Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Olmarik.AYH, Olmarik.TDL4


  • This topic is locked This topic is locked
14 replies to this topic

#1 typerdan297

typerdan297

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 15 March 2012 - 05:19 PM

ESET Antivirus popped up with something saying I was infected with this trojan. I followed some of the basic instructions I have been given on another forum in the past before stumbling across your site so I do have log files attached. Sorry about that.

My course of action:
Run Defogger, disable any possible CD emulation
Run TDSS Killer
Run Combofix
Run Security Check

I disabled my Antivirus (ESET v5) before running any of these programs but re-enabled it before running Security Check. Nothing else was done on the system while these were running (not even a screen saver).

Here are the log files associated with these applications:

TDSS Killer:
17:22:22.0071 6788 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
17:22:22.0472 6788 ============================================================
17:22:22.0472 6788 Current date / time: 2012/03/15 17:22:22.0472
17:22:22.0472 6788 SystemInfo:
17:22:22.0472 6788
17:22:22.0472 6788 OS Version: 6.1.7601 ServicePack: 1.0
17:22:22.0472 6788 Product type: Workstation
17:22:22.0472 6788 ComputerName: COMP1
17:22:22.0472 6788 UserName: Brian
17:22:22.0472 6788 Windows directory: C:\Windows
17:22:22.0472 6788 System windows directory: C:\Windows
17:22:22.0472 6788 Running under WOW64
17:22:22.0472 6788 Processor architecture: Intel x64
17:22:22.0472 6788 Number of processors: 8
17:22:22.0472 6788 Page size: 0x1000
17:22:22.0472 6788 Boot type: Normal boot
17:22:22.0472 6788 ============================================================
17:22:23.0546 6788 Drive \Device\Harddisk0\DR0 - Size: 0xDCF800000 (55.24 Gb), SectorSize: 0x200, Cylinders: 0x1C2B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:22:23.0551 6788 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:22:23.0588 6788 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:22:23.0591 6788 Drive \Device\Harddisk3\DR3 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:22:23.0616 6788 Drive \Device\Harddisk8\DR8 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:22:23.0618 6788 \Device\Harddisk0\DR0:
17:22:23.0618 6788 MBR used
17:22:23.0618 6788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6E7A800
17:22:23.0618 6788 \Device\Harddisk1\DR1:
17:22:23.0618 6788 MBR used
17:22:23.0618 6788 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE7D800
17:22:23.0618 6788 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xE7E000, BlocksNum 0x1182000
17:22:23.0618 6788 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x72705000
17:22:23.0618 6788 \Device\Harddisk2\DR2:
17:22:23.0618 6788 MBR used
17:22:23.0618 6788 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D443
17:22:23.0618 6788 \Device\Harddisk3\DR3:
17:22:23.0618 6788 MBR used
17:22:23.0618 6788 \Device\Harddisk8\DR8:
17:22:23.0619 6788 MBR used
17:22:23.0619 6788 \Device\Harddisk8\DR8\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9271D1EA
17:22:23.0702 6788 Initialize success
17:22:23.0703 6788 ============================================================
17:22:30.0952 5404 ============================================================
17:22:30.0952 5404 Scan started
17:22:30.0952 5404 Mode: Manual;
17:22:30.0952 5404 ============================================================
17:22:34.0035 5404 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:22:34.0116 5404 1394ohci - ok
17:22:34.0255 5404 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:22:34.0256 5404 ACPI - ok
17:22:34.0282 5404 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:22:34.0301 5404 AcpiPmi - ok
17:22:34.0373 5404 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
17:22:34.0385 5404 adfs - ok
17:22:34.0456 5404 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:22:34.0480 5404 adp94xx - ok
17:22:34.0511 5404 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:22:34.0526 5404 adpahci - ok
17:22:34.0601 5404 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:22:34.0606 5404 adpu320 - ok
17:22:34.0672 5404 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:22:34.0678 5404 AFD - ok
17:22:34.0710 5404 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:22:34.0716 5404 agp440 - ok
17:22:34.0771 5404 AiChargerPlus (8b6625d53c18774f0102f690e285b5e8) C:\Windows\system32\DRIVERS\AiChargerPlus.sys
17:22:34.0795 5404 AiChargerPlus - ok
17:22:34.0900 5404 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:22:34.0908 5404 aliide - ok
17:22:34.0998 5404 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:22:35.0005 5404 amdide - ok
17:22:35.0067 5404 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:22:35.0075 5404 AmdK8 - ok
17:22:35.0090 5404 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:22:35.0098 5404 AmdPPM - ok
17:22:35.0168 5404 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:22:35.0181 5404 amdsata - ok
17:22:35.0202 5404 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:22:35.0210 5404 amdsbs - ok
17:22:35.0232 5404 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:22:35.0256 5404 amdxata - ok
17:22:35.0300 5404 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:22:35.0301 5404 AppID - ok
17:22:35.0325 5404 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:22:35.0362 5404 arc - ok
17:22:35.0475 5404 archlp - ok
17:22:35.0553 5404 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:22:35.0562 5404 arcsas - ok
17:22:35.0610 5404 AsIO - ok
17:22:35.0652 5404 asmthub3 (e1e75921e9eb025009696d4837f531fb) C:\Windows\system32\DRIVERS\asmthub3.sys
17:22:35.0670 5404 asmthub3 - ok
17:22:35.0700 5404 asmtxhci (b0cf9ab16006b61634d4f955345ca5d2) C:\Windows\system32\DRIVERS\asmtxhci.sys
17:22:35.0720 5404 asmtxhci - ok
17:22:35.0752 5404 AsUpIO - ok
17:22:35.0775 5404 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:22:35.0776 5404 AsyncMac - ok
17:22:35.0796 5404 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:22:35.0817 5404 atapi - ok
17:22:35.0885 5404 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
17:22:35.0905 5404 AthBTPort - ok
17:22:35.0942 5404 ATHDFU (4119870b90e1b5e7797d6433d21f9216) C:\Windows\system32\Drivers\AthDfu.sys
17:22:35.0975 5404 ATHDFU - ok
17:22:36.0033 5404 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:22:36.0042 5404 b06bdrv - ok
17:22:36.0063 5404 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:22:36.0125 5404 b57nd60a - ok
17:22:36.0223 5404 bckd (795447bc205e6417fc516f2e39e5e9ab) C:\Windows\system32\drivers\bckd.sys
17:22:36.0225 5404 bckd - ok
17:22:36.0303 5404 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:22:36.0310 5404 Beep - ok
17:22:36.0388 5404 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:22:36.0396 5404 blbdrive - ok
17:22:36.0416 5404 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:22:36.0442 5404 bowser - ok
17:22:36.0467 5404 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:22:36.0470 5404 BrFiltLo - ok
17:22:36.0496 5404 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:22:36.0498 5404 BrFiltUp - ok
17:22:36.0517 5404 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:22:36.0520 5404 Bridge - ok
17:22:36.0525 5404 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:22:36.0526 5404 BridgeMP - ok
17:22:36.0562 5404 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:22:36.0571 5404 Brserid - ok
17:22:36.0592 5404 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:22:36.0600 5404 BrSerWdm - ok
17:22:36.0623 5404 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:22:36.0631 5404 BrUsbMdm - ok
17:22:36.0643 5404 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:22:36.0645 5404 BrUsbSer - ok
17:22:36.0808 5404 BTATH_A2DP (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys
17:22:36.0856 5404 BTATH_A2DP - ok
17:22:37.0045 5404 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
17:22:37.0077 5404 BTATH_BUS - ok
17:22:37.0198 5404 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
17:22:37.0215 5404 BTATH_HCRP - ok
17:22:37.0382 5404 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
17:22:37.0410 5404 BTATH_LWFLT - ok
17:22:37.0465 5404 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
17:22:37.0516 5404 BTATH_RCP - ok
17:22:37.0755 5404 BtFilter (aa0f5afcf077c5246589b32eceeae566) C:\Windows\system32\DRIVERS\btfilter.sys
17:22:37.0757 5404 BtFilter - ok
17:22:37.0918 5404 bthav (0b2ee8b36081c1039ea3d20b952a8ddc) C:\Windows\system32\drivers\bthav.sys
17:22:37.0952 5404 bthav - ok
17:22:38.0105 5404 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
17:22:38.0108 5404 BthEnum - ok
17:22:38.0291 5404 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:22:38.0341 5404 BTHMODEM - ok
17:22:38.0592 5404 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:22:38.0593 5404 BthPan - ok
17:22:38.0786 5404 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
17:22:38.0803 5404 BTHPORT - ok
17:22:38.0845 5404 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
17:22:38.0855 5404 BTHUSB - ok
17:22:38.0905 5404 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:22:38.0908 5404 cdfs - ok
17:22:38.0933 5404 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:22:38.0936 5404 cdrom - ok
17:22:38.0952 5404 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:22:38.0955 5404 circlass - ok
17:22:39.0001 5404 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:22:39.0003 5404 CLFS - ok
17:22:39.0025 5404 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:22:39.0031 5404 CmBatt - ok
17:22:39.0057 5404 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:22:39.0065 5404 cmdide - ok
17:22:39.0181 5404 cmudaxp (3cd27b6666d0a6a71a7b6834dd5c97f7) C:\Windows\system32\drivers\cmudaxp.sys
17:22:39.0297 5404 cmudaxp - ok
17:22:39.0426 5404 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:22:39.0520 5404 CNG - ok
17:22:39.0696 5404 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:22:39.0699 5404 Compbatt - ok
17:22:39.0808 5404 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:22:39.0811 5404 CompositeBus - ok
17:22:39.0907 5404 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
17:22:39.0908 5404 cpuz135 - ok
17:22:39.0995 5404 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:22:39.0999 5404 crcdisk - ok
17:22:40.0152 5404 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:22:40.0160 5404 CSC - ok
17:22:40.0577 5404 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:22:40.0629 5404 DfsC - ok
17:22:40.0656 5404 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:22:40.0657 5404 discache - ok
17:22:40.0679 5404 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:22:40.0699 5404 Disk - ok
17:22:40.0746 5404 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:22:40.0748 5404 drmkaud - ok
17:22:40.0995 5404 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:22:41.0003 5404 DXGKrnl - ok
17:22:41.0067 5404 e1cexpress (03f4c5c12fc1c69f838da723475ef650) C:\Windows\system32\DRIVERS\e1c62x64.sys
17:22:41.0068 5404 e1cexpress - ok
17:22:41.0125 5404 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
17:22:41.0176 5404 eamonm - ok
17:22:41.0257 5404 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:22:41.0345 5404 ebdrv - ok
17:22:41.0405 5404 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
17:22:41.0407 5404 ehdrv - ok
17:22:41.0485 5404 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:22:41.0583 5404 elxstor - ok
17:22:41.0724 5404 Envy24HFS (947b36a9223d7730b73a7b03d5ffd269) C:\Windows\system32\drivers\Envy24HF.sys
17:22:41.0781 5404 Envy24HFS - ok
17:22:41.0935 5404 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
17:22:42.0016 5404 epfwwfpr - ok
17:22:42.0163 5404 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:22:42.0174 5404 ErrDev - ok
17:22:42.0384 5404 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:22:42.0389 5404 exfat - ok
17:22:42.0463 5404 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:22:42.0529 5404 fastfat - ok
17:22:42.0563 5404 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:22:42.0570 5404 fdc - ok
17:22:42.0625 5404 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:22:42.0653 5404 FileInfo - ok
17:22:42.0720 5404 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:22:42.0721 5404 Filetrace - ok
17:22:42.0784 5404 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:22:42.0786 5404 flpydisk - ok
17:22:42.0884 5404 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:22:42.0915 5404 FltMgr - ok
