1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Unknown Bug

Discussion in 'Malware and Virus Removal Archive' started by Mburgess, 2010/10/20.

Page 2 of 2
  1. 2010/10/21
    Mburgess

    Mburgess Inactive Thread Starter

    Joined:
    2010/10/17
    Messages:
    24
    Likes Received:
    0
    Extras Log:

    OTL Extras logfile created on: 10/21/2010 6:11:23 PM - Run 1
    OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Mitch\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 361.67 Gb Total Space | 268.54 Gb Free Space | 74.25% Space Free | Partition Type: NTFS
    Drive D: | 10.79 Gb Total Space | 4.50 Gb Free Space | 41.70% Space Free | Partition Type: NTFS

    Computer Name: BURGESS-BIG | User Name: Mitch | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "c:\MalwarebytesPortable\App\Malwarebytes\mbam.exe" = c:\MalwarebytesPortable\App\Malwarebytes\mbam.exe:*:Enabled:Malwarebytes -- File not found

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "c:\MalwarebytesPortable\App\Malwarebytes\mbam.exe" = c:\MalwarebytesPortable\App\Malwarebytes\mbam.exe:*:Enabled:Malwarebytes -- File not found


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DCD7A9A-8B0B-4184-A5D7-C4BDAA31C750}" = Microsoft Office Live Add-in Patches
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9D5CF765-2660-451D-8351-C998C488FD32}" = Tunebite
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
    "{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Maximum Security
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP
    "Guild Wars" = Guild Wars
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
    "Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "R-Studio 5.1NSIS" = R-Studio 5.1
    "Steam App 211" = Source SDK
    "Steam App 220" = Half-Life 2
    "Steam App 240" = Counter-Strike: Source
    "Steam App 29540" = Guild Wars: Game of the Year
    "Steam App 300" = Day of Defeat: Source
    "Steam App 320" = Half-Life 2: Deathmatch
    "Steam App 340" = Half-Life 2: Lost Coast
    "Steam App 400" = Portal
    "Steam App 4000" = Garry's Mod
    "Steam App 440" = Team Fortress 2
    "Steam App 630" = Alien Swarm
    "uTorrent" = µTorrent
    "Warcraft III" = Warcraft III
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Warcraft III" = Warcraft III: All Products

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/17/2010 5:58:57 PM | Computer Name = Burgess-Vista | Source = Application Error | ID = 1000
    Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
    0x4445c334 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
    time stamp: 0x47e2d72b Exception code: 0xc0000005 Fault offset: 0x013c553e Faulting
    process id: 0x764 Faulting application start time: 0x01cade78cafd8cb4 Faulting application
    path: c:\program files\steam\steamapps\mburgess325\counter-strike source\hl2.exe
    Faulting
    module path: filesystem_steam.dll Report Id: 6b7cf364-4a6c-11df-b81d-001e906704b3

    Error - 4/17/2010 8:20:14 PM | Computer Name = Burgess-Vista | Source = Application Error | ID = 1000
    Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
    0x470c11ae Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
    time stamp: 0x4877aa9a Exception code: 0xc0000005 Fault offset: 0x013a72c9 Faulting
    process id: 0xd94 Faulting application start time: 0x01cade89e4e77bb0 Faulting application
    path: c:\program files\steam\steamapps\mburgess325\garrysmod\hl2.exe Faulting module
    path: filesystem_steam.dll Report Id: 282fc9b0-4a80-11df-b81d-001e906704b3

    Error - 4/18/2010 9:12:28 AM | Computer Name = Burgess-Vista | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ".Error in manifest or policy file "c:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR "
    of attribute "version" in element "assemblyIdentity" is invalid.

    Error - 4/18/2010 12:49:04 PM | Computer Name = Burgess-Vista | Source = Application Error | ID = 1000
    Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
    0x470c11ae Faulting module name: shaderapidx9.dll, version: 0.0.0.0, time stamp:
    0x4b674cf6 Exception code: 0xc0000005 Fault offset: 0x000191d9 Faulting process id:
    0x690 Faulting application start time: 0x01cadf1672416f70 Faulting application path:
    c:\program files\steam\steamapps\mburgess325\garrysmod\hl2.exe Faulting module path:
    c:\program files\steam\steamapps\mburgess325\garrysmod\bin\shaderapidx9.dll Report
    Id: 4bc29df0-4b0a-11df-b81d-001e906704b3

    Error - 4/18/2010 5:32:36 PM | Computer Name = Burgess-Vista | Source = Application Error | ID = 1000
    Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
    0x4445c334 Faulting module name: datacache.dll, version: 0.0.0.0, time stamp: 0x46439c7b
    Exception
    code: 0xc0000005 Fault offset: 0x0000b423 Faulting process id: 0x11c4 Faulting application
    start time: 0x01cadf396fe4ec20 Faulting application path: c:\program files\steam\steamapps\mburgess325\counter-strike
    source\hl2.exe Faulting module path: c:\program files\steam\steamapps\mburgess325\counter-strike
    source\bin\datacache.dll Report Id: e7aab000-4b31-11df-964b-001e906704b3

    Error - 4/18/2010 5:32:44 PM | Computer Name = Burgess-Vista | Source = Application Error | ID = 1000
    Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
    0x4445c334 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x00000001 Faulting process id: 0x11c4 Faulting application
    start time: 0x01cadf396fe4ec20 Faulting application path: c:\program files\steam\steamapps\mburgess325\counter-strike
    source\hl2.exe Faulting module path: unknown Report Id: ec1a8d40-4b31-11df-964b-001e906704b3

    Error - 4/18/2010 9:09:04 PM | Computer Name = Burgess-Vista | Source = VSS | ID = 8194
    Description =

    Error - 4/19/2010 10:36:25 AM | Computer Name = Burgess-Vista | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ".Error in manifest or policy file "c:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR "
    of attribute "version" in element "assemblyIdentity" is invalid.

