouser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/06 16:42:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rabble Rouser\Downloads\OTL.exe
PRC - [2012/01/03 12:48:11 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/08 18:44:19 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/10/21 14:06:26 | 000,433,872 | ---- | M] (Sony Ericsson) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/09 10:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/10/04 11:15:56 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/10/03 23:01:16 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011/08/15 15:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/09 12:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/13 13:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
PRC - [2010/06/21 09:11:52 | 001,254,912 | ---- | M] (Chicony) -- C:\Program Files (x86)\Thermaltake Challenger Pro\Ttsystray.exe
PRC - [2010/01/22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/01/26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/03 12:48:11 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/12/08 18:44:17 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/12/08 18:44:15 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/12/08 18:44:13 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/12/08 18:44:11 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/12/08 18:44:09 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/11/24 19:37:05 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/19 10:12:26 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll
MOD - [2011/10/15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/10/03 23:01:16 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/12/13 13:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
MOD - [2010/12/13 09:58:50 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll
MOD - [2009/10/09 16:50:22 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Thermaltake Challenger Pro\WMINPUT.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/08 18:44:19 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/15 15:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/26 18:02:28 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\D-Link\DWA-556 revA\jswpsapi.exe -- (jswpsapi)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/01/22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 09:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/05/15 02:28:52 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4118851864-1944364308-2230980366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=107738&babsrc=HP_ss&mntrId=1a135495000000000000f46d049455d5
IE - HKU\S-1-5-21-4118851864-1944364308-2230980366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4118851864-1944364308-2230980366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4118851864-1944364308-2230980366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 45 A4 BE 01 8E CC 01 [binary data]
IE - HKU\S-1-5-21-4118851864-1944364308-2230980366-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4118851864-1944364308-2230980366-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-4118851864-1944364308-2230980366-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4118851864-1944364308-2230980366-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4118851864-1944364308-2230980366-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 53 0A 00 4A 82 CC 01 [binary data]
IE - HKU\S-1-5-21-4118851864-1944364308-2230980366-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4118851864-1944364308-2230980366-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#inbox"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=107738&babsrc=adbartrp&mntrId=1a135495000000000000f46d049455d5&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/27 21:50:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/03 12:48:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/01 18:08:24 | 000,000,000 | ---D | M]

[2011/10/03 23:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rabble Rouser\AppData\Roaming\Mozilla\Extensions
[2011/12/03 14:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rabble Rouser\AppData\Roaming\Mozilla\Firefox\Profiles\dfh3kv1g.default\extensions
[2012/01/03 12:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/27 21:50:59 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\RABBLE ROUSER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DFH3KV1G.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/01/03 12:48:11 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/03 10:44:46 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/08 20:52:38 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Rabble Rouser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Rabble Rouser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Rabble Rouser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Rabble Rouser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Rabble Rouser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ChallengerPro] C:\Program Files (x86)\Thermaltake Challenger Pro\Ttsystray.exe (Chicony)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [YXXTxtXBks.exe] C:\ProgramData\YXXTxtXBks.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4118851864-1944364308-2230980366-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-4118851864-1944364308-2230980366-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-21-4118851864-1944364308-2230980366-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-4118851864-1944364308-2230980366-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-4118851864-1944364308-2230980366-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-4118851864-1944364308-2230980366-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4118851864-1944364308-2230980366-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-4118851864-1944364308-2230980366-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4118851864-1944364308-2230980366-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C7B802F-DF85-4E94-B929-E7416175753E}: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e7cc4d08-1a02-11e1-9912-f46d049455d5}\Shell - "" = AutoRun
O33 - MountPoints2\{e7cc4d08-1a02-11e1-9912-f46d049455d5}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = 7Jy] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\nix.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = 7Jy] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\nix.exe" -a "%1" %*


SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 12:45:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/29 19:36:26 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2011/12/29 19:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/29 19:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/29 18:12:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/12/29 18:02:31 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2011/12/27 22:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/12/27 22:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/12/27 22:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/12/25 18:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/25 18:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/12/25 17:21:40 | 000,000,000 | ---D | C] -- C:\Users\Rabble Rouser\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/25 17:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/25 16:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2011/12/25 16:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/12/24 20:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEC Electronics
[2011/12/24 20:36:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NEC Electronics
[2011/12/24 20:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2011/12/24 20:27:57 | 000,962,612 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42d.dll
[2011/12/24 20:27:57 | 000,434,252 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCRTD.DLL
[2011/12/24 20:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2011/12/24 20:20:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/12/24 20:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/24 20:19:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/12/24 20:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/12/24 20:09:14 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011/12/22 17:54:36 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/17 20:49:28 | 000,000,000 | ---D | C] -- C:\Users\Rabble Rouser\Documents\FAFSA
[2011/12/15 12:34:13 | 000,000,000 | ---D | C] -- C:\Users\Rabble Rouser\AppData\Local\SWTOR
[2011/12/14 13:02:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 13:02:15 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/14 13:02:15 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/14 13:02:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/14 13:02:15 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/14 13:02:15 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/14 13:02:15 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/14 13:02:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/14 13:02:11 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 13:02:11 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/13 14:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/13 14:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/13 14:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/13 14:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/12 22:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rabble Rouser\AppData\Local\*.tmp files -> C:\Users\Rabble Rouser\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/06 16:43:10 | 000,001,495 | ---- | M] () -- C:\Users\Rabble Rouser\Desktop\OTL - Shortcut.lnk
[2012/01/06 16:37:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/06 15:16:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/06 10:45:12 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/05 00:12:38 | 000,020,496 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 00:12:38 | 000,020,496 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/03 23:40:26 | 000,782,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/03 23:40:26 | 000,662,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/03 23:40:26 | 000,122,024 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/03 23:34:23 | 2146,832,383 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/31 14:35:42 | 000,002,056 | ---- | M] () -- C:\Users\Rabble Rouser\Desktop\launcher - Shortcut.lnk
[2011/12/31 14:05:00 | 000,294,216 | R--- | M] () -- C:\Users\Rabble Rouser\Desktop\gmer.zip
[2011/12/30 16:15:40 | 001,558,406 | R--- | M] () -- C:\Users\Rabble Rouser\Desktop\tdsskiller.zip
[2011/12/30 12:45:34 | 345,177,024 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/30 10:11:47 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/29 21:11:15 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2011/12/29 21:02:21 | 000,002,351 | ---- | M] () -- C:\Users\Rabble Rouser\Desktop\Spybot - Search & Destroy.lnk
[2011/12/29 21:02:21 | 000,001,978 | ---- | M] () -- C:\Users\Rabble Rouser\Desktop\EVGA Precision.lnk
[2011/12/29 21:02:21 | 000,001,231 | ---- | M] () -- C:\Users\Rabble Rouser\Desktop\DivX Movies.lnk
[2011/12/29 18:23:33 | 000,033,050 | -HS- | M] () -- C:\ProgramData\t8072ob85e27x7083od28jytrvk2l2nlse40he21gk5pl
[2011/12/25 14:11:09 | 000,012,376 | -HS- | M] () -- C:\Users\Rabble Rouser\AppData\Local\nl18yqyn7vv6401wm0311bk4wx0sa7w6
[2011/12/25 14:11:09 | 000,012,376 | -HS- | M] () -- C:\ProgramData\nl18yqyn7vv6401wm0311bk4wx0sa7w6
[2011/12/24 23:16:46 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2011/12/24 21:52:19 | 000,012,708 | -HS- | M] () -- C:\Users\Rabble Rouser\AppData\Local\01ep2102e00gjmc81qytg15t51b25n3o
[2011/12/24 21:52:19 | 000,012,708 | -HS- | M] () -- C:\ProgramData\01ep2102e00gjmc81qytg15t51b25n3o
[2011/12/24 20:20:07 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/24 20:20:02 | 000,795,928 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/24 14:53:54 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/12/24 12:38:11 | 000,000,000 | ---- | M] () -- C:\ProgramData\TTV7X7e25.dat
[2011/12/24 12:38:08 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At41.job
[2011/12/24 12:37:54 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/12/22 19:08:38 | 000,010,468 | ---- | M] () -- C:\Users\Rabble Rouser\AppData\Local\647286q5e181p725p270p6ddy7c3
[2011/12/22 19:08:38 | 000,010,468 | ---- | M] () -- C:\ProgramData\647286q5e181p725p270p6ddy7c3
[2011/12/20 15:03:15 | 000,000,000 | ---- | M] () -- C:\Users\Rabble Rouser\AppData\Local\{054D400C-D4A7-471D-9883-8B07E7D82453}
[2011/12/15 12:30:36 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rabble Rouser\AppData\Local\*.tmp files -> C:\Users\Rabble Rouser\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/06 16:43:10 | 000,001,495 | ---- | C] () -- C:\Users\Rabble Rouser\Desktop\OTL - Shortcut.lnk
[2011/12/31 14:35:42 | 000,002,056 | ---- | C] () -- C:\Users\Rabble Rouser\Desktop\launcher - Shortcut.lnk
[2011/12/31 14:05:38 | 000,302,592 | ---- | C] () -- C:\Users\Rabble Rouser\Desktop\gmer.exe
[2011/12/31 14:05:11 | 000,294,216 | R--- | C] () -- C:\Users\Rabble Rouser\Desktop\gmer.zip
[2011/12/30 16:16:11 | 001,558,406 | R--- | C] () -- C:\Users\Rabble Rouser\Desktop\tdsskiller.zip
[2011/12/30 12:45:34 | 345,177,024 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/30 09:51:25 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/12/30 09:51:25 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/12/30 09:51:25 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/12/30 09:51:25 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/12/30 09:51:25 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/12/30 09:51:25 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/12/29 21:11:15 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/29 19:34:15 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/29 18:21:26 | 000,033,050 | -HS- | C] () -- C:\ProgramData\t8072ob85e27x7083od28jytrvk2l2nlse40he21gk5pl
[2011/12/25 14:06:48 | 000,012,376 | -HS- | C] () -- C:\Users\Rabble Rouser\AppData\Local\nl18yqyn7vv6401wm0311bk4wx0sa7w6
[2011/12/25 14:06:48 | 000,012,376 | -HS- | C] () -- C:\ProgramData\nl18yqyn7vv6401wm0311bk4wx0sa7w6
[2011/12/24 21:46:49 | 000,012,708 | -HS- | C] () -- C:\Users\Rabble Rouser\AppData\Local\01ep2102e00gjmc81qytg15t51b25n3o
[2011/12/24 21:46:49 | 000,012,708 | -HS- | C] () -- C:\ProgramData\01ep2102e00gjmc81qytg15t51b25n3o
[2011/12/24 20:30:25 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/12/24 20:30:25 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/12/24 20:27:45 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/12/24 20:27:45 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/12/24 20:27:09 | 000,015,416 | ---- | C] () -- C:\Windows\SysNative\drivers\ASACPI.sys
[2011/12/24 20:20:07 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/24 12:38:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\TTV7X7e25.dat
[2011/12/24 12:38:07 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/12/24 12:38:01 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/12/24 12:37:53 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/12/22 17:54:28 | 000,010,468 | ---- | C] () -- C:\Users\Rabble Rouser\AppData\Local\647286q5e181p725p270p6ddy7c3
[2011/12/22 17:54:28 | 000,010,468 | ---- | C] () -- C:\ProgramData\647286q5e181p725p270p6ddy7c3
[2011/12/20 15:03:15 | 000,000,000 | ---- | C] () -- C:\Users\Rabble Rouser\AppData\Local\{054D400C-D4A7-471D-9883-8B07E7D82453}
[2011/12/04 10:18:52 | 000,000,000 | ---- | C] () -- C:\Users\Rabble Rouser\AppData\Local\{7B238502-83C3-4DA8-BF29-0B27E4F85B24}
[2011/10/24 23:14:09 | 000,795,928 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/06 14:02:10 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Rabble Rouser\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Rabble Rouser\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\system64\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Rabble Rouser\AppData\Local\Temp\RarSFX0\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< End of report >


OTL Extras logfile created on: 1/6/2012 4:43:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rabble Rouser\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.83 Gb Available Physical Memory | 85.39% Memory free
16.00 Gb Paging File | 12.51 Gb Available in Paging File | 78.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 818.73 Gb Free Space | 87.90% Space Free | Partition Type: NTFS
Drive E: | 465.73 Gb Total Space | 120.67 Gb Free Space | 25.91% Space Free | Partition Type: NTFS

Computer Name: RABBLEROUSER-PC | User Name: Rabble Rouser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = 7Jy] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\nix.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = 7Jy] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\nix.exe" -a "%1" %*

[HKEY_USERS\S-1-5-21-4118851864-1944364308-2230980366-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0483BE07-260D-4E4D-815E-F737C0A72E40}" = Adobe Flash Player 10 ActiveX
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}" = DWA-556
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{91591AEF-F2AB-45DF-9BAA-4288B5EC8032}" = Tt eSPORTS Challenger Pro
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BitTorrent" = BitTorrent
"DivX Setup" = DivX Setup
"GamersFirst LIVE!" = GamersFirst LIVE!
"Google Chrome" = Google Chrome
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Precision" = EVGA Precision 2.1.0
"Steam App 105600" = Terraria
"Steam App 1250" = Killing Floor
"Steam App 32800" = The Lord of the Rings: War in the North
"Steam App 57400" = Batman: Arkham City™ PC
"Steam App 57900" = Duke Nukem Forever
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/6/2012 4:47:31 PM | Computer Name = RabbleRouser-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7987