17:22:42.0944 5404 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:22:42.0945 5404 FsDepends - ok
17:22:42.0984 5404 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
17:22:42.0984 5404 fssfltr - ok
17:22:43.0001 5404 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:22:43.0021 5404 Fs_Rec - ok
17:22:43.0098 5404 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:22:43.0099 5404 fvevol - ok
17:22:43.0116 5404 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:22:43.0136 5404 gagp30kx - ok
17:22:43.0216 5404 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
17:22:43.0264 5404 hamachi - ok
17:22:43.0298 5404 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:22:43.0300 5404 hcw85cir - ok
17:22:43.0437 5404 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:22:43.0440 5404 HdAudAddService - ok
17:22:43.0497 5404 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:22:43.0498 5404 HDAudBus - ok
17:22:43.0518 5404 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:22:43.0532 5404 HidBatt - ok
17:22:43.0550 5404 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:22:43.0558 5404 HidBth - ok
17:22:43.0583 5404 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:22:43.0596 5404 HidIr - ok
17:22:43.0619 5404 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:22:43.0621 5404 HidUsb - ok
17:22:43.0653 5404 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:22:43.0656 5404 HpSAMD - ok
17:22:43.0718 5404 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:22:43.0723 5404 HTTP - ok
17:22:43.0756 5404 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:22:43.0756 5404 hwpolicy - ok
17:22:43.0781 5404 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:22:43.0782 5404 i8042prt - ok
17:22:43.0819 5404 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys
17:22:43.0821 5404 iaStor - ok
17:22:43.0892 5404 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\DRIVERS\iaStorV.sys
17:22:43.0920 5404 iaStorV - ok
17:22:44.0026 5404 ICCWDT (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
17:22:44.0059 5404 ICCWDT - ok
17:22:44.0831 5404 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:22:45.0101 5404 igfx - ok
17:22:45.0331 5404 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:22:45.0359 5404 iirsp - ok
17:22:45.0431 5404 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:22:45.0434 5404 intelide - ok
17:22:45.0449 5404 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:22:45.0450 5404 intelppm - ok
17:22:45.0474 5404 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:22:45.0475 5404 IpFilterDriver - ok
17:22:45.0494 5404 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:22:45.0496 5404 IPMIDRV - ok
17:22:45.0509 5404 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:22:45.0529 5404 IPNAT - ok
17:22:45.0574 5404 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:22:45.0575 5404 IRENUM - ok
17:22:45.0591 5404 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:22:45.0592 5404 isapnp - ok
17:22:45.0695 5404 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:22:45.0742 5404 iScsiPrt - ok
17:22:45.0823 5404 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys
17:22:45.0825 5404 JRAID - ok
17:22:45.0849 5404 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:22:45.0850 5404 kbdclass - ok
17:22:45.0979 5404 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:22:45.0980 5404 kbdhid - ok
17:22:46.0038 5404 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:22:46.0077 5404 KSecDD - ok
17:22:46.0107 5404 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:22:46.0126 5404 KSecPkg - ok
17:22:46.0163 5404 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:22:46.0170 5404 ksthunk - ok
17:22:46.0194 5404 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:22:46.0195 5404 lltdio - ok
17:22:46.0218 5404 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:22:46.0226 5404 LSI_FC - ok
17:22:46.0272 5404 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:22:46.0279 5404 LSI_SAS - ok
17:22:46.0306 5404 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:22:46.0313 5404 LSI_SAS2 - ok
17:22:46.0355 5404 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:22:46.0380 5404 LSI_SCSI - ok
17:22:46.0423 5404 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:22:46.0446 5404 luafv - ok
17:22:46.0574 5404 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:22:46.0587 5404 megasas - ok
17:22:46.0610 5404 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:22:46.0620 5404 MegaSR - ok
17:22:46.0759 5404 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
17:22:46.0760 5404 MEIx64 - ok
17:22:46.0815 5404 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:22:46.0844 5404 Modem - ok
17:22:47.0066 5404 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:22:47.0068 5404 monitor - ok
17:22:47.0180 5404 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:22:47.0181 5404 mouclass - ok
17:22:47.0236 5404 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:22:47.0237 5404 mouhid - ok
17:22:47.0444 5404 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:22:47.0445 5404 mountmgr - ok
17:22:47.0633 5404 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:22:47.0681 5404 mpio - ok
17:22:47.0759 5404 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:22:47.0762 5404 mpsdrv - ok
17:22:47.0875 5404 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:22:47.0882 5404 MRxDAV - ok
17:22:47.0994 5404 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:22:48.0029 5404 mrxsmb - ok
17:22:48.0094 5404 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:22:48.0119 5404 mrxsmb10 - ok
17:22:48.0177 5404 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:22:48.0180 5404 mrxsmb20 - ok
17:22:48.0205 5404 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
17:22:48.0206 5404 msahci - ok
17:22:48.0229 5404 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:22:48.0232 5404 msdsm - ok
17:22:48.0281 5404 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:22:48.0290 5404 Msfs - ok
17:22:48.0318 5404 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:22:48.0319 5404 mshidkmdf - ok
17:22:48.0349 5404 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:22:48.0369 5404 msisadrv - ok
17:22:48.0407 5404 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:22:48.0409 5404 MSKSSRV - ok
17:22:48.0428 5404 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:22:48.0429 5404 MSPCLOCK - ok
17:22:48.0438 5404 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:22:48.0439 5404 MSPQM - ok
17:22:48.0468 5404 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:22:48.0500 5404 MsRPC - ok
17:22:48.0549 5404 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:22:48.0549 5404 mssmbios - ok
17:22:48.0627 5404 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:22:48.0628 5404 MSTEE - ok
17:22:48.0641 5404 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:22:48.0649 5404 MTConfig - ok
17:22:48.0805 5404 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
17:22:48.0839 5404 MTsensor - ok
17:22:48.0866 5404 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:22:48.0887 5404 Mup - ok
17:22:48.0918 5404 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:22:48.0921 5404 NativeWifiP - ok
17:22:48.0962 5404 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:22:48.0969 5404 NDIS - ok
17:22:48.0984 5404 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:22:49.0006 5404 NdisCap - ok
17:22:49.0042 5404 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:22:49.0043 5404 NdisTapi - ok
17:22:49.0080 5404 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:22:49.0082 5404 Ndisuio - ok
17:22:49.0123 5404 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:22:49.0126 5404 NdisWan - ok
17:22:49.0148 5404 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:22:49.0150 5404 NDProxy - ok
17:22:49.0214 5404 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:22:49.0244 5404 NetBIOS - ok
17:22:49.0381 5404 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:22:49.0383 5404 NetBT - ok
17:22:49.0597 5404 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:22:49.0637 5404 nfrd960 - ok
17:22:49.0745 5404 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:22:49.0772 5404 Npfs - ok
17:22:49.0832 5404 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:22:49.0833 5404 nsiproxy - ok
17:22:49.0901 5404 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:22:49.0978 5404 Ntfs - ok
17:22:49.0994 5404 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:22:49.0995 5404 Null - ok
17:22:50.0066 5404 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
17:22:50.0082 5404 NVENETFD - ok
17:22:50.0266 5404 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
17:22:50.0272 5404 NVHDA - ok
17:22:50.0668 5404 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:22:50.0710 5404 nvlddmkm - ok
17:22:50.0840 5404 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:22:50.0898 5404 nvraid - ok
17:22:50.0916 5404 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:22:50.0947 5404 nvstor - ok
17:22:51.0030 5404 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:22:51.0039 5404 nv_agp - ok
17:22:51.0074 5404 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:22:51.0077 5404 ohci1394 - ok
17:22:51.0150 5404 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:22:51.0159 5404 Parport - ok
17:22:51.0197 5404 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:22:51.0223 5404 partmgr - ok
17:22:51.0282 5404 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:22:51.0285 5404 pci - ok
17:22:51.0314 5404 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:22:51.0315 5404 pciide - ok
17:22:51.0372 5404 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:22:51.0392 5404 pcmcia - ok
17:22:51.0451 5404 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:22:51.0475 5404 pcw - ok
17:22:51.0553 5404 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:22:51.0558 5404 PEAUTH - ok
17:22:51.0669 5404 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:22:51.0672 5404 PptpMiniport - ok
17:22:51.0761 5404 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:22:51.0771 5404 Processor - ok
17:22:51.0875 5404 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:22:51.0877 5404 Psched - ok
17:22:51.0935 5404 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
17:22:51.0970 5404 PxHlpa64 - ok
17:22:52.0055 5404 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:22:52.0086 5404 ql2300 - ok
17:22:52.0120 5404 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:22:52.0128 5404 ql40xx - ok
17:22:52.0413 5404 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:22:52.0417 5404 QWAVEdrv - ok
17:22:52.0467 5404 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:22:52.0470 5404 RasAcd - ok
17:22:52.0518 5404 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:22:52.0521 5404 RasAgileVpn - ok
17:22:52.0579 5404 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:22:52.0583 5404 Rasl2tp - ok
17:22:52.0614 5404 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:22:52.0616 5404 RasPppoe - ok
17:22:52.0633 5404 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:22:52.0635 5404 RasSstp - ok
17:22:52.0667 5404 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:22:52.0691 5404 rdbss - ok
17:22:52.0736 5404 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:22:52.0743 5404 rdpbus - ok
17:22:52.0808 5404 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:22:52.0809 5404 RDPCDD - ok
17:22:52.0927 5404 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:22:52.0931 5404 RDPDR - ok
17:22:52.0982 5404 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:22:52.0982 5404 RDPENCDD - ok
17:22:53.0030 5404 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:22:53.0031 5404 RDPREFMP - ok
17:22:53.0177 5404 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
17:22:53.0179 5404 RdpVideoMiniport - ok
17:22:53.0211 5404 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:22:53.0213 5404 RDPWD - ok
17:22:53.0244 5404 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:22:53.0273 5404 rdyboost - ok
17:22:53.0336 5404 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:22:53.0339 5404 RFCOMM - ok
17:22:53.0418 5404 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:22:53.0420 5404 rspndr - ok
17:22:53.0499 5404 rt61x64 (ec7f0030d58886b0fcd3eefb1c51f8e2) C:\Windows\system32\DRIVERS\netr6164.sys
17:22:53.0507 5404 rt61x64 - ok