Error - 1/6/2012 4:47:31 PM | Computer Name = RabbleRouser-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7987

Error - 1/6/2012 4:47:32 PM | Computer Name = RabbleRouser-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/6/2012 4:47:32 PM | Computer Name = RabbleRouser-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8985

Error - 1/6/2012 4:47:32 PM | Computer Name = RabbleRouser-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8985

Error - 1/6/2012 4:47:33 PM | Computer Name = RabbleRouser-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/6/2012 4:47:33 PM | Computer Name = RabbleRouser-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9999

Error - 1/6/2012 4:47:33 PM | Computer Name = RabbleRouser-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9999

Error - 1/6/2012 4:47:34 PM | Computer Name = RabbleRouser-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/6/2012 4:47:34 PM | Computer Name = RabbleRouser-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10998

[ System Events ]
Error - 12/30/2011 1:45:40 PM | Computer Name = RabbleRouser-PC | Source = BugCheck | ID = 1001
Description =

Error - 12/30/2011 1:45:47 PM | Computer Name = RabbleRouser-PC | Source = DCOM | ID = 10005
Description =

Error - 12/30/2011 1:45:47 PM | Computer Name = RabbleRouser-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AsIO discache MpFilter SASDIFSV SASKUTIL spldr Wanarpv6

Error - 12/30/2011 1:45:54 PM | Computer Name = RabbleRouser-PC | Source = DCOM | ID = 10005
Description =

Error - 12/30/2011 1:45:56 PM | Computer Name = RabbleRouser-PC | Source = DCOM | ID = 10005
Description =

Error - 12/30/2011 1:45:56 PM | Computer Name = RabbleRouser-PC | Source = DCOM | ID = 10005
Description =

Error - 12/30/2011 1:45:57 PM | Computer Name = RabbleRouser-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 12/30/2011 1:50:37 PM | Computer Name = RabbleRouser-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 1/3/2012 7:17:34 PM | Computer Name = RabbleRouser-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 1/4/2012 12:34:45 AM | Computer Name = RabbleRouser-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:18 AM

Posted 06 January 2012 - 10:37 PM

Hi,

please run unhide and let me know if that restores your start menu: unhide.exe.

Please also run a scan with gmer:
Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 tasteven

tasteven
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 07 January 2012 - 12:08 AM

I previously ran unhide, and it returned only half of my icons like I said before(mainly shortcuts to games that I purchased on Steam). I ran it again and nothing changed. I ran gmer again and no report was created. I saved the report and it was blank. I have never ran aswMBR but I am assuming this is what you were refering to My link. Here is the report from that. My computer appears to be the same. The same virus was blocked in malware bytes pro after startup like it always does. I quaratined it like always. Again, my computer is completely usable, but I want it to be completely virus free especially so I can have that safe sense of mind. Should I run my malware bytes and superantispyware scans so you can see the logs and what virus I have?


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-06 23:41:12
-----------------------------
23:41:12.725 OS Version: Windows x64 6.1.7601 Service Pack 1
23:41:12.725 Number of processors: 4 586 0x403
23:41:12.725 ComputerName: RABBLEROUSER-PC UserName: Rabble Rouser
23:41:15.450 Initialize success
23:42:06.764 AVAST engine defs: 12010601
23:43:20.477 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4
23:43:20.482 Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 3
23:43:20.488 Device \Driver\atapi -> MajorFunction fffffa80085905c4
23:43:20.494 Disk 0 MBR read successfully
23:43:20.500 Disk 0 MBR scan
23:43:20.519 Disk 0 MBR:Pihar-C [Rtk]
23:43:20.526 Disk 0 TDL4@MBR code has been found
23:43:20.533 Disk 0 Windows 7 default MBR code found via API
23:43:20.540 Disk 0 MBR hidden
23:43:20.552 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:43:20.565 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
23:43:20.577 Disk 0 MBR [TDL4] **ROOTKIT**
23:43:20.587 Disk 0 trace - called modules:
23:43:20.593 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80085905c4]<<
23:43:20.597 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007adb060]
23:43:20.601 3 CLASSPNP.SYS[fffff880019b743f] -> nt!IofCallDriver -> [0xfffffa8006b13520]
23:43:20.609 5 ACPI.sys[fffff88000e4f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-4[0xfffffa8006b1a060]
23:43:20.618 \Driver\atapi[0xfffffa8007baab70] -> IRP_MJ_CREATE -> 0xfffffa80085905c4
23:43:22.457 AVAST engine scan C:\Windows
23:43:25.517 AVAST engine scan C:\Windows\system32
23:44:54.992 AVAST engine scan C:\Windows\system32\drivers
23:45:03.963 AVAST engine scan C:\Users\Rabble Rouser
23:47:03.848 File: C:\Users\Rabble Rouser\AppData\Local\Temp\6597.tmp **INFECTED** Win32:Malware-gen
23:47:04.431 Disk 0 MBR has been saved successfully to "C:\Users\Rabble Rouser\Documents\MBR.dat"
23:47:04.436 The log file has been saved successfully to "C:\Users\Rabble Rouser\Documents\aswMBR.txt"


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-06 23:41:12
-----------------------------
23:41:12.725 OS Version: Windows x64 6.1.7601 Service Pack 1
23:41:12.725 Number of processors: 4 586 0x403
23:41:12.725 ComputerName: RABBLEROUSER-PC UserName: Rabble Rouser
23:41:15.450 Initialize success
23:42:06.764 AVAST engine defs: 12010601
23:43:20.477 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4
23:43:20.482 Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 3
23:43:20.488 Device \Driver\atapi -> MajorFunction fffffa80085905c4
23:43:20.494 Disk 0 MBR read successfully
23:43:20.500 Disk 0 MBR scan
23:43:20.519 Disk 0 MBR:Pihar-C [Rtk]
23:43:20.526 Disk 0 TDL4@MBR code has been found
23:43:20.533 Disk 0 Windows 7 default MBR code found via API
23:43:20.540 Disk 0 MBR hidden
23:43:20.552 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:43:20.565 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
23:43:20.577 Disk 0 MBR [TDL4] **ROOTKIT**
23:43:20.587 Disk 0 trace - called modules:
23:43:20.593 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80085905c4]<<
23:43:20.597 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007adb060]
23:43:20.601 3 CLASSPNP.SYS[fffff880019b743f] -> nt!IofCallDriver -> [0xfffffa8006b13520]
23:43:20.609 5 ACPI.sys[fffff88000e4f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-4[0xfffffa8006b1a060]
23:43:20.618 \Driver\atapi[0xfffffa8007baab70] -> IRP_MJ_CREATE -> 0xfffffa80085905c4
23:43:22.457 AVAST engine scan C:\Windows
23:43:25.517 AVAST engine scan C:\Windows\system32
23:44:54.992 AVAST engine scan C:\Windows\system32\drivers
23:45:03.963 AVAST engine scan C:\Users\Rabble Rouser
23:47:03.848 File: C:\Users\Rabble Rouser\AppData\Local\Temp\6597.tmp **INFECTED** Win32:Malware-gen
23:47:04.431 Disk 0 MBR has been saved successfully to "C:\Users\Rabble Rouser\Documents\MBR.dat"
23:47:04.436 The log file has been saved successfully to "C:\Users\Rabble Rouser\Documents\aswMBR.txt"
23:47:04.761 File: C:\Users\Rabble Rouser\AppData\Local\Temp\FE33.tmp **INFECTED** Win32:Malware-gen
23:49:00.000 AVAST engine scan C:\ProgramData
23:49:20.957 Scan finished successfully
23:54:23.160 Disk 0 MBR has been saved successfully to "C:\Users\Rabble Rouser\Documents\MBR.dat"
23:54:23.165 The log file has been saved successfully to "C:\Users\Rabble Rouser\Documents\aswMBR.txt"


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-06 23:41:12
-----------------------------
23:41:12.725 OS Version: Windows x64 6.1.7601 Service Pack 1
23:41:12.725 Number of processors: 4 586 0x403
23:41:12.725 ComputerName: RABBLEROUSER-PC UserName: Rabble Rouser
23:41:15.450 Initialize success
23:42:06.764 AVAST engine defs: 12010601
23:43:20.477 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4
23:43:20.482 Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 3
23:43:20.488 Device \Driver\atapi -> MajorFunction fffffa80085905c4
23:43:20.494 Disk 0 MBR read successfully
23:43:20.500 Disk 0 MBR scan
23:43:20.519 Disk 0 MBR:Pihar-C [Rtk]
23:43:20.526 Disk 0 TDL4@MBR code has been found
23:43:20.533 Disk 0 Windows 7 default MBR code found via API
23:43:20.540 Disk 0 MBR hidden
23:43:20.552 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:43:20.565 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
23:43:20.577 Disk 0 MBR [TDL4] **ROOTKIT**
23:43:20.587 Disk 0 trace - called modules:
23:43:20.593 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80085905c4]<<
23:43:20.597 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007adb060]
23:43:20.601 3 CLASSPNP.SYS[fffff880019b743f] -> nt!IofCallDriver -> [0xfffffa8006b13520]
23:43:20.609 5 ACPI.sys[fffff88000e4f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-4[0xfffffa8006b1a060]
23:43:20.618 \Driver\atapi[0xfffffa8007baab70] -> IRP_MJ_CREATE -> 0xfffffa80085905c4
23:43:22.457 AVAST engine scan C:\Windows
23:43:25.517 AVAST engine scan C:\Windows\system32
23:44:54.992 AVAST engine scan C:\Windows\system32\drivers
23:45:03.963 AVAST engine scan C:\Users\Rabble Rouser
23:47:03.848 File: C:\Users\Rabble Rouser\AppData\Local\Temp\6597.tmp **INFECTED** Win32:Malware-gen
23:47:04.431 Disk 0 MBR has been saved successfully to "C:\Users\Rabble Rouser\Documents\MBR.dat"
23:47:04.436 The log file has been saved successfully to "C:\Users\Rabble Rouser\Documents\aswMBR.txt"
23:47:04.761 File: C:\Users\Rabble Rouser\AppData\Local\Temp\FE33.tmp **INFECTED** Win32:Malware-gen
23:49:00.000 AVAST engine scan C:\ProgramData
23:49:20.957 Scan finished successfully
23:54:23.160 Disk 0 MBR has been saved successfully to "C:\Users\Rabble Rouser\Documents\MBR.dat"
23:54:23.165 The log file has been saved successfully to "C:\Users\Rabble Rouser\Documents\aswMBR.txt"
23:54:57.907 Disk 0 MBR has been saved successfully to "C:\Users\Rabble Rouser\Documents\MBR.dat"
23:54:57.911 The log file has been saved successfully to "C:\Users\Rabble Rouser\Documents\aswMBR.txt"

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:18 AM

Posted 07 January 2012 - 12:18 AM

Hi,

sorry, I switched up two instructions.. I wanted you to run gmer, but aswmbr has also found what I was suspecting to find.

Did you run a fix with aswmbr? Or just a scan?

Please run a scan with TDSSKiller next:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 tasteven

tasteven
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 07 January 2012 - 12:27 AM

with aswMBR I followed your instructions exactly, I hit the fix button but the scan was only a quick scan not a full one (not sure if I was suppose to change it). And here is the log from tdsskiller.