17:22:53.0539 5404 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:22:53.0542 5404 s3cap - ok
17:22:53.0654 5404 SANDRA (5efbbfcc6adac121c8e2fe76641ed329) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4a\WNt500x64\Sandra.sys
17:22:53.0676 5404 SANDRA - ok
17:22:54.0021 5404 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:22:54.0040 5404 sbp2port - ok
17:22:54.0121 5404 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:22:54.0127 5404 scfilter - ok
17:22:54.0281 5404 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:22:54.0288 5404 secdrv - ok
17:22:54.0325 5404 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:22:54.0333 5404 Serenum - ok
17:22:54.0387 5404 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:22:54.0430 5404 Serial - ok
17:22:54.0473 5404 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:22:55.0015 5404 sermouse - ok
17:22:55.0193 5404 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:22:55.0195 5404 sffdisk - ok
17:22:55.0329 5404 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:22:55.0331 5404 sffp_mmc - ok
17:22:55.0361 5404 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:22:55.0363 5404 sffp_sd - ok
17:22:55.0421 5404 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:22:55.0440 5404 sfloppy - ok
17:22:55.0512 5404 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:22:55.0547 5404 Sftfs - ok
17:22:55.0979 5404 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:22:55.0981 5404 Sftplay - ok
17:22:56.0162 5404 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:22:56.0162 5404 Sftredir - ok
17:22:56.0198 5404 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:22:56.0222 5404 Sftvol - ok
17:22:56.0307 5404 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:22:56.0321 5404 SiSRaid2 - ok
17:22:56.0354 5404 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:22:56.0362 5404 SiSRaid4 - ok
17:22:56.0396 5404 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:22:56.0399 5404 Smb - ok
17:22:56.0407 5404 speedfan - ok
17:22:56.0453 5404 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:22:56.0474 5404 spldr - ok
17:22:56.0652 5404 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:22:56.0710 5404 srv - ok
17:22:56.0742 5404 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:22:56.0745 5404 srv2 - ok
17:22:56.0764 5404 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:22:56.0791 5404 srvnet - ok
17:22:56.0868 5404 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:22:56.0873 5404 stexstor - ok
17:22:56.0973 5404 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:22:57.0013 5404 storflt - ok
17:22:57.0039 5404 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:22:57.0047 5404 storvsc - ok
17:22:57.0081 5404 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:22:57.0087 5404 swenum - ok
17:22:57.0118 5404 Synth3dVsc - ok
17:22:57.0186 5404 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:22:57.0269 5404 Tcpip - ok
17:22:57.0303 5404 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:22:57.0308 5404 TCPIP6 - ok
17:22:57.0357 5404 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:22:57.0358 5404 tcpipreg - ok
17:22:57.0422 5404 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:22:57.0424 5404 TDPIPE - ok
17:22:57.0461 5404 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:22:57.0461 5404 TDTCP - ok
17:22:57.0518 5404 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:22:57.0523 5404 tdx - ok
17:22:57.0568 5404 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:22:57.0568 5404 TermDD - ok
17:22:57.0642 5404 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:22:57.0643 5404 tssecsrv - ok
17:22:57.0680 5404 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:22:57.0682 5404 TsUsbFlt - ok
17:22:57.0710 5404 tsusbhub - ok
17:22:57.0767 5404 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:22:57.0769 5404 tunnel - ok
17:22:57.0834 5404 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:22:57.0842 5404 uagp35 - ok
17:22:57.0964 5404 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:22:57.0967 5404 udfs - ok
17:22:58.0039 5404 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:22:58.0047 5404 uliagpkx - ok
17:22:58.0077 5404 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:22:58.0079 5404 umbus - ok
17:22:58.0094 5404 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:22:58.0102 5404 UmPass - ok
17:22:58.0131 5404 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:22:58.0133 5404 usbccgp - ok
17:22:58.0190 5404 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:22:58.0197 5404 usbcir - ok
17:22:58.0231 5404 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:22:58.0258 5404 usbehci - ok
17:22:58.0321 5404 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:22:58.0324 5404 usbhub - ok
17:22:58.0346 5404 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:22:58.0347 5404 usbohci - ok
17:22:58.0413 5404 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:22:58.0435 5404 usbprint - ok
17:22:58.0480 5404 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:22:58.0482 5404 usbscan - ok
17:22:58.0513 5404 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:22:58.0515 5404 USBSTOR - ok
17:22:58.0549 5404 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:22:58.0551 5404 usbuhci - ok
17:22:58.0700 5404 VBoxNetAdp (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
17:22:58.0734 5404 VBoxNetAdp - ok
17:22:58.0786 5404 VBoxNetFlt - ok
17:22:58.0952 5404 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:22:58.0952 5404 vdrvroot - ok
17:22:59.0045 5404 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:22:59.0048 5404 vga - ok
17:22:59.0093 5404 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:22:59.0095 5404 VgaSave - ok
17:22:59.0107 5404 VGPU - ok
17:22:59.0142 5404 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:22:59.0144 5404 vhdmp - ok
17:22:59.0163 5404 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:22:59.0170 5404 viaide - ok
17:22:59.0241 5404 VirtuWDDM (2fdd9f870bde9c0353d6e82b4b309c44) C:\Windows\system32\DRIVERS\VirtuWDDM.sys
17:22:59.0263 5404 VirtuWDDM - ok
17:22:59.0324 5404 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:22:59.0355 5404 vmbus - ok
17:22:59.0488 5404 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:22:59.0495 5404 VMBusHID - ok
17:22:59.0544 5404 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:22:59.0556 5404 volmgr - ok
17:22:59.0657 5404 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:22:59.0659 5404 volmgrx - ok
17:22:59.0689 5404 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:22:59.0701 5404 volsnap - ok
17:22:59.0768 5404 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
17:22:59.0771 5404 vpcbus - ok
17:22:59.0808 5404 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
17:22:59.0811 5404 vpcnfltr - ok
17:22:59.0869 5404 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
17:22:59.0871 5404 vpcusb - ok
17:22:59.0938 5404 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
17:22:59.0941 5404 vpcvmm - ok
17:22:59.0993 5404 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:23:00.0002 5404 vsmraid - ok
17:23:00.0026 5404 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:23:00.0027 5404 vwifibus - ok
17:23:00.0047 5404 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:23:00.0049 5404 vwififlt - ok
17:23:00.0071 5404 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:23:00.0073 5404 vwifimp - ok
17:23:00.0115 5404 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:23:00.0117 5404 WacomPen - ok
17:23:00.0152 5404 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:23:00.0159 5404 WANARP - ok
17:23:00.0163 5404 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:23:00.0163 5404 Wanarpv6 - ok
17:23:00.0224 5404 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:23:00.0225 5404 Wd - ok
17:23:00.0254 5404 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:23:00.0285 5404 Wdf01000 - ok
17:23:00.0393 5404 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:23:00.0394 5404 WfpLwf - ok
17:23:00.0417 5404 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:23:00.0418 5404 WIMMount - ok
17:23:00.0581 5404 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:23:00.0586 5404 WinUsb - ok
17:23:00.0787 5404 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:23:00.0788 5404 WmiAcpi - ok
17:23:00.0856 5404 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:23:00.0858 5404 ws2ifsl - ok
17:23:00.0926 5404 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:23:00.0929 5404 WudfPf - ok
17:23:00.0955 5404 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:23:00.0956 5404 WUDFRd - ok
17:23:00.0996 5404 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:23:00.0998 5404 \Device\Harddisk0\DR0 - ok
17:23:00.0999 5404 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
17:23:01.0000 5404 \Device\Harddisk1\DR1 - ok
17:23:01.0035 5404 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk2\DR2
17:23:01.0058 5404 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.b ) - infected
17:23:01.0058 5404 \Device\Harddisk2\DR2 - detected Rootkit.Boot.Pihar.b (0)
17:23:01.0060 5404 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
17:23:01.0061 5404 \Device\Harddisk3\DR3 - ok
17:23:01.0068 5404 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk8\DR8
17:23:01.0069 5404 \Device\Harddisk8\DR8 - ok
17:23:01.0070 5404 Boot (0x1200) (74bb67eb5d6ad775a75f4b558767af12) \Device\Harddisk0\DR0\Partition0
17:23:01.0071 5404 \Device\Harddisk0\DR0\Partition0 - ok
17:23:01.0072 5404 Boot (0x1200) (e2c24120c9362cca6d4835827d09ff58) \Device\Harddisk1\DR1\Partition0
17:23:01.0073 5404 \Device\Harddisk1\DR1\Partition0 - ok
17:23:01.0074 5404 Boot (0x1200) (4c32db2956b657ef85813d09c299d8d1) \Device\Harddisk1\DR1\Partition1
17:23:01.0074 5404 \Device\Harddisk1\DR1\Partition1 - ok
17:23:01.0076 5404 Boot (0x1200) (88b4c1f59ac6c6d141902feceb748ca6) \Device\Harddisk1\DR1\Partition2
17:23:01.0076 5404 \Device\Harddisk1\DR1\Partition2 - ok
17:23:01.0078 5404 Boot (0x1200) (4a306820cd0e9d1be3567a57e893f71c) \Device\Harddisk2\DR2\Partition0
17:23:01.0078 5404 \Device\Harddisk2\DR2\Partition0 - ok
17:23:01.0080 5404 Boot (0x1200) (b61aa956c17d4ef5284245bf6f55e3ea) \Device\Harddisk8\DR8\Partition0
17:23:01.0081 5404 \Device\Harddisk8\DR8\Partition0 - ok
17:23:01.0081 5404 ============================================================
17:23:01.0081 5404 Scan finished
17:23:01.0081 5404 ============================================================
17:23:01.0084 7128 Detected object count: 1
17:23:01.0084 7128 Actual detected object count: 1
17:23:11.0291 7128 \Device\Harddisk2\DR2\# - copied to quarantine
17:23:11.0292 7128 \Device\Harddisk2\DR2 - copied to quarantine
17:23:11.0470 7128 \Device\Harddisk2\DR2\TDLFS\ph.dll - copied to quarantine
17:23:14.0110 7128 \Device\Harddisk2\DR2\TDLFS\phx.dll - copied to quarantine
17:23:14.0228 7128 \Device\Harddisk2\DR2\TDLFS\sub.dll - copied to quarantine
17:23:14.0353 7128 \Device\Harddisk2\DR2\TDLFS\subx.dll - copied to quarantine
17:23:14.0500 7128 \Device\Harddisk2\DR2\TDLFS\phd - copied to quarantine
17:23:14.0629 7128 \Device\Harddisk2\DR2\TDLFS\phdx - copied to quarantine
17:23:14.0741 7128 \Device\Harddisk2\DR2\TDLFS\phs - copied to quarantine
17:23:14.0742 7128 \Device\Harddisk2\DR2\TDLFS\phdata - copied to quarantine
17:23:14.0744 7128 \Device\Harddisk2\DR2\TDLFS\phld - copied to quarantine
17:23:14.0746 7128 \Device\Harddisk2\DR2\TDLFS\phln - copied to quarantine
17:23:14.0869 7128 \Device\Harddisk2\DR2\TDLFS\phlx - copied to quarantine
17:23:14.0984 7128 \Device\Harddisk2\DR2\TDLFS\phm - copied to quarantine
17:23:15.0004 7128 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
17:23:15.0005 7128 \Device\Harddisk2\DR2 - ok
17:23:15.0039 7128 \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
17:23:24.0778 3672 Deinitialize success



ComboFix:
ComboFix 12-03-15.03 - Brian 03/15/2012 17:43:17.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16291.13358 [GMT -4:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll
c:\programdata\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll
c:\programdata\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll
c:\programdata\Microsoft\corecon\1.0\addons\SDKAddonVer.dll
c:\programdata\Microsoft\corecon\1.0\SDKFilesVer.dll
C:\readme.txt
c:\windows\svchost.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
I:\install.exe
P:\Autorun.inf
P:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 )))))))))))))))))))))))))))))))
.
.
2012-03-15 21:52 . 2012-03-15 21:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-15 21:52 . 2012-03-15 21:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-15 21:52 . 2012-03-15 21:52 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-03-15 21:23 . 2012-03-15 21:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-15 03:07 . 2012-03-15 03:07 -------- d-sh--w- c:\programdata\SecuROM
2012-03-15 03:07 . 2012-03-15 03:07 -------- d-----w- c:\users\Brian\AppData\Local\EA Core
2012-03-15 02:50 . 2012-03-15 02:50 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2012-03-15 02:45 . 2012-03-15 02:49 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2012-03-14 07:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 21:53 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:53 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:53 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58533502-7968-4A6F-88C4-3A243E3BB905}\mpengine.dll
2012-03-13 21:53 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 21:52 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 21:52 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 21:52 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 21:52 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 21:52 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 21:52 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 21:52 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 21:52 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 03:45 . 2012-03-13 04:20 -------- d-----w- c:\users\Brian\AppData\Roaming\Bioshock
2012-03-05 19:47 . 2011-11-09 22:38 189608 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2012-03-05 19:47 . 2012-03-05 19:47 -------- d-----w- c:\program files\Intel
2012-03-05 19:44 . 2012-01-11 17:30 360624 ----a-w- c:\windows\system32\drivers\e1c62x64.sys
2012-03-05 19:44 . 2011-11-07 06:28 98496 ----a-w- c:\windows\system32\NicInstC.dll
2012-03-05 19:44 . 2011-11-03 05:54 68264 ----a-w- c:\windows\system32\e1cmsg.dll
2012-02-24 04:11 . 2012-02-24 04:11 -------- d-----w- c:\users\Brian\utils
2012-02-24 04:11 . 2012-02-24 04:11 -------- d-----w- c:\users\Brian\syslinux
2012-02-24 04:11 . 2012-02-24 04:11 -------- d-----w- c:\users\Brian\live
2012-02-24 04:11 . 2012-02-24 04:11 -------- d-----w- c:\users\Brian\EFI
2012-02-24 04:11 . 2012-02-24 04:11 -------- d-----w- c:\users\Brian\isolinux
2012-02-24 04:11 . 2012-02-24 04:11 -------- d-----w- c:\users\Brian\.disk
2012-02-23 04:00 . 2012-02-23 04:00 98304 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe
2012-02-16 04:24 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 04:24 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 04:24 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 04:24 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 04:24 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 04:24 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 04:24 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 22:55 . 2012-02-14 22:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 22:55 . 2012-02-14 22:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe
2012-02-14 22:55 . 2012-02-14 22:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-14 22:55 . 2012-02-14 22:55 440600 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-14 22:55 . 2012-02-14 22:55 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-14 22:55 . 2012-02-14 22:55 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-02-14 22:55 . 2012-02-14 22:55 184600 ----a-w- c:\windows\system32\difx64.exe
2012-02-14 22:55 . 2012-02-14 22:55 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-14 22:53 . 2012-02-14 22:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll
2012-02-14 22:47 . 2012-02-14 22:47 8086528 ----a-w- c:\windows\system32\igdumd64.dll
2012-02-14 22:47 . 2012-02-14 22:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-02-14 22:47 . 2012-02-14 22:47 963912 ----a-w- c:\windows\SysWow64\igkrng600.bin
2012-02-14 22:47 . 2012-02-14 22:47 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-02-14 22:47 . 2012-02-14 22:47 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-02-14 22:47 . 2012-02-14 22:47 261208 ----a-w- c:\windows\SysWow64\igfcg600m.bin
2012-02-14 22:47 . 2012-02-14 22:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-02-14 22:44 . 2012-02-14 22:44 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-02-14 22:44 . 2012-02-14 22:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-02-14 22:42 . 2012-02-14 22:42 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-02-14 22:35 . 2012-02-14 22:35 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-02-14 22:07 . 2012-02-14 22:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll
2012-02-14 21:59 . 2012-02-14 21:59 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-02-14 21:56 . 2012-02-14 21:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-02-14 21:56 . 2012-02-14 21:56 430080 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-14 21:56 . 2012-02-14 21:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-02-14 21:56 . 2012-02-14 21:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-14 21:56 . 2012-02-14 21:56 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-14 21:56 . 2012-02-14 21:56 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-02-14 21:55 . 2012-02-14 21:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:18 . 2009-10-09 02:21 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-23 04:05 . 2011-06-07 12:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-14 21:57 . 2011-05-27 10:28 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-14 21:56 . 2011-09-01 00:20 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-02-14 21:54 . 2012-02-14 21:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-02-14 21:53 . 2012-02-14 21:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-02-14 21:53 . 2012-02-14 21:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-02-14 21:53 . 2012-02-14 21:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-02-14 21:53 . 2012-02-14 21:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-02-14 21:53 . 2012-02-14 21:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-02-14 21:53 . 2012-02-14 21:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-02-14 21:53 . 2012-02-14 21:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-02-14 21:53 . 2012-02-14 21:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-01 21:42 . 2012-02-01 21:42 2476 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2011-12-21 21:05 . 2009-11-15 22:35 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-12-21 21:05 . 2009-11-15 22:44 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-12-21 21:05 . 2009-11-15 22:35 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[7] 2009-07-14 . 0F05EC2887BFE197AD82A13287D2F404 . 706560 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll
[-] 2009-04-25 . 0B1FFF22D70ECAEA39C136CC2110CB7A . 706560 . . [6.1.7100.0] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[-] 2009-04-25 . 0B1FFF22D70ECAEA39C136CC2110CB7A . 706560 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="f:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"EA Core"="c:\program files (x86)\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-24 206240]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DUALServer;Dual DHCP DNS Service;c:\program files (x86)\DualServer\DualServer.exe [2009-09-08 329037]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 136176]
R3 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 bthav;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [x]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM 64 bit;c:\windows\system32\drivers\Envy24HF.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP4a\RpcAgentSrv.exe [2009-07-21 93848]
R3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2010-11-28 1907656]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2011-06-10 2044688]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S3 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 cmudaxp;ASUS Xonar DS Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 23:42]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 23:42]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-745330637-3307140133-1288979036-1001Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-16 15:56]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-745330637-3307140133-1288979036-1001UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-16 15:56]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-745330637-3307140133-1288979036-1005Core.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 01:53]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-745330637-3307140133-1288979036-1005UA.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 01:53]
.
2012-03-14 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-03-12 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 16:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-05 170496]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"VIRTU"="c:\program files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.Exe" [2011-06-09 2764896]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\tesdcbv5.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
AddRemove-DualServer - c:\windows\system32\SpoonUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{24C97F5B-05B2-469F-A6F3-8F9DA7A5A4BA} - c:\program files (x86)\InstallShield Installation Information\{24C97F5B-05B2-469F-A6F3-8F9DA7A5A4BA}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-745330637-3307140133-1288979036-1005\Software\SecuROM\License information*]
"datasecu"=hex:52,bd,c6,36,a3,df,20,f6,78,87,e3,9b,b4,47,b1,b4,66,42,0f,c3,f1,
9c,a5,7b,1d,8b,9e,51,a2,3b,fc,74,e5,2a,2d,02,ed,32,08,70,b7,fb,e7,1a,45,0c,\
"rkeysecu"=hex:b2,45,bd,b1,f1,4f,87,d3,43,69,49,a2,e0,bc,14,32
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:0f,88,ad,c8,85,ee,cf,6a,b0,8d,e5,ca,e2,d3,88,89,ec,2d,66,fe,2d,
85,97,c6,d7,4d,db,3d,63,5d,a9,d7,1f,f8,27,40,b2,54,44,56,cd,7a,97,94,0c,12,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:0f,88,ad,c8,85,ee,cf,6a,b0,8d,e5,ca,e2,d3,88,89,ec,2d,66,fe,2d,
85,97,c6,d7,4d,db,3d,63,5d,a9,d7,c9,80,07,4c,9c,e5,8a,44,cd,7a,97,94,0c,12,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-15 17:57:49
ComboFix-quarantined-files.txt 2012-03-15 21:57
.
Pre-Run: 27,744,829,440 bytes free
Post-Run: 58,406,240,256 bytes free
.
- - End Of File - - 09143A750BDB4DEA24BE618118122D0D




Security Check:
Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
MuseScore 0.9 MuseScore score typesetter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Eusing Free Registry Cleaner
Java™ 6 Update 26
Java™ 6 Update 17
Java™ 6 Update 7
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (4.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Spybot Teatimer.exe is disabled!
``````````End of Log````````````


Thank you for your help.

Edited by typerdan297, 15 March 2012 - 05:23 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:29 PM

Posted 18 March 2012 - 10:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

HijackThis is not able to provide accurate information for 64 bit systems.
In your case we need to see a DDS Log.
I would remove HijackThis using the Add/Remove Programs list.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 26
Java™ 6 Update 17
Java™ 6 Update 7


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Please post the DDS log and let me know what problem persists.

#3 typerdan297

typerdan297
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 18 March 2012 - 03:36 PM

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Brian at 16:32:47 on 2012-03-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16291.11753 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\tcpsvcs.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Lucidlogix Technologies\VIRTU\EKAG20NT.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\SWSC.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\SWSC.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\calc.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\notepad.exe
F:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "F:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6C206C87-CEA5-4F0D-BB9C-40747C29BA4E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7E18A303-9125-454C-AE05-4051B1FD4C86} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe
AppInit_DLLs-X64: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\tesdcbv5.default\
.
============= SERVICES / DRIVERS ===============
.
R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys --> C:\Windows\system32\DRIVERS\AiChargerPlus.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 bckd;bckd;C:\Windows\system32\drivers\bckd.sys --> C:\Windows\system32\drivers\bckd.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2011-6-10 2044688]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-27 13592]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-6-22 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
R3 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-1 915584]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 cmudaxp;ASUS Xonar DS Audio Interface;C:\Windows\system32\drivers\cmudaxp.sys --> C:\Windows\system32\drivers\cmudaxp.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\system32\DRIVERS\VirtuWDDM.sys --> C:\Windows\system32\DRIVERS\VirtuWDDM.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DUALServer;Dual DHCP DNS Service;C:\Program Files (x86)\DualServer\DualServer.exe [2009-9-7 329037]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-8 136176]
S3 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2012-2-1 401920]
S3 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-5-27 586880]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 bthav;Bluetooth AV Profile;C:\Windows\system32\drivers\bthav.sys --> C:\Windows\system32\drivers\bthav.sys [?]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM 64 bit;C:\Windows\system32\drivers\Envy24HF.sys --> C:\Windows\system32\drivers\Envy24HF.sys [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-6-18 130976]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-8 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4a\RpcAgentSrv.exe [2011-8-14 93848]
S3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 uvnc_service;uvnc_service;C:\Program Files\UltraVNC\winvnc.exe [2010-12-3 1907656]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-17 18:08:31 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-15 23:03:08 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-03-15 23:03:07 -------- d-----w- C:\Users\Brian\AppData\Roaming\Origin
2012-03-15 23:03:07 -------- d-----w- C:\Users\Brian\AppData\Local\Origin
2012-03-15 23:01:30 -------- d-----w- C:\ProgramData\Origin
2012-03-15 22:58:30 -------- d-----w- C:\Program Files (x86)\Origin
2012-03-15 21:42:47 -------- d-----w- C:\ComboFix
2012-03-15 21:33:58 98816 ----a-w- C:\Windows\sed.exe
2012-03-15 21:33:58 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-15 21:33:58 256000 ----a-w- C:\Windows\PEV.exe
2012-03-15 21:33:58 208896 ----a-w- C:\Windows\MBR.exe
2012-03-15 21:23:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-15 03:07:31 -------- d-sh--w- C:\ProgramData\SecuROM
2012-03-15 03:07:31 -------- d-----w- C:\Users\Brian\AppData\Local\EA Core
2012-03-15 02:50:03 -------- d-----w- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2012-03-15 02:45:36 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2012-03-14 07:03:18 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 07:03:18 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:03:17 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 21:53:51 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 21:53:46 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{58533502-7968-4A6F-88C4-3A243E3BB905}\mpengine.dll
2012-03-13 21:53:46 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 21:53:45 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 21:52:50 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-03-13 21:52:49 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 21:52:49 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 21:52:49 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 21:52:49 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 21:52:49 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 21:52:49 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 21:52:49 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-05 19:47:18 189608 ----a-w- C:\Windows\System32\IPROSetMonitor.exe
2012-03-05 19:44:35 98496 ----a-w- C:\Windows\System32\NicInstC.dll
2012-03-05 19:44:35 68264 ----a-w- C:\Windows\System32\e1cmsg.dll
2012-03-05 19:44:35 360624 ----a-w- C:\Windows\System32\drivers\e1c62x64.sys
2012-02-24 04:11:56 -------- d-----w- C:\Users\Brian\utils
2012-02-24 04:11:56 -------- d-----w- C:\Users\Brian\syslinux
2012-02-24 04:11:55 -------- d-----w- C:\Users\Brian\live
2012-02-24 04:11:55 -------- d-----w- C:\Users\Brian\isolinux
2012-02-24 04:11:55 -------- d-----w- C:\Users\Brian\EFI
2012-02-24 04:11:55 -------- d-----w- C:\Users\Brian\.disk
2012-02-23 04:00:53 98304 ----a-r- C:\Users\Brian\AppData\Roaming\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe
.
==================== Find3M ====================
.
2012-03-18 20:21:05 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-23 04:05:20 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-14 22:55:04 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 22:55:02 5886232 ----a-w- C:\Windows\System32\GfxUI.exe
2012-02-14 22:55:02 511768 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-02-14 22:55:02 440600 ----a-w- C:\Windows\System32\igfxpers.exe
2012-02-14 22:55:02 398616 ----a-w- C:\Windows\System32\hkcmd.exe
2012-02-14 22:55:02 250136 ----a-w- C:\Windows\System32\igfxext.exe
2012-02-14 22:55:02 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-02-14 22:55:02 170264 ----a-w- C:\Windows\System32\igfxtray.exe
2012-02-14 22:53:26 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2653.dll
2012-02-14 22:47:40 8086528 ----a-w- C:\Windows\System32\igdumd64.dll
2012-02-14 22:47:38 14692224 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-02-14 22:47:06 963912 ----a-w- C:\Windows\SysWow64\igkrng600.bin
2012-02-14 22:47:06 963912 ----a-w- C:\Windows\System32\igkrng600.bin
2012-02-14 22:47:06 79360 ----a-w- C:\Windows\System32\igdde64.dll
2012-02-14 22:47:06 261208 ----a-w- C:\Windows\SysWow64\igfcg600m.bin
2012-02-14 22:47:06 261208 ----a-w- C:\Windows\System32\igfcg600m.bin
2012-02-14 22:44:54 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-02-14 22:44:24 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll
2012-02-14 22:42:58 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-02-14 22:35:26 7794688 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-02-14 22:07:18 18125312 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-02-14 21:59:56 13209600 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-02-14 21:56:42 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-02-14 21:56:34 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-02-14 21:56:34 430080 ----a-w- C:\Windows\System32\igfxdev.dll
2012-02-14 21:56:34 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-02-14 21:56:06 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-02-14 21:56:04 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-02-14 21:56:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll
2012-02-14 21:55:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-02-14 21:54:36 321024 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-02-14 21:53:08 524800 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-02-14 21:53:08 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-02-14 21:53:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-02-14 21:53:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-02-14 21:53:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-02-14 21:53:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-02-14 21:53:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-02-14 21:53:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-02-01 21:42:57 2476 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-21 21:05:44 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-12-21 21:05:37 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-12-21 21:05:37 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
.