00:23:30.0269 4132 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
00:23:30.0633 4132 ============================================================
00:23:30.0633 4132 Current date / time: 2012/01/07 00:23:30.0633
00:23:30.0633 4132 SystemInfo:
00:23:30.0633 4132
00:23:30.0633 4132 OS Version: 6.1.7601 ServicePack: 1.0
00:23:30.0633 4132 Product type: Workstation
00:23:30.0634 4132 ComputerName: RABBLEROUSER-PC
00:23:30.0634 4132 UserName: Rabble Rouser
00:23:30.0634 4132 Windows directory: C:\Windows
00:23:30.0634 4132 System windows directory: C:\Windows
00:23:30.0634 4132 Running under WOW64
00:23:30.0634 4132 Processor architecture: Intel x64
00:23:30.0634 4132 Number of processors: 4
00:23:30.0634 4132 Page size: 0x1000
00:23:30.0634 4132 Boot type: Normal boot
00:23:30.0634 4132 ============================================================
00:23:31.0366 4132 Initialize success
00:23:53.0020 2828 ============================================================
00:23:53.0020 2828 Scan started
00:23:53.0020 2828 Mode: Manual;
00:23:53.0020 2828 ============================================================
00:23:53.0385 2828 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
00:23:53.0390 2828 1394ohci - ok
00:23:53.0412 2828 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:23:53.0418 2828 ACPI - ok
00:23:53.0439 2828 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:23:53.0441 2828 AcpiPmi - ok
00:23:53.0489 2828 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
00:23:53.0494 2828 adp94xx - ok
00:23:53.0514 2828 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
00:23:53.0517 2828 adpahci - ok
00:23:53.0537 2828 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
00:23:53.0539 2828 adpu320 - ok
00:23:53.0595 2828 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
00:23:53.0605 2828 AFD - ok
00:23:53.0628 2828 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:23:53.0631 2828 agp440 - ok
00:23:53.0651 2828 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:23:53.0653 2828 aliide - ok
00:23:53.0669 2828 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:23:53.0670 2828 amdide - ok
00:23:53.0684 2828 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
00:23:53.0686 2828 AmdK8 - ok
00:23:53.0698 2828 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:23:53.0698 2828 AmdPPM - ok
00:23:53.0719 2828 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:23:53.0721 2828 amdsata - ok
00:23:53.0737 2828 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
00:23:53.0739 2828 amdsbs - ok
00:23:53.0752 2828 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:23:53.0753 2828 amdxata - ok
00:23:53.0767 2828 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:23:53.0768 2828 AppID - ok
00:23:53.0785 2828 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
00:23:53.0787 2828 arc - ok
00:23:53.0804 2828 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
00:23:53.0806 2828 arcsas - ok
00:23:53.0818 2828 AsIO - ok
00:23:53.0855 2828 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:23:53.0856 2828 AsyncMac - ok
00:23:53.0872 2828 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:23:53.0873 2828 atapi - ok
00:23:53.0931 2828 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
00:23:53.0975 2828 athr - ok
00:23:54.0020 2828 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
00:23:54.0025 2828 b06bdrv - ok
00:23:54.0043 2828 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:23:54.0046 2828 b57nd60a - ok
00:23:54.0057 2828 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:23:54.0058 2828 Beep - ok
00:23:54.0068 2828 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:23:54.0069 2828 blbdrive - ok
00:23:54.0109 2828 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:23:54.0112 2828 bowser - ok
00:23:54.0132 2828 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
00:23:54.0134 2828 BrFiltLo - ok
00:23:54.0153 2828 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
00:23:54.0155 2828 BrFiltUp - ok
00:23:54.0180 2828 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:23:54.0183 2828 Brserid - ok
00:23:54.0194 2828 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:23:54.0195 2828 BrSerWdm - ok
00:23:54.0209 2828 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:23:54.0210 2828 BrUsbMdm - ok
00:23:54.0225 2828 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:23:54.0226 2828 BrUsbSer - ok
00:23:54.0240 2828 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
00:23:54.0241 2828 BTHMODEM - ok
00:23:54.0263 2828 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:23:54.0265 2828 cdfs - ok
00:23:54.0286 2828 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:23:54.0288 2828 cdrom - ok
00:23:54.0302 2828 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
00:23:54.0303 2828 circlass - ok
00:23:54.0332 2828 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:23:54.0336 2828 CLFS - ok
00:23:54.0367 2828 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
00:23:54.0368 2828 CmBatt - ok
00:23:54.0380 2828 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:23:54.0381 2828 cmdide - ok
00:23:54.0400 2828 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
00:23:54.0404 2828 CNG - ok
00:23:54.0422 2828 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
00:23:54.0423 2828 Compbatt - ok
00:23:54.0439 2828 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:23:54.0440 2828 CompositeBus - ok
00:23:54.0460 2828 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
00:23:54.0462 2828 crcdisk - ok
00:23:54.0496 2828 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:23:54.0498 2828 DfsC - ok
00:23:54.0514 2828 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:23:54.0516 2828 discache - ok
00:23:54.0529 2828 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
00:23:54.0531 2828 Disk - ok
00:23:54.0565 2828 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:23:54.0566 2828 drmkaud - ok
00:23:54.0591 2828 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:23:54.0596 2828 DXGKrnl - ok
00:23:54.0653 2828 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
00:23:54.0705 2828 ebdrv - ok
00:23:54.0739 2828 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
00:23:54.0743 2828 elxstor - ok
00:23:54.0757 2828 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:23:54.0758 2828 ErrDev - ok
00:23:54.0771 2828 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:23:54.0773 2828 exfat - ok
00:23:54.0784 2828 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:23:54.0786 2828 fastfat - ok
00:23:54.0800 2828 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
00:23:54.0802 2828 fdc - ok
00:23:54.0812 2828 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:23:54.0813 2828 FileInfo - ok
00:23:54.0829 2828 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:23:54.0830 2828 Filetrace - ok
00:23:54.0842 2828 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
00:23:54.0843 2828 flpydisk - ok
00:23:54.0865 2828 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:23:54.0868 2828 FltMgr - ok
00:23:54.0885 2828 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:23:54.0887 2828 FsDepends - ok
00:23:54.0896 2828 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:23:54.0897 2828 Fs_Rec - ok
00:23:54.0915 2828 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:23:54.0917 2828 fvevol - ok
00:23:54.0932 2828 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
00:23:54.0937 2828 gagp30kx - ok
00:23:54.0991 2828 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:23:54.0992 2828 GEARAspiWDM - ok
00:23:55.0044 2828 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
00:23:55.0044 2828 hamachi - ok
00:23:55.0061 2828 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:23:55.0063 2828 hcw85cir - ok
00:23:55.0106 2828 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:23:55.0110 2828 HdAudAddService - ok
00:23:55.0125 2828 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:23:55.0127 2828 HDAudBus - ok
00:23:55.0138 2828 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
00:23:55.0140 2828 HidBatt - ok
00:23:55.0152 2828 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
00:23:55.0154 2828 HidBth - ok
00:23:55.0168 2828 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
00:23:55.0169 2828 HidIr - ok
00:23:55.0190 2828 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:23:55.0191 2828 HidUsb - ok
00:23:55.0216 2828 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:23:55.0218 2828 HpSAMD - ok
00:23:55.0251 2828 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:23:55.0259 2828 HTTP - ok
00:23:55.0275 2828 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:23:55.0275 2828 hwpolicy - ok
00:23:55.0295 2828 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:23:55.0298 2828 i8042prt - ok
00:23:55.0327 2828 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:23:55.0331 2828 iaStorV - ok
00:23:55.0353 2828 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
00:23:55.0354 2828 iirsp - ok
00:23:55.0442 2828 IntcAzAudAddService (f5872a11eb4f6db170d636cd4e53ca9f) C:\Windows\system32\drivers\RTKVHD64.sys
00:23:55.0465 2828 IntcAzAudAddService - ok