============= FINISH: 16:34:00.19 ===============

Startup is very slow. I am running a Core i7 2600k at 4.5ghz, 16gb ram, and am using a solid state drive with Intel's z68 chipset based drive caching technology. It still takes ~8 minutes for the system to be all that useable after logging in to Windows.

Edited by typerdan297, 18 March 2012 - 03:49 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:29 PM

Posted 19 March 2012 - 08:56 AM

You had a bad rootkit infection. Let see what else we can find.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#5 typerdan297

typerdan297
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 19 March 2012 - 03:40 PM

OTL.Txt:

OTL logfile created on: 3/19/2012 4:12:51 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Brian\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.91 Gb Total Physical Memory | 12.89 Gb Available Physical Memory | 81.02% Memory free
23.89 Gb Paging File | 20.68 Gb Available in Paging File | 86.55% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 54.18 Gb Free Space | 18.17% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 0.05 Gb Free Space | 1.28% Space Free | Partition Type: NTFS
Drive F: | 294.00 Gb Total Space | 14.20 Gb Free Space | 4.83% Space Free | Partition Type: NTFS
Drive H: | 7.25 Gb Total Space | 3.12 Gb Free Space | 43.04% Space Free | Partition Type: NTFS
Drive I: | 915.51 Gb Total Space | 441.42 Gb Free Space | 48.22% Space Free | Partition Type: NTFS
Drive J: | 8.75 Gb Total Space | 8.64 Gb Free Space | 98.74% Space Free | Partition Type: NTFS
Drive N: | 55.24 Gb Total Space | 51.61 Gb Free Space | 93.42% Space Free | Partition Type: NTFS
Drive P: | 1171.56 Gb Total Space | 842.95 Gb Free Space | 71.95% Space Free | Partition Type: NTFS

Computer Name: COMP1 | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Brian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files\Lucidlogix Technologies\VIRTU\Ekag20nt.exe (Software Security System)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Bluetooth Go!\BluetoothGO.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\aaHMLib.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\AsNetlib.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\CpuFreq.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\aaHMLib.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AssistFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsMultiLang.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (Intel® PROSet Monitoring Service) Intel® -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:64bit: - (bckwfs) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Blue Coat Systems, Inc.)
SRV:64bit: - (uvnc_service) -- C:\Program Files\UltraVNC\winvnc.exe (UltraVNC)
SRV:64bit: - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4a\RpcAgentSrv.exe (SiSoftware)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (lxcg_device) -- C:\Windows\SysNative\lxcgcoms.exe ( )
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (cphs) Intel® -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_5632d69.dll ()
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe ()
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Amazon Download Agent) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (DUALServer) -- C:\Program Files (x86)\DualServer\DualServer.exe ()
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) Intel® -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:64bit: - (bckd) -- C:\Windows\SysNative\drivers\bckd.sys (Blue Coat Systems, Inc.)
DRV:64bit: - (VirtuWDDM) -- C:\Windows\SysNative\drivers\VirtuWDDM.sys (Lucidlogix Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (AiChargerPlus) -- C:\Windows\SysNative\drivers\AiChargerPlus.sys (ASUSTek Computer Inc.)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc)
DRV:64bit: - (ICCWDT) Intel® Watchdog Timer Driver (Intel® WDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4a\WNt500x64\sandra.sys (SiSoftware)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\netr6164.sys (Ralink Technology, Corp.)
DRV:64bit: - (bthav) -- C:\Windows\SysNative\drivers\bthav.sys (CSR, plc)
DRV:64bit: - (Envy24HFS) -- C:\Windows\SysNative\drivers\Envy24HF.sys (VIA - IC Ensemble, Inc.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 E4 95 BE 46 0B CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {5C115780-2286-47BE-887B-54D4F8858A59}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5C115780-2286-47BE-887B-54D4F8858A59}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: F:\Emusic Downloader\eMusic Download Manager\plugin\npemusic.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.53986: C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: F:\Emusic Downloader\eMusic Download Manager\plugin\npemusic.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Brian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/10/08 21:21:33 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2011/11/28 23:00:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: F:\Emusic Downloader\eMusic Download Manager\xulrunner\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: F:\Emusic Downloader\eMusic Download Manager\xulrunner\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/08 16:02:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/11/28 23:00:51 | 000,000,000 | ---D | M]

[2011/12/08 16:02:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\mozilla\Extensions
[2011/12/08 16:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\mozilla\Firefox\Profiles\tesdcbv5.default\extensions
[2011/12/08 15:54:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brian\AppData\Roaming\mozilla\Firefox\Profiles\tesdcbv5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/18 16:21:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/18 16:21:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
File not found (No name found) -- F:\EMUSIC DOWNLOADER\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
File not found (No name found) -- F:\EMUSIC DOWNLOADER\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
File not found (No name found) -- F:\EMUSIC DOWNLOADER\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Brian\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Brian\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Brian\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Wolfram Mathematica (Enabled) = C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: OnLive Games Service Detector for Firefox (Enabled) = C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Brian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Hangman = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpfaaakmnhcembbiennfjiaodandmhg\1_0\
CHR - Extension: Chain Reaction = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa\1.1_0\
CHR - Extension: Graph.tk = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkhkaamdeplibnmodcgodlkghphdbahk\0.0.1.0_0\

O1 HOSTS File: ([2012/03/15 17:54:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4:64bit: - HKLM..\Run: [VIRTU] C:\Program Files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.Exe ()
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O4 - HKCU..\Run: [Steam] F:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C206C87-CEA5-4F0D-BB9C-40747C29BA4E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E18A303-9125-454C-AE05-4051B1FD4C86}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\appinit_dll.dll) - C:\Program Files\Lucidlogix Technologies\VIRTU\appinit_dll.dll (Lucidlogix Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll) - C:\Program Files\Lucidlogix Technologies\VIRTU\x86\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/05 13:16:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/19 16:09:39 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2012/03/18 23:04:44 | 000,000,000 | ---D | C] -- C:\Users\Brian\Documents\alb_mon
[2012/03/18 16:39:36 | 000,000,000 | R--D | C] -- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/03/18 16:21:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/18 16:21:20 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/18 16:21:20 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/18 16:10:04 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Brian\Desktop\dds.scr
[2012/03/17 14:08:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/15 19:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012/03/15 19:03:07 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Origin
[2012/03/15 19:03:07 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Origin
[2012/03/15 19:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/03/15 19:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012/03/15 18:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012/03/15 17:57:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/15 17:42:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/15 17:33:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/15 17:33:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/15 17:33:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/15 17:33:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/15 17:33:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/15 17:31:46 | 004,436,988 | R--- | C] (Swearware) -- C:\Users\Brian\Desktop\ComboFix.exe
[2012/03/15 17:23:11 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/15 17:21:45 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Brian\Desktop\TDSSKiller.exe
[2012/03/14 23:07:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012/03/14 23:07:31 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\EA Core
[2012/03/14 23:01:34 | 000,000,000 | ---D | C] -- C:\Users\Brian\Documents\BioWare
[2012/03/14 22:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 2
[2012/03/14 22:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2012/03/14 03:03:18 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 03:03:18 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 03:03:17 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/13 17:53:46 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/13 17:52:50 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/03/13 17:52:49 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/13 17:52:49 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/13 17:52:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/13 17:52:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/13 17:52:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/12 23:45:14 | 000,000,000 | ---D | C] -- C:\Users\Brian\Documents\Bioshock
[2012/03/12 23:45:14 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Bioshock
[2012/03/08 13:05:07 | 000,000,000 | ---D | C] -- C:\Users\Brian\Documents\Square Enix
[2012/03/05 15:47:18 | 000,189,608 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\IPROSetMonitor.exe
[2012/03/05 15:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/03/05 15:44:35 | 000,360,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\e1c62x64.sys
[2012/03/05 15:44:35 | 000,098,496 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicInstC.dll
[2012/03/05 15:44:35 | 000,068,264 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\e1cmsg.dll
[2012/02/24 00:11:56 | 000,000,000 | ---D | C] -- C:\Users\Brian\utils
[2012/02/24 00:11:56 | 000,000,000 | ---D | C] -- C:\Users\Brian\syslinux
[2012/02/24 00:11:55 | 000,000,000 | ---D | C] -- C:\Users\Brian\live
[2012/02/24 00:11:55 | 000,000,000 | ---D | C] -- C:\Users\Brian\isolinux
[2012/02/24 00:11:55 | 000,000,000 | ---D | C] -- C:\Users\Brian\EFI
[2012/02/24 00:11:55 | 000,000,000 | ---D | C] -- C:\Users\Brian\.disk
[2012/02/23 00:00:53 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Brian\Desktop\*.tmp files -> C:\Users\Brian\Desktop\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/22 11:48:34 | 004,822,050 | ---- | M] () -- C:\Users\Brian\Desktop\IMG_9042.JPG
[2012/03/19 16:19:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/19 16:09:39 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2012/03/19 15:39:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-745330637-3307140133-1288979036-1005UA.job
[2012/03/19 15:31:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-745330637-3307140133-1288979036-1001UA.job
[2012/03/19 09:31:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-745330637-3307140133-1288979036-1001Core.job
[2012/03/19 05:19:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/19 04:53:02 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2012/03/18 23:04:12 | 000,000,135 | ---- | M] () -- C:\Windows\SysWow64\~.inf
[2012/03/18 22:39:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-745330637-3307140133-1288979036-1005Core.job
[2012/03/18 18:00:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/03/18 16:50:10 | 000,021,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 16:50:10 | 000,021,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 16:44:56 | 000,861,632 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/18 16:44:56 | 000,719,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/18 16:44:56 | 000,145,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/18 16:38:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/18 16:37:57 | 4221,468,670 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/18 16:21:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/18 16:21:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/18 16:21:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/18 16:21:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/18 16:15:18 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/03/18 16:10:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Brian\Desktop\dds.scr
[2012/03/16 14:45:13 | 000,740,982 | ---- | M] () -- C:\Users\Brian\Desktop\card-b.pdf
[2012/03/15 19:01:36 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/03/15 18:26:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/15 17:54:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/15 17:33:26 | 000,879,700 | ---- | M] () -- C:\Users\Brian\Desktop\SecurityCheck.exe
[2012/03/15 17:31:57 | 004,436,988 | R--- | M] (Swearware) -- C:\Users\Brian\Desktop\ComboFix.exe
[2012/03/15 17:22:17 | 000,000,000 | ---- | M] () -- C:\Users\Brian\defogger_reenable
[2012/03/15 17:21:37 | 002,044,822 | ---- | M] () -- C:\Users\Brian\Desktop\tdsskiller.zip
[2012/03/15 17:19:51 | 000,050,477 | ---- | M] () -- C:\Users\Brian\Desktop\Defogger.exe
[2012/03/14 03:21:03 | 011,338,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/13 17:49:03 | 000,858,480 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/13 17:22:37 | 1478,957,698 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/12 12:39:44 | 000,002,394 | ---- | M] () -- C:\Users\Brian\Desktop\Google Chrome.lnk