00:23:55.0484 2828 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:23:55.0485 2828 intelide - ok
00:23:55.0501 2828 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
00:23:55.0503 2828 intelppm - ok
00:23:55.0519 2828 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:23:55.0522 2828 IpFilterDriver - ok
00:23:55.0541 2828 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:23:55.0543 2828 IPMIDRV - ok
00:23:55.0561 2828 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:23:55.0564 2828 IPNAT - ok
00:23:55.0588 2828 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:23:55.0589 2828 IRENUM - ok
00:23:55.0596 2828 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:23:55.0596 2828 isapnp - ok
00:23:55.0613 2828 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:23:55.0616 2828 iScsiPrt - ok
00:23:55.0649 2828 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
00:23:55.0650 2828 JSWPSLWF - ok
00:23:55.0668 2828 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:23:55.0669 2828 kbdclass - ok
00:23:55.0681 2828 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:23:55.0683 2828 kbdhid - ok
00:23:55.0699 2828 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
00:23:55.0700 2828 KSecDD - ok
00:23:55.0716 2828 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
00:23:55.0718 2828 KSecPkg - ok
00:23:55.0734 2828 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:23:55.0735 2828 ksthunk - ok
00:23:55.0765 2828 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:23:55.0766 2828 lltdio - ok
00:23:55.0791 2828 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
00:23:55.0793 2828 LSI_FC - ok
00:23:55.0807 2828 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
00:23:55.0809 2828 LSI_SAS - ok
00:23:55.0826 2828 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
00:23:55.0828 2828 LSI_SAS2 - ok
00:23:55.0841 2828 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
00:23:55.0843 2828 LSI_SCSI - ok
00:23:55.0857 2828 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:23:55.0860 2828 luafv - ok
00:23:55.0895 2828 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
00:23:55.0896 2828 MBAMProtector - ok
00:23:55.0920 2828 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
00:23:55.0921 2828 megasas - ok
00:23:55.0942 2828 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
00:23:55.0945 2828 MegaSR - ok
00:23:55.0955 2828 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:23:55.0956 2828 Modem - ok
00:23:55.0975 2828 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:23:55.0976 2828 monitor - ok
00:23:55.0988 2828 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:23:55.0989 2828 mouclass - ok
00:23:56.0001 2828 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:23:56.0002 2828 mouhid - ok
00:23:56.0018 2828 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:23:56.0020 2828 mountmgr - ok
00:23:56.0063 2828 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
00:23:56.0067 2828 MpFilter - ok
00:23:56.0089 2828 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:23:56.0093 2828 mpio - ok
00:23:56.0115 2828 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
00:23:56.0117 2828 MpNWMon - ok
00:23:56.0139 2828 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:23:56.0141 2828 mpsdrv - ok
00:23:56.0158 2828 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:23:56.0160 2828 MRxDAV - ok
00:23:56.0185 2828 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:23:56.0187 2828 mrxsmb - ok
00:23:56.0208 2828 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:23:56.0212 2828 mrxsmb10 - ok
00:23:56.0224 2828 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:23:56.0226 2828 mrxsmb20 - ok
00:23:56.0233 2828 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:23:56.0234 2828 msahci - ok
00:23:56.0250 2828 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:23:56.0252 2828 msdsm - ok
00:23:56.0271 2828 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:23:56.0272 2828 Msfs - ok
00:23:56.0287 2828 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:23:56.0289 2828 mshidkmdf - ok
00:23:56.0302 2828 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:23:56.0302 2828 msisadrv - ok
00:23:56.0333 2828 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:23:56.0335 2828 MSKSSRV - ok
00:23:56.0351 2828 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:23:56.0352 2828 MSPCLOCK - ok
00:23:56.0367 2828 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:23:56.0368 2828 MSPQM - ok
00:23:56.0394 2828 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:23:56.0397 2828 MsRPC - ok
00:23:56.0416 2828 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:23:56.0417 2828 mssmbios - ok
00:23:56.0424 2828 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:23:56.0425 2828 MSTEE - ok
00:23:56.0438 2828 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
00:23:56.0439 2828 MTConfig - ok
00:23:56.0457 2828 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
00:23:56.0457 2828 MTsensor - ok
00:23:56.0473 2828 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:23:56.0474 2828 Mup - ok
00:23:56.0513 2828 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:23:56.0520 2828 NativeWifiP - ok
00:23:56.0570 2828 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:23:56.0589 2828 NDIS - ok
00:23:56.0608 2828 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:23:56.0614 2828 NdisCap - ok
00:23:56.0639 2828 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:23:56.0641 2828 NdisTapi - ok
00:23:56.0662 2828 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:23:56.0664 2828 Ndisuio - ok
00:23:56.0688 2828 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:23:56.0690 2828 NdisWan - ok
00:23:56.0704 2828 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:23:56.0706 2828 NDProxy - ok
00:23:56.0717 2828 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:23:56.0719 2828 NetBIOS - ok
00:23:56.0737 2828 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:23:56.0740 2828 NetBT - ok
00:23:56.0778 2828 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
00:23:56.0779 2828 nfrd960 - ok
00:23:56.0796 2828 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:23:56.0798 2828 NisDrv - ok
00:23:56.0815 2828 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:23:56.0816 2828 Npfs - ok
00:23:56.0835 2828 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:23:56.0836 2828 nsiproxy - ok
00:23:56.0892 2828 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:23:56.0922 2828 Ntfs - ok
00:23:56.0943 2828 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:23:56.0945 2828 Null - ok
00:23:56.0969 2828 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
00:23:56.0972 2828 nusb3hub - ok
00:23:57.0004 2828 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
00:23:57.0009 2828 nusb3xhc - ok
00:23:57.0053 2828 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
00:23:57.0056 2828 NVHDA - ok
00:23:57.0306 2828 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:23:57.0361 2828 nvlddmkm - ok
00:23:57.0407 2828 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:23:57.0412 2828 nvraid - ok
00:23:57.0445 2828 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:23:57.0449 2828 nvstor - ok
00:23:57.0492 2828 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:23:57.0496 2828 nv_agp - ok
00:23:57.0519 2828 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:23:57.0522 2828 ohci1394 - ok
00:23:57.0541 2828 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
00:23:57.0543 2828 Parport - ok
00:23:57.0562 2828 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:23:57.0563 2828 partmgr - ok
00:23:57.0584 2828 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:23:57.0587 2828 pci - ok
00:23:57.0601 2828 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:23:57.0601 2828 pciide - ok
00:23:57.0624 2828 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
00:23:57.0627 2828 pcmcia - ok
00:23:57.0639 2828 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:23:57.0640 2828 pcw - ok
00:23:57.0664 2828 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:23:57.0671 2828 PEAUTH - ok
00:23:57.0726 2828 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:23:57.0727 2828 PptpMiniport - ok
00:23:57.0745 2828 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
00:23:57.0746 2828 Processor - ok
00:23:57.0769 2828 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:23:57.0770 2828 Psched - ok
00:23:57.0809 2828 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
00:23:57.0835 2828 ql2300 - ok
00:23:57.0852 2828 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
00:23:57.0857 2828 ql40xx - ok
00:23:57.0890 2828 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:23:57.0892 2828 QWAVEdrv - ok
00:23:57.0909 2828 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:23:57.0910 2828 RasAcd - ok
00:23:57.0925 2828 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:23:57.0926 2828 RasAgileVpn - ok
00:23:57.0939 2828 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:23:57.0941 2828 Rasl2tp - ok
00:23:57.0955 2828 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:23:57.0957 2828 RasPppoe - ok
00:23:57.0974 2828 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:23:57.0976 2828 RasSstp - ok
00:23:57.0992 2828 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:23:57.0996 2828 rdbss - ok
00:23:58.0014 2828 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
00:23:58.0015 2828 rdpbus - ok
00:23:58.0034 2828 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:23:58.0035 2828 RDPCDD - ok
00:23:58.0058 2828 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:23:58.0059 2828 RDPENCDD - ok
00:23:58.0076 2828 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:23:58.0077 2828 RDPREFMP - ok
00:23:58.0098 2828 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
00:23:58.0100 2828 RDPWD - ok
00:23:58.0117 2828 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:23:58.0119 2828 rdyboost - ok
00:23:58.0155 2828 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:23:58.0156 2828 rspndr - ok
00:23:58.0188 2828 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:23:58.0191 2828 RTL8167 - ok
00:23:58.0245 2828 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
00:23:58.0246 2828 SASDIFSV - ok
00:23:58.0259 2828 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
00:23:58.0260 2828 SASKUTIL - ok
00:23:58.0283 2828 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:23:58.0285 2828 sbp2port - ok
00:23:58.0315 2828 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:23:58.0316 2828 scfilter - ok
00:23:58.0335 2828 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:23:58.0336 2828 secdrv - ok
00:23:58.0362 2828 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:23:58.0363 2828 Serenum - ok
00:23:58.0375 2828 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:23:58.0376 2828 Serial - ok
00:23:58.0391 2828 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
00:23:58.0392 2828 sermouse - ok
00:23:58.0416 2828 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:23:58.0417 2828 sffdisk - ok
00:23:58.0433 2828 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:23:58.0434 2828 sffp_mmc - ok
00:23:58.0449 2828 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:23:58.0450 2828 sffp_sd - ok
00:23:58.0467 2828 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
00:23:58.0468 2828 sfloppy - ok
00:23:58.0494 2828 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
00:23:58.0496 2828 SiSRaid2 - ok
00:23:58.0514 2828 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
00:23:58.0516 2828 SiSRaid4 - ok
00:23:58.0532 2828 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:23:58.0534 2828 Smb - ok
00:23:58.0584 2828 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:23:58.0585 2828 spldr - ok
00:23:58.0636 2828 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:23:58.0646 2828 srv - ok
00:23:58.0674 2828 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:23:58.0683 2828 srv2 - ok
00:23:58.0706 2828 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:23:58.0708 2828 srvnet - ok
00:23:58.0750 2828 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
00:23:58.0751 2828 stexstor - ok
00:23:58.0760 2828 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:23:58.0761 2828 swenum - ok
00:23:58.0837 2828 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:23:58.0871 2828 Tcpip - ok
00:23:58.0908 2828 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:23:58.0919 2828 TCPIP6 - ok
00:23:58.0945 2828 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:23:58.0946 2828 tcpipreg - ok
00:23:58.0966 2828 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:23:58.0967 2828 TDPIPE - ok
00:23:58.0978 2828 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:23:58.0980 2828 TDTCP - ok
00:23:59.0019 2828 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:23:59.0021 2828 tdx - ok
00:23:59.0041 2828 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
00:23:59.0042 2828 TermDD - ok
00:23:59.0063 2828 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:23:59.0065 2828 tssecsrv - ok
00:23:59.0082 2828 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:23:59.0084 2828 TsUsbFlt - ok
00:23:59.0096 2828 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
00:23:59.0097 2828 TsUsbGD - ok
00:23:59.0112 2828 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:23:59.0114 2828 tunnel - ok
00:23:59.0132 2828 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
00:23:59.0134 2828 uagp35 - ok
00:23:59.0153 2828 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:23:59.0156 2828 udfs - ok
00:23:59.0180 2828 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:23:59.0182 2828 uliagpkx - ok
00:23:59.0199 2828 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:23:59.0200 2828 umbus - ok
00:23:59.0214 2828 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
00:23:59.0215 2828 UmPass - ok
00:23:59.0237 2828 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
00:23:59.0239 2828 USBAAPL64 - ok
00:23:59.0264 2828 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:23:59.0265 2828 usbccgp - ok
00:23:59.0284 2828 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:23:59.0286 2828 usbcir - ok
00:23:59.0302 2828 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:23:59.0303 2828 usbehci - ok
00:23:59.0325 2828 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:23:59.0329 2828 usbhub - ok
00:23:59.0346 2828 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
00:23:59.0347 2828 usbohci - ok
00:23:59.0366 2828 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
00:23:59.0367 2828 usbprint - ok
00:23:59.0389 2828 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:23:59.0390 2828 USBSTOR - ok
00:23:59.0405 2828 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:23:59.0406 2828 usbuhci - ok
00:23:59.0426 2828 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:23:59.0426 2828 vdrvroot - ok
00:23:59.0436 2828 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:23:59.0437 2828 vga - ok
00:23:59.0447 2828 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:23:59.0448 2828 VgaSave - ok
00:23:59.0465 2828 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:23:59.0467 2828 vhdmp - ok
00:23:59.0480 2828 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:23:59.0481 2828 viaide - ok
00:23:59.0500 2828 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:23:59.0501 2828 volmgr - ok
00:23:59.0541 2828 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:23:59.0545 2828 volmgrx - ok
00:23:59.0566 2828 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:23:59.0570 2828 volsnap - ok
00:23:59.0602 2828 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
00:23:59.0605 2828 vsmraid - ok
00:23:59.0622 2828 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:23:59.0623 2828 vwifibus - ok
00:23:59.0648 2828 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:23:59.0649 2828 vwififlt - ok
00:23:59.0665 2828 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
00:23:59.0666 2828 WacomPen - ok
00:23:59.0697 2828 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:23:59.0699 2828 WANARP - ok
00:23:59.0705 2828 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:23:59.0706 2828 Wanarpv6 - ok
00:23:59.0734 2828 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
00:23:59.0735 2828 Wd - ok
00:23:59.0756 2828 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
00:23:59.0757 2828 WDC_SAM - ok
00:23:59.0780 2828 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:23:59.0787 2828 Wdf01000 - ok
00:23:59.0827 2828 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:23:59.0828 2828 WfpLwf - ok
00:23:59.0840 2828 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:23:59.0841 2828 WIMMount - ok
00:23:59.0903 2828 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:23:59.0904 2828 WinUsb - ok
00:23:59.0934 2828 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:23:59.0935 2828 WmiAcpi - ok
00:23:59.0956 2828 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:23:59.0957 2828 ws2ifsl - ok
00:23:59.0978 2828 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:23:59.0979 2828 WudfPf - ok
00:23:59.0996 2828 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:23:59.0998 2828 WUDFRd - ok
00:24:00.0029 2828 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:24:00.0087 2828 \Device\Harddisk0\DR0 - ok
00:24:00.0095 2828 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
00:24:00.0107 2828 \Device\Harddisk1\DR1 - ok
00:24:00.0120 2828 Boot (0x1200) (03dd83759321c00b70b57fb281995cad) \Device\Harddisk0\DR0\Partition0
00:24:00.0122 2828 \Device\Harddisk0\DR0\Partition0 - ok
00:24:00.0133 2828 Boot (0x1200) (b7e165807a0cbfab686b969ec063780c) \Device\Harddisk0\DR0\Partition1
00:24:00.0135 2828 \Device\Harddisk0\DR0\Partition1 - ok
00:24:00.0143 2828 Boot (0x1200) (a7deb1c04ca082d91a2b87a0c4959728) \Device\Harddisk1\DR1\Partition0
00:24:00.0146 2828 \Device\Harddisk1\DR1\Partition0 - ok
00:24:00.0148 2828 ============================================================
00:24:00.0148 2828 Scan finished
00:24:00.0148 2828 ============================================================
00:24:00.0169 5068 Detected object count: 0
00:24:00.0170 5068 Actual detected object count: 0