[2012/03/09 17:12:06 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brian\Desktop\TDSSKiller.exe
[2012/03/05 18:13:51 | 000,005,993 | ---- | M] () -- C:\Users\Brian\Desktop\STEAM2 privatemessages-webbwbb-03-05-2012.csv
[2012/03/05 18:11:23 | 000,016,347 | ---- | M] () -- C:\Users\Brian\Desktop\STEAM privatemessages-webbwbb-03-05-2012.csv
[2012/02/26 10:45:32 | 000,670,987 | ---- | M] () -- C:\Users\Brian\Desktop\ibattlezone.psd
[2012/02/23 06:38:07 | 000,000,519 | ---- | M] () -- C:\Users\Brian\GParted-Live-Version
[2012/02/23 06:20:55 | 000,017,982 | ---- | M] () -- C:\Users\Brian\COPYING
[2012/02/23 00:05:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/23 00:00:53 | 000,002,515 | ---- | M] () -- C:\Users\Brian\Desktop\Windows 7 USB DVD Download Tool.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Brian\Desktop\*.tmp files -> C:\Users\Brian\Desktop\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/18 23:03:06 | 000,000,135 | ---- | C] () -- C:\Windows\SysWow64\~.inf
[2012/03/18 16:15:18 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/03/18 16:15:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/16 14:45:13 | 000,740,982 | ---- | C] () -- C:\Users\Brian\Desktop\card-b.pdf
[2012/03/15 19:01:36 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/03/15 18:26:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/15 17:33:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/15 17:33:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/15 17:33:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/15 17:33:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/15 17:33:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/15 17:33:25 | 000,879,700 | ---- | C] () -- C:\Users\Brian\Desktop\SecurityCheck.exe
[2012/03/15 17:22:17 | 000,000,000 | ---- | C] () -- C:\Users\Brian\defogger_reenable
[2012/03/15 17:21:26 | 002,044,822 | ---- | C] () -- C:\Users\Brian\Desktop\tdsskiller.zip
[2012/03/15 17:19:48 | 000,050,477 | ---- | C] () -- C:\Users\Brian\Desktop\Defogger.exe
[2012/03/05 18:13:50 | 000,005,993 | ---- | C] () -- C:\Users\Brian\Desktop\STEAM2 privatemessages-webbwbb-03-05-2012.csv
[2012/03/05 18:11:23 | 000,016,347 | ---- | C] () -- C:\Users\Brian\Desktop\STEAM privatemessages-webbwbb-03-05-2012.csv
[2012/02/26 10:45:31 | 000,670,987 | ---- | C] () -- C:\Users\Brian\Desktop\ibattlezone.psd
[2012/02/24 00:11:55 | 000,017,982 | ---- | C] () -- C:\Users\Brian\COPYING
[2012/02/24 00:11:55 | 000,000,519 | ---- | C] () -- C:\Users\Brian\GParted-Live-Version
[2012/02/23 00:00:53 | 000,002,515 | ---- | C] () -- C:\Users\Brian\Desktop\Windows 7 USB DVD Download Tool.lnk
[2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/14 18:44:24 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/14 17:59:56 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/12/07 01:06:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/14 19:11:47 | 000,000,064 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\Sandra.ldb
[2011/08/14 17:54:47 | 011,141,120 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\Sandra.mdb
[2011/08/03 00:21:54 | 000,000,152 | ---- | C] () -- C:\Windows\SysWow64\dvdrip.ini
[2011/07/12 21:34:09 | 000,000,410 | ---- | C] () -- C:\Windows\lightworks.ini
[2011/06/14 23:35:31 | 000,001,456 | ---- | C] () -- C:\Users\Brian\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/05/31 19:24:58 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/05/31 19:24:56 | 002,712,064 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/05/31 19:24:56 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/05/31 19:24:56 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/31 19:24:56 | 000,122,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/05/31 19:24:56 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/05/27 08:44:33 | 005,262,832 | ---- | C] () -- C:\Windows\PE_File.dll
[2011/05/27 08:35:51 | 005,197,296 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2011/05/27 07:29:36 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/05/27 07:29:33 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/05/27 06:28:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/05/27 06:26:19 | 000,041,672 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/05/26 16:19:10 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/05/26 16:19:07 | 000,026,980 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/03/14 13:52:18 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\rgbacodec.dll
[2010/12/30 02:47:38 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010/12/30 01:50:21 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2010/12/30 01:50:21 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2010/12/30 01:50:21 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2010/12/30 01:50:16 | 000,042,386 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2010/12/30 01:49:05 | 000,000,945 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2010/12/30 01:49:02 | 000,004,969 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2010/12/30 01:49:00 | 000,000,516 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2010/12/07 13:56:47 | 000,007,629 | ---- | C] () -- C:\Users\Brian\AppData\Local\Resmon.ResmonCfg
[2010/09/24 10:07:52 | 000,000,132 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/09/16 19:40:08 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/08/31 22:55:28 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/31 22:53:54 | 000,858,480 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/22 21:41:31 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010/08/03 01:21:24 | 000,014,464 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010/06/08 18:57:22 | 000,160,425 | ---- | C] () -- C:\Windows\Sqirlz Morph Uninstaller.exe

========== LOP Check ==========

[2010/09/16 19:18:41 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Aim
[2011/12/26 18:53:55 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Amazon
[2010/05/30 19:14:53 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\AnvSoft
[2010/12/30 01:50:34 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\ASUS
[2012/03/13 00:20:29 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Bioshock
[2010/05/30 19:09:57 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Boilsoft
[2010/08/23 12:47:20 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\eMusic
[2010/11/08 22:05:36 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\ESET
[2012/01/31 21:23:11 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\FileZilla
[2010/05/30 19:19:24 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\FreeVideoConverter
[2011/06/01 12:29:06 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\GlarySoft
[2011/06/14 23:33:01 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\gtk-2.0
[2011/08/03 00:20:20 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\HandBrake
[2011/11/27 16:02:04 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1
[2010/01/19 20:45:11 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\MiniDm
[2010/05/17 23:23:03 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Notepad++
[2010/06/28 11:14:37 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\OnLive
[2010/02/26 00:47:00 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\OpenOffice.org
[2010/11/10 02:18:38 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Opera
[2012/03/15 19:05:50 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Origin
[2010/08/22 21:41:31 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\PACE Anti-Piracy
[2011/12/30 23:29:53 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Polynomial
[2012/03/15 17:09:05 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\SoftGrid Client
[2012/02/01 21:06:48 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\SPORE
[2010/08/22 21:57:18 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/11/25 23:21:33 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\TP
[2010/12/23 17:02:29 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Ubisoft
[2011/11/16 23:53:56 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Unity
[2010/11/08 22:25:59 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\uTorrent
[2011/08/05 16:20:47 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\WindSolutions
[2012/03/18 18:00:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2012/03/19 04:53:02 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2011/07/21 22:00:02 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/12/05 23:15:00 | 013,053,058 | ---- | M] () -- C:\ethereal-setup-0.99.0.exe
[1999/07/09 18:31:30 | 000,014,305 | ---- | M] () -- C:\rawrite.exe
[2007/12/05 23:19:30 | 018,326,376 | ---- | M] () -- C:\wireshark-setup-0.99.6a.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2012/03/18 17:38:22 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-745330637-3307140133-1288979036-1005\$I1YHOFN.jpg
[2012/03/18 17:38:36 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-745330637-3307140133-1288979036-1005\$I5E9ZOS.png
[2012/03/18 17:38:36 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-745330637-3307140133-1288979036-1005\$IDO5NER.jpg
[2012/03/18 17:38:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-745330637-3307140133-1288979036-1005\$IGOBMCC.jpg
[2012/03/18 17:38:22 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-745330637-3307140133-1288979036-1005\$IIGCULU.png
[2012/03/18 17:38:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-745330637-3307140133-1288979036-1005\$ITAJIPM.bmp
[2012/03/18 17:38:48 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-745330637-3307140133-1288979036-1005\$ITP87Z3.JPG
[2010/06/08 19:00:40 | 000,151,056 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-745330637-3307140133-1288979036-1005\$R1YHOFN.jpg
[2011/06/25 15:04:59 | 000,014,308 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-745330637-3307140133-1288979036-1005\$R5E9ZOS.png
[2011/06/25 15:26:30 | 000,161,613 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-745330637-3307140133-1288979036-1005\$RDO5NER.jpg
[2011/12/02 14:47:30 | 000,381,357 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-745330637-3307140133-1288979036-1005\$RGOBMCC.jpg
[2010/06/08 18:59:37 | 000,104,085 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-745330637-3307140133-1288979036-1005\$RIGCULU.png
[2010/06/08 18:59:48 | 001,604,054 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-745330637-3307140133-1288979036-1005\$RTAJIPM.bmp
[2011/12/07 01:01:48 | 000,163,446 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-745330637-3307140133-1288979036-1005\$RTP87Z3.JPG
[2012/03/17 14:08:31 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-745330637-3307140133-1288979036-1005\desktop.ini

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/20 09:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010/11/20 09:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/20 09:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009/07/13 21:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/13 21:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010/11/20 08:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
[2010/11/20 08:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/20 08:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: BEEP.SYS >
[2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys
[2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IASTOR.SYS >
[2011/05/28 00:58:43 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Users\Brian\Desktop\IRST_V10501026_XPVistaWin7\IRST_V10501026_XPVistaWin7\Driver\Disk\64bit\iaStor.sys
[2011/04/26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys
[2011/04/26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_08d71942172d4761\iaStor.sys
[2011/05/28 00:58:43 | 000,461,080 | ---- | M] (Intel Corporation) MD5=9615DAF540B2C04DC871D10D7AE59F38 -- C:\Users\Brian\Desktop\IRST_V10501026_XPVistaWin7\IRST_V10501026_XPVistaWin7\Driver\Disk\32bit\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: KERNEL32.DLL >
[2011/07/16 01:21:15 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=06835B46D9676BEDD80AF25ACF6845FD -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_f083035588e611da\kernel32.dll
[2011/05/14 03:20:00 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=0E1B2E16235AA7F89F064EE75DFC905E -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_f1e6ed746ce85c1b\kernel32.dll
[2011/05/14 02:22:22 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=166116134C58DC36400DE59ACD64FB39 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_fc3b97c6a1491e16\kernel32.dll
[2011/07/16 00:21:33 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=2113248DB2D1AF9CA790B09F3E6C6E85 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_fad7ada7bd46d3d5\kernel32.dll
[2011/07/16 01:28:00 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=27AC02D8EE4C02E7648C41CB880151DA -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
[2011/05/14 02:32:33 | 000,837,120 | ---- | M] (Microsoft Corporation) MD5=40EACEE0B6432CBE2459A11B298E9D88 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_fa543a76a42398d3\kernel32.dll
[2011/07/16 00:30:27 | 001,048,576 | ---- | M] (Microsoft Corporation) MD5=4EA99F1644627B1EBAD99D0B93CDEE1C -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_fa22f90aa449708d\kernel32.dll
[2009/07/13 21:41:13 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=5B4B379AD10DEDA4EDA01B8C6961B193 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll
[2009/07/13 21:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) MD5=606ECB76A424CC535407E7A24E2A34BC -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_fa07813aa45d5150\kernel32.dll
[2011/05/14 03:11:10 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=6743E8705A96FCBF71279B5AE2CCFDBC -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_f266ba9d860d312d\kernel32.dll
[2011/06/03 01:58:27 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=6EB2AEE15C20681E323E9A3E334FE6CF -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_fa9ef84dbd7012f1\kernel32.dll
[2010/11/20 09:26:42 | 001,161,216 | ---- | M] (Microsoft Corporation) MD5=7A6326D96D53048FDEC542DF23D875A0 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[2010/11/20 09:26:42 | 001,161,216 | ---- | M] (Microsoft Corporation) MD5=7A6326D96D53048FDEC542DF23D875A0 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[2011/06/03 02:54:47 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=8225958BAC83EAFCDB6BAB6EE5EDF6E6 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_f04a4dfb890f50f6\kernel32.dll
[2011/05/14 03:36:24 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=98DA1B7572DAD6BA10296E0DF0950B37 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_efff90246fc2d6d8\kernel32.dll