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:18 AM

Posted 07 January 2012 - 07:15 AM

Hi,

ok, could you please run a new scan with aswMBR:
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How is the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 tasteven

tasteven
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 07 January 2012 - 01:40 PM

Computer seems to be in the same condition


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-07 13:30:53
-----------------------------
13:30:53.935 OS Version: Windows x64 6.1.7601 Service Pack 1
13:30:53.935 Number of processors: 4 586 0x403
13:30:53.935 ComputerName: RABBLEROUSER-PC UserName: Rabble Rouser
13:30:59.876 Initialize success
13:31:04.869 AVAST engine defs: 12010601
13:31:13.018 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4
13:31:13.023 Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 3
13:31:13.046 Disk 0 MBR read successfully
13:31:13.052 Disk 0 MBR scan
13:31:13.060 Disk 0 Windows 7 default MBR code
13:31:13.069 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:31:13.083 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
13:31:13.093 Service scanning
13:31:14.326 Modules scanning
13:31:14.335 Disk 0 trace - called modules:
13:31:14.345 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:31:14.354 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ab9060]
13:31:14.360 3 CLASSPNP.SYS[fffff8800195c43f] -> nt!IofCallDriver -> [0xfffffa8006b14580]
13:31:14.365 5 ACPI.sys[fffff88000ec37a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-4[0xfffffa8006b18060]
13:31:22.872 AVAST engine scan C:\Windows
13:31:25.757 AVAST engine scan C:\Windows\system32
13:32:54.199 AVAST engine scan C:\Windows\system32\drivers
13:33:03.507 AVAST engine scan C:\Users\Rabble Rouser
13:35:37.207 File: C:\Users\Rabble Rouser\AppData\Local\Temp\6597.tmp **INFECTED** Win32:Malware-gen
13:35:37.870 File: C:\Users\Rabble Rouser\AppData\Local\Temp\FE33.tmp **INFECTED** Win32:Malware-gen
13:37:20.557 AVAST engine scan C:\ProgramData
13:37:39.322 Scan finished successfully
13:38:51.129 Disk 0 MBR has been saved successfully to "C:\Users\Rabble Rouser\Desktop\MBR.dat"
13:38:51.134 The log file has been saved successfully to "C:\Users\Rabble Rouser\Desktop\aswMBR.txt"

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:18 AM

Posted 07 January 2012 - 06:05 PM

Hi,

that looks as if TDL4 was taken care off. :)

Please also run this utility to restore the remaining start menu items: link


Then please run a scan with Malwarebytes:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 tasteven

tasteven
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 07 January 2012 - 10:18 PM

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.08.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Rabble Rouser :: RABBLEROUSER-PC [administrator]

Protection: Disabled

1/7/2012 10:14:34 PM
mbam-log-2012-01-07 (22-14-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189172
Time elapsed: 2 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Windows\Temp\0.2959407504356866.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
C:\Windows\Temp\wera0.854832570491779.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\Windows\Temp\wera0.6645084984062534.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\Windows\Temp\oiu0.8090979361362025.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.

(end)

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:18 AM

Posted 08 January 2012 - 06:47 AM

Hi,

that is looking good. How do you currently feel? How is the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 tasteven

tasteven
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 09 January 2012 - 08:33 PM

Everything appears to be fine. Running just as smooth as before. My main worry is that some virus is left on my computer and continues to cause harm or troubles. But as of now everything seems to be good

#14 tasteven

tasteven
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 11 January 2012 - 12:16 AM

Everything is going good. Thank you so much for the help. This was by far the best forum that I have used. Keep up the good work!

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:18 AM

Posted 11 January 2012 - 04:42 PM

Hi,

there's one more thing I'd like you to do to help you stay clean:

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586-s.exe (or jre-7u1-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

Read those last few lines, in order to keep your pc safe and clean:
Please do the following to clean up your PC:
  • Delete the tools used during the disinfection:
    • Download OTC from the following mirrors and save it to your desktop:
    • Double click on Posted Image
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  • If OTC faild to remove all programs from your Desktop, please delete the rest manually.
  • Disable and Enable System Restore.
    You can find instructions on how to disable and reenable system restore here:
    Windows ME System Restore Guide
    Windows XP System Restore Guide
    Windows Vista System Restore Guide

    Note: You should only do this once, not on a regular basis!
    You will not be able to restore computer to any earlier than today!

Please read these advices, in order to prevent reinfecting your PC:

  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.
Some more links you might find of interest:
Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users