[2011/07/16 00:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=99C3F8E9CC59D95666EB8D8A8B4C2BEB -- C:\Windows\ERDNT\cache86\kernel32.dll
[2011/07/16 00:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=99C3F8E9CC59D95666EB8D8A8B4C2BEB -- C:\Windows\SysWOW64\kernel32.dll
[2011/07/16 00:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=99C3F8E9CC59D95666EB8D8A8B4C2BEB -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll
[2011/07/16 01:37:12 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=B9B42A302325537D7B9DC52D47F33A73 -- C:\Windows\ERDNT\cache64\kernel32.dll
[2011/07/16 01:37:12 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=B9B42A302325537D7B9DC52D47F33A73 -- C:\Windows\SysNative\kernel32.dll
[2011/07/16 01:37:12 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=B9B42A302325537D7B9DC52D47F33A73 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
[2011/05/14 03:33:36 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=CC5CBC069944E7EA70D8674478A70A37 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_fcbb64efba6df328\kernel32.dll
[2011/07/16 00:49:33 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=D3CB12854171DF61D117D7C2BF22C675 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
[2011/07/16 01:21:32 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=DDBD24DC04DA5FD0EDF45CF72B7C01E2 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_efce4eb86fe8ae92\kernel32.dll
[2010/11/20 08:08:56 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=E80758CF485DB142FCA1EE03A34EAD05 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
[2010/11/20 08:08:56 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=E80758CF485DB142FCA1EE03A34EAD05 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2009/07/13 21:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 09:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\ERDNT\cache64\mswsock.dll
[2010/11/20 09:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 09:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/20 09:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\ERDNT\cache86\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2009/07/13 21:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NDIS.SYS >
[2010/11/20 09:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\ERDNT\cache64\ndis.sys
[2010/11/20 09:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2010/11/20 09:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\SysNative\drivers\ndis.sys
[2010/11/20 09:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2009/07/13 21:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NTFS.SYS >
[2010/11/20 09:33:46 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[2010/11/20 09:33:46 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[2009/07/13 21:48:27 | 001,659,984 | ---- | M] (Microsoft Corporation) MD5=356698A13C4630D5B31C37378D469196 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_02661b64369ca03a\ntfs.sys
[2011/03/11 02:23:06 | 001,657,216 | ---- | M] (Microsoft Corporation) MD5=378E0E0DFEA67D98AE6EA53ADBBD76BC -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_0273f3c63691c4ea\ntfs.sys
[2011/03/11 02:25:53 | 001,685,888 | ---- | M] (Microsoft Corporation) MD5=867C1395F0100CBE9ACD73B1C2741149 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_032ca00d4f8d24c5\ntfs.sys
[2011/03/11 02:19:20 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=87B104128D4D3BA3C13098BAEBF38082 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[2011/03/11 02:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\ERDNT\cache64\ntfs.sys
[2011/03/11 02:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\SysNative\drivers\ntfs.sys
[2011/03/11 02:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2009/07/13 21:39:28 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=19117589BA265AAF89BEBE1E9040000C -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.1.7600.16385_none_83bbe97eac162e90\proquota.exe
[2010/11/20 08:17:30 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_29ce61c2f0a740f4\proquota.exe
[2010/11/20 08:17:30 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\SysWOW64\proquota.exe
[2010/11/20 08:17:30 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_29ce61c2f0a740f4\proquota.exe
[2009/07/13 21:14:29 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=8CDF71E78469BE54C29C1AD2FC8DE611 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7600.16385_none_279d4dfaf3b8bd5a\proquota.exe
[2010/11/20 09:25:04 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C6C83C0DF40E11FA1F06625E95E41DE7 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_85ecfd46a904b22a\proquota.exe
[2010/11/20 09:25:04 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C6C83C0DF40E11FA1F06625E95E41DE7 -- C:\Windows\SysNative\proquota.exe
[2010/11/20 09:25:04 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C6C83C0DF40E11FA1F06625E95E41DE7 -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_85ecfd46a904b22a\proquota.exe

< MD5 for: QMGR.DLL >
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\ERDNT\cache64\qmgr.dll
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 21:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/20 01:38:12 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=8547491BE7086EE317163365D83A37D2 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe
[2009/07/13 21:39:44 | 000,558,080 | ---- | M] (Microsoft Corporation) MD5=89E8550C5862999FCF482EA562B0E98E -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe
[2010/11/20 09:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\ERDNT\cache64\spoolsv.exe
[2010/11/20 09:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[2010/11/20 09:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\SysNative\spoolsv.exe
[2010/11/20 09:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[2010/08/21 02:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TERMSRV.DLL >
[2009/04/25 13:15:30 | 000,706,560 | ---- | M] (Microsoft Corporation) MD5=0B1FFF22D70ECAEA39C136CC2110CB7A -- C:\Windows\SysNative\termsrv.dll
[2009/04/25 13:15:30 | 000,706,560 | ---- | M] (Microsoft Corporation) MD5=0B1FFF22D70ECAEA39C136CC2110CB7A -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[2009/07/13 21:41:55 | 000,706,560 | ---- | M] (Microsoft Corporation) MD5=0F05EC2887BFE197AD82A13287D2F404 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll
[2010/11/20 09:27:26 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 1220 bytes -> C:\ProgramData\Microsoft:ezPgHGcTaGZmahK31kQzCDtaF
@Alternate Data Stream - 1218 bytes -> C:\ProgramData\Microsoft:p3WW11A9EkoRRfGDtU22GFcWV68c

< End of report >

#6 typerdan297

typerdan297
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 19 March 2012 - 03:41 PM

Extras.Txt:

OTL Extras logfile created on: 3/19/2012 4:15:00 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Brian\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.91 Gb Total Physical Memory | 12.89 Gb Available Physical Memory | 81.02% Memory free
23.89 Gb Paging File | 20.68 Gb Available in Paging File | 86.55% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 54.18 Gb Free Space | 18.17% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 0.05 Gb Free Space | 1.28% Space Free | Partition Type: NTFS
Drive F: | 294.00 Gb Total Space | 14.20 Gb Free Space | 4.83% Space Free | Partition Type: NTFS
Drive H: | 7.25 Gb Total Space | 3.12 Gb Free Space | 43.04% Space Free | Partition Type: NTFS
Drive I: | 915.51 Gb Total Space | 441.42 Gb Free Space | 48.22% Space Free | Partition Type: NTFS
Drive J: | 8.75 Gb Total Space | 8.64 Gb Free Space | 98.74% Space Free | Partition Type: NTFS
Drive N: | 55.24 Gb Total Space | 51.61 Gb Free Space | 93.42% Space Free | Partition Type: NTFS
Drive P: | 1171.56 Gb Total Space | 842.95 Gb Free Space | 71.95% Space Free | Partition Type: NTFS

Computer Name: COMP1 | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{10E5F3FF-AD93-40C5-A0F5-13B9185DBB12}" = ESET NOD32 Antivirus
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java™ 7 Update 1 (64-bit)
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}" = Intel® Network Connections 16.8.46.0
"{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java™ SE Development Kit 7 Update 1 (64-bit)
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Free Hex Editor Neo 4.95
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9EFA9C67-6ADD-4831-BE5D-58DDFBBB694E}" = Adobe Photoshop Lightroom 4 Beta 64-bit
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP4a
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"A-WIN-Extras 8.0.4 2615434_is1" = Mathematica Extras 8.0 (2615434)
"Blue Coat K9 Web Protection" = Blue Coat K9 Web Protection 4.2.123
"CCleaner" = CCleaner
"C-Media Oxygen HD Audio Driver" = ASUS Xonar DS Audio Driver
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v3.0.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"M-WIN-T 8.0.4 2615567_is1" = Wolfram Mathematica 8 (M-WIN-T 8.0.4 2615567)
"PerformanceTest_is1" = PerformanceTest v6.1 (64-bit)
"PROSetDX" = Intel® Network Connections 16.8.46.0
"Recuva" = Recuva
"Ultravnc2_is1" = UltraVnc
"VIRTU_is1" = VIRTU 1.2.102
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EFE260-2C3A-4821-80B7-639B39EFE67B}" = MySoundStudio
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2A42414B-1E07-454B-97C4-4789D8DBD338}" = Multiverse Tools
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{3FFF605A-B4CE-0706-16C3-7313BBF32DFA}" = iTunes Export
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4822DF0D-087B-435C-843D-ADAB239CCA13}_is1" = Boilsoft Video Converter 2.71
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D371573-2CDC-33E5-AA15-1CB3FDD6EABF}" = Google Talk Plugin
"{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}" = iTunes
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{626B3D60-A661-4444-AAF5-6C75E55936E8}" = Adobe Creative Suite 5 Production Premium
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{935B40F5-6994-4868-9155-F9FB77A5048F}" = Microsoft Expression Encoder 4
"{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5355F15-F98B-4704-9BAE-E53B9FE48F48}" = SDFormatter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel® Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1C2398C-6FAB-46D1-806C-5942F0829994}" = ParetoLogic Data Recovery
"{B250BC77-4C92-4D1C-9FB0-DECD250AFD28}" = Mixed In Key
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAA11826-70EF-4E44-9E97-8476793E022F}" = Launchpad Enhanced
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E30FF7-5EAE-4E0E-B394-78214222D60C}" = Windows Internet Explorer Platform Preview
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Advanced PDF Repair v2.0" = Advanced PDF Repair v2.0
"Akamai" = Akamai NetSession Interface
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"AnalogX Proxy" = AnalogX Proxy
"Android SDK Tools" = Android SDK Tools
"Any Video Converter_is1" = Any Video Converter 3.0.5
"AOL Instant Messenger" = AOL Instant Messenger
"AVS Disc Creator_is1" = AVS Disc Creator version 3.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVSCoverEditor_AVS4YOU_is1" = AVS Cover Editor 1.3.1.95 (AVS4YOU)
"Badaboom2" = Badaboom versionTRIAL_2.0.0.128
"Blender" = Blender (remove only)
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Celestia_is1" = Celestia 1.6.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"DPP" = Canon Utilities Digital Photo Professional 3.8
"DualServer" = DualServer
"DVD Shrink_is1" = DVD Shrink 3.2
"EA Installer.1476643641" = EA Installer
"Encoder_4.0.1651.0" = Microsoft Expression Encoder 4
"Envy24HF Setup Program" = UnInstall Envy24 Family Audio Device Driver
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Eusing Free Registry Defrag" = Eusing Free Registry Defrag
"FileZilla Client" = FileZilla Client 3.5.0
"FLAC" = FLAC 1.2.1b (remove only)
"Glary Undelete_is1" = Glary Undelete 1.6.0.262
"HandBrake" = HandBrake 0.9.5
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 2.36 build 1181
"HijackThis" = HijackThis 2.0.2
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}" = iTunes
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"IsoBuster_is1" = IsoBuster 2.8.5
"iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1" = iTunes Export
"Jahshaka" = Jahshaka
"Kernel For PDF Repair Evaluation version_is1" = Kernel For PDF Repair Evaluation ver 9.11.01
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"MuseScore 0.9" = MuseScore 0.9 MuseScore score typesetter
"Notepad++" = Notepad++
"NTFS Undelete_is1" = NTFS Undelete v0.91
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OnLive" = OnLive
"OpenAL" = OpenAL
"OpenLibraries" = OpenLibraries
"Origin" = Origin
"Orion_is1" = Orion
"PhotoStitch" = Canon Utilities PhotoStitch
"PunkBusterSvc" = PunkBuster Services
"RealVNC_is1" = VNC Free Edition 4.1.3
"SpeedFan" = SpeedFan (remove only)
"Sqirlz Morph" = Sqirlz Morph
"Steam App 10" = Counter-Strike
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 105300" = Critical Mass
"Steam App 13520" = Far Cry
"Steam App 17300" = Crysis
"Steam App 17330" = Crysis Warhead
"Steam App 17340" = Crysis Wars
"Steam App 17410" = Mirror's Edge
"Steam App 17460" = Mass Effect
"Steam App 20" = Team Fortress Classic
"Steam App 20500" = Red Faction: Guerrilla
"Steam App 20530" = Red Faction
"Steam App 20550" = Red Faction II
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 24400" = King Arthur - The Role-playing Wargame
"Steam App 280" = Half-Life: Source
"Steam App 30" = Day of Defeat
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 32380" = Star Wars Jedi Knight: Dark Forces II
"Steam App 32390" = Star Wars - Jedi Knight: Mysteries of the Sith
"Steam App 32400" = Star Wars: Dark Forces
"Steam App 32430" = Star Wars: The Force Unleashed
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 380" = Half-Life 2: Episode One
"Steam App 4000" = Garry's Mod
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 48900" = Saira
"Steam App 55100" = Homefront
"Steam App 55110" = Red Faction: Armageddon
"Steam App 60" = Ricochet
"Steam App 6020" = Star Wars Jedi Knight: Jedi Academy
"Steam App 6030" = Star Wars - Jedi Knight II: Jedi Outcast
"Steam App 620" = Portal 2
"Steam App 67000" = The Polynomial
"Steam App 70110" = Hacker Evolution - Untold
"Steam App 70120" = Hacker Evolution Duality
"Steam App 71270" = Football Manager 2012
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7670" = BioShock
"Steam App 80" = Counter-Strike: Condition Zero
"SystemRequirementsLab" = System Requirements Lab
"TightVNC_is1" = TightVNC 1.3.10
"Video Enhancer_is1" = Video Enhancer 1.9.6
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.9
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:29 PM

Posted 20 March 2012 - 12:51 PM

Nothing suspicious was found on your log.

However much information could be obtained from the event viewer but unfortunately it's damaged.

Refer to this article - How to Delete Corrupt Event Viewer Log Files
http://support.microsoft.com/kb/172156

Delete the log.

Restart the computer and run the OTL tool again. Post only the OTL Extras logfile for my review.

#8 typerdan297

typerdan297
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 20 March 2012 - 03:23 PM

That service is not listed on the services list at all so I went with the registry method. There was no "Startup" key in that folder of the registry so I changed "Start" to 0x04 instead (and backed up the registry to be safe). Are you sure that Knowledge Base article is applicable to Windows 7? I will update this posting once I have a new log file.

EDIT: The scan still says the event viewer files are corrupted. If I open the Event Viewer it lists the following: 1 critical; 4,810 Errors; 354 Warnings; 4,854 Information; 17,785 Audit Successes; and 15,206 Audit Failures in the past 7 days. If I scroll through them, I am given Event IDs for each. This is under the Administrative Events category.

EDIT2: I found the log files in %systemroot%\system32\winevt and moved them to a backup folder. Here is the new log but it still does not contain any event viewer information.

OTL Extras logfile created on: 3/19/2012 4:15:00 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Brian\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.91 Gb Total Physical Memory | 12.89 Gb Available Physical Memory | 81.02% Memory free
23.89 Gb Paging File | 20.68 Gb Available in Paging File | 86.55% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 54.18 Gb Free Space | 18.17% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 0.05 Gb Free Space | 1.28% Space Free | Partition Type: NTFS
Drive F: | 294.00 Gb Total Space | 14.20 Gb Free Space | 4.83% Space Free | Partition Type: NTFS
Drive H: | 7.25 Gb Total Space | 3.12 Gb Free Space | 43.04% Space Free | Partition Type: NTFS
Drive I: | 915.51 Gb Total Space | 441.42 Gb Free Space | 48.22% Space Free | Partition Type: NTFS
Drive J: | 8.75 Gb Total Space | 8.64 Gb Free Space | 98.74% Space Free | Partition Type: NTFS
Drive N: | 55.24 Gb Total Space | 51.61 Gb Free Space | 93.42% Space Free | Partition Type: NTFS
Drive P: | 1171.56 Gb Total Space | 842.95 Gb Free Space | 71.95% Space Free | Partition Type: NTFS

Computer Name: COMP1 | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{10E5F3FF-AD93-40C5-A0F5-13B9185DBB12}" = ESET NOD32 Antivirus
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java™ 7 Update 1 (64-bit)
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}" = Intel® Network Connections 16.8.46.0
"{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java™ SE Development Kit 7 Update 1 (64-bit)
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Free Hex Editor Neo 4.95
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9EFA9C67-6ADD-4831-BE5D-58DDFBBB694E}" = Adobe Photoshop Lightroom 4 Beta 64-bit
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP4a
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"A-WIN-Extras 8.0.4 2615434_is1" = Mathematica Extras 8.0 (2615434)
"Blue Coat K9 Web Protection" = Blue Coat K9 Web Protection 4.2.123
"CCleaner" = CCleaner
"C-Media Oxygen HD Audio Driver" = ASUS Xonar DS Audio Driver
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v3.0.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"M-WIN-T 8.0.4 2615567_is1" = Wolfram Mathematica 8 (M-WIN-T 8.0.4 2615567)
"PerformanceTest_is1" = PerformanceTest v6.1 (64-bit)
"PROSetDX" = Intel® Network Connections 16.8.46.0
"Recuva" = Recuva
"Ultravnc2_is1" = UltraVnc
"VIRTU_is1" = VIRTU 1.2.102
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EFE260-2C3A-4821-80B7-639B39EFE67B}" = MySoundStudio
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2A42414B-1E07-454B-97C4-4789D8DBD338}" = Multiverse Tools
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{3FFF605A-B4CE-0706-16C3-7313BBF32DFA}" = iTunes Export
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4822DF0D-087B-435C-843D-ADAB239CCA13}_is1" = Boilsoft Video Converter 2.71
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D371573-2CDC-33E5-AA15-1CB3FDD6EABF}" = Google Talk Plugin
"{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}" = iTunes
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{626B3D60-A661-4444-AAF5-6C75E55936E8}" = Adobe Creative Suite 5 Production Premium
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{935B40F5-6994-4868-9155-F9FB77A5048F}" = Microsoft Expression Encoder 4
"{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5355F15-F98B-4704-9BAE-E53B9FE48F48}" = SDFormatter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel® Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1C2398C-6FAB-46D1-806C-5942F0829994}" = ParetoLogic Data Recovery
"{B250BC77-4C92-4D1C-9FB0-DECD250AFD28}" = Mixed In Key
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAA11826-70EF-4E44-9E97-8476793E022F}" = Launchpad Enhanced
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E30FF7-5EAE-4E0E-B394-78214222D60C}" = Windows Internet Explorer Platform Preview
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Advanced PDF Repair v2.0" = Advanced PDF Repair v2.0
"Akamai" = Akamai NetSession Interface
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"AnalogX Proxy" = AnalogX Proxy
"Android SDK Tools" = Android SDK Tools
"Any Video Converter_is1" = Any Video Converter 3.0.5
"AOL Instant Messenger" = AOL Instant Messenger
"AVS Disc Creator_is1" = AVS Disc Creator version 3.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVSCoverEditor_AVS4YOU_is1" = AVS Cover Editor 1.3.1.95 (AVS4YOU)
"Badaboom2" = Badaboom versionTRIAL_2.0.0.128
"Blender" = Blender (remove only)
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Celestia_is1" = Celestia 1.6.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"DPP" = Canon Utilities Digital Photo Professional 3.8
"DualServer" = DualServer
"DVD Shrink_is1" = DVD Shrink 3.2
"EA Installer.1476643641" = EA Installer
"Encoder_4.0.1651.0" = Microsoft Expression Encoder 4
"Envy24HF Setup Program" = UnInstall Envy24 Family Audio Device Driver
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Eusing Free Registry Defrag" = Eusing Free Registry Defrag
"FileZilla Client" = FileZilla Client 3.5.0
"FLAC" = FLAC 1.2.1b (remove only)
"Glary Undelete_is1" = Glary Undelete 1.6.0.262
"HandBrake" = HandBrake 0.9.5
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 2.36 build 1181
"HijackThis" = HijackThis 2.0.2
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}" = iTunes
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"IsoBuster_is1" = IsoBuster 2.8.5
"iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1" = iTunes Export
"Jahshaka" = Jahshaka
"Kernel For PDF Repair Evaluation version_is1" = Kernel For PDF Repair Evaluation ver 9.11.01
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"MuseScore 0.9" = MuseScore 0.9 MuseScore score typesetter
"Notepad++" = Notepad++
"NTFS Undelete_is1" = NTFS Undelete v0.91
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OnLive" = OnLive
"OpenAL" = OpenAL
"OpenLibraries" = OpenLibraries
"Origin" = Origin
"Orion_is1" = Orion
"PhotoStitch" = Canon Utilities PhotoStitch
"PunkBusterSvc" = PunkBuster Services
"RealVNC_is1" = VNC Free Edition 4.1.3
"SpeedFan" = SpeedFan (remove only)
"Sqirlz Morph" = Sqirlz Morph
"Steam App 10" = Counter-Strike
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 105300" = Critical Mass
"Steam App 13520" = Far Cry
"Steam App 17300" = Crysis
"Steam App 17330" = Crysis Warhead
"Steam App 17340" = Crysis Wars
"Steam App 17410" = Mirror's Edge
"Steam App 17460" = Mass Effect
"Steam App 20" = Team Fortress Classic
"Steam App 20500" = Red Faction: Guerrilla
"Steam App 20530" = Red Faction
"Steam App 20550" = Red Faction II
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 24400" = King Arthur - The Role-playing Wargame
"Steam App 280" = Half-Life: Source
"Steam App 30" = Day of Defeat
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 32380" = Star Wars Jedi Knight: Dark Forces II
"Steam App 32390" = Star Wars - Jedi Knight: Mysteries of the Sith
"Steam App 32400" = Star Wars: Dark Forces
"Steam App 32430" = Star Wars: The Force Unleashed
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 380" = Half-Life 2: Episode One
"Steam App 4000" = Garry's Mod
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 48900" = Saira
"Steam App 55100" = Homefront
"Steam App 55110" = Red Faction: Armageddon
"Steam App 60" = Ricochet
"Steam App 6020" = Star Wars Jedi Knight: Jedi Academy
"Steam App 6030" = Star Wars - Jedi Knight II: Jedi Outcast
"Steam App 620" = Portal 2
"Steam App 67000" = The Polynomial
"Steam App 70110" = Hacker Evolution - Untold
"Steam App 70120" = Hacker Evolution Duality
"Steam App 71270" = Football Manager 2012
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7670" = BioShock
"Steam App 80" = Counter-Strike: Condition Zero
"SystemRequirementsLab" = System Requirements Lab
"TightVNC_is1" = TightVNC 1.3.10
"Video Enhancer_is1" = Video Enhancer 1.9.6
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.9
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Edited by typerdan297, 20 March 2012 - 05:24 PM.


#9 typerdan297

typerdan297
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 20 March 2012 - 05:38 PM

I manually got the last 10 events from the event viewer (I am using a code view to preserve spacing so it displays as a readable table. Apparently white space is not preserved in a post):

Level	Source			Event ID	Task Category
Error	Service Control Manager	7001		None
Error	PrintService		315		Sharing a printer
Error	Service Control Manager	7026		None
Error	Service Control Manager	7034		None
Error	Schannel		36888		None
Error	Schannel		36888		None
Warning	User Profile Service	1530		None
Error	volmgr			45		None
Error	PrintService		315		Sharing a printer
Warning	SQLBrowser		3		None

Edited by typerdan297, 20 March 2012 - 05:43 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:29 PM

Posted 21 March 2012 - 08:20 AM

http://support.microsoft.com/kb/2489761

EDIT: The scan still says the event viewer files are corrupted. If I open the Event Viewer it lists the following: 1 critical; 4,810 Errors; 354

Have a look at this article.
http://www.pcmmc.com/error-354.php

===

From your event log.

Error PrintService 315 Sharing a printer


Have a look at this article.
Windows 7 - Freezing: Event ID 315, PrintService Error
http://www.sevenforums.com/crashes-debugging/112878-freezing-event-id-315-printservice-error.html

What have you tried and is the problem persisting.
===

Is restoring your system to a good restore point a possibility?
It may have to be a date prior to your problem with the RootKit infection

#11 typerdan297

typerdan297
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 21 March 2012 - 01:11 PM

There does not appear to be any restore points available prior to the rootkit infection. The pcmmc guide/tool seems to only recommend restoring to a previous point which does not look like it will be a viable option. I may have just missed it, but it does not seem that there was a resolution to the forum posting from Seven Forums. Any ideas of what I can do to either get you a more complete viewing of the event log or any way of fixing things other than a full reinstall?

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:29 PM

Posted 22 March 2012 - 08:16 AM

See what you can find with this troubleshooter.
http://windows.microsoft.com/en-us/windows7/Open-the-Performance-troubleshooter

#13 typerdan297

typerdan297
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 22 March 2012 - 08:59 PM

It only prompted me to remove programs from startup. I am only running my AV, Adobe/Oracle update utilities, and disk and printer drivers on startup.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:29 PM

Posted 23 March 2012 - 09:09 AM

SearchIndexer - could cause some problems. Slow booting.
http://www.howtogeek.com/howto/28450/what-is-searchindexer.exe-and-why-is-it-running/

Disable this tool for 15 minutes as suggested on the article.

Any improvement?

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:29 PM

Posted 29 March 2012 - 08:20 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users