    Error - 4/20/2010 10:18:26 PM | Computer Name = Burgess-Vista | Source = Application Error | ID = 1000
    Description = Faulting application name: battleforge.exe, version: 1.2.0.0, time
    stamp: 0x4bbb45d6 Faulting module name: battleforge.exe, version: 1.2.0.0, time
    stamp: 0x4bbb45d6 Exception code: 0xc0000005 Fault offset: 0x00078a49 Faulting process
    id: 0xa28 Faulting application start time: 0x01cae0f8de46edb0 Faulting application
    path: C:\program files\steam\steamapps\common\battleforge\battleforge.exe Faulting
    module path: C:\program files\steam\steamapps\common\battleforge\battleforge.exe
    Report
    Id: 2ac14be0-4cec-11df-8dd5-001e906704b3

    Error - 4/21/2010 10:21:31 AM | Computer Name = Burgess-Vista | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ".Error in manifest or policy file "c:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR "
    of attribute "version" in element "assemblyIdentity" is invalid.

    [ Media Center Events ]
    Error - 9/15/2009 8:27:03 PM | Computer Name = Nick-PC | Source = Mcx2Dvcs | ID = 405
    Description =

    Error - 9/15/2009 8:31:43 PM | Computer Name = Nick-PC | Source = Mcx2Dvcs | ID = 405
    Description =

    Error - 9/15/2009 10:25:33 PM | Computer Name = Burgess-Vista | Source = McrMgr | ID = 109
    Description =

    Error - 10/8/2009 8:51:47 PM | Computer Name = Burgess-Vista | Source = Mcx2Dvcs | ID = 405
    Description =

    Error - 10/18/2009 4:05:27 PM | Computer Name = Burgess-Vista | Source = McrMgr | ID = 109
    Description =

    Error - 10/24/2009 1:08:12 PM | Computer Name = Burgess-Vista | Source = Mcx2Dvcs | ID = 405
    Description =

    [ System Events ]
    Error - 10/21/2010 9:08:55 PM | Computer Name = Burgess-Big | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 10/21/2010 9:09:51 PM | Computer Name = Burgess-Big | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 10/21/2010 9:09:51 PM | Computer Name = Burgess-Big | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 10/21/2010 9:09:51 PM | Computer Name = Burgess-Big | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 10/21/2010 9:14:52 PM | Computer Name = Burgess-Big | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 10/21/2010 9:14:52 PM | Computer Name = Burgess-Big | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 10/21/2010 9:14:52 PM | Computer Name = Burgess-Big | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 10/21/2010 9:16:59 PM | Computer Name = Burgess-Big | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 10/21/2010 9:16:59 PM | Computer Name = Burgess-Big | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 10/21/2010 9:16:59 PM | Computer Name = Burgess-Big | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068


    < End of report >
     
    Mburgess,
    #21
  2. 2010/10/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I don't see much there, either.

    Let's try one more scanner...

    Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
    broni,
    #22


  3. to hide this advert.

  4. 2010/10/23
    Mburgess

    Mburgess Inactive Thread Starter

    Joined:
    2010/10/17
    Messages:
    24
    Likes Received:
    0
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Saturday, October 23, 2010
    Operating system: Microsoft Professional (build 7600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Saturday, October 23, 2010 10:13:18
    Records in database: 4179882
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    H:\
    I:\
    J:\
    K:\

    Scan statistics:
    Objects scanned: 243020
    Threats found: 2
    Infected objects found: 2
    Suspicious objects found: 0
    Scan duration: 04:27:40


    File name / Threat / Threats count
    C:\Users\Mitch\Documents\KnightOnlineSetup_1708.exe Infected: Trojan.Win32.ZbotPatched.d 1
    C:\Users\Mitch\Documents\KnightOnlineSetup_1708.exe Infected: Trojan.Win32.ZbotPatched.bg 1

    Selected area has been scanned.
     
    Mburgess,
    #23
  5. 2010/10/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Firstly, reverse all changes you made, following my instructions from post #16.
    Re-enable all entries, you previously disabled.

    ===================================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
FF - HKLM\software\mozilla\Firefox\Extensions\\{3CD5BA76-9114-442D-BB31-45AAD6FA5721}: C:\Users\Mitch\AppData\Local\{3CD5BA76-9114-442D-BB31-45AAD6FA5721} [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{41D2D2E6-FBD7-40AC-A333-5DB10C27573B}: C:\Users\Burgess\AppData\Local\{41D2D2E6-FBD7-40AC-A333-5DB10C27573B} [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6F297557-72A9-4E1E-869B-00ABF34E4564}: C:\Users\Burgess\AppData\Local\{6F297557-72A9-4E1E-869B-00ABF34E4564}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FC34A486-C113-41A3-A77F-FFCE46E4005A}: C:\Users\Mitch\AppData\Local\{FC34A486-C113-41A3-A77F-FFCE46E4005A}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{80119070-146C-4601-8DD1-2C9C77472A26}: C:\Users\Burgess\AppData\Local\{80119070-146C-4601-8DD1-2C9C77472A26}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{AB4295A0-6278-4D5E-8E58-B7028EEEDBE0}: C:\Users\Mitch\AppData\Local\{AB4295A0-6278-4D5E-8E58-B7028EEEDBE0}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0AA69C98-F3D7-481E-B41F-EE5E6ACA31F1}: C:\Users\Burgess\AppData\Local\{0AA69C98-F3D7-481E-B41F-EE5E6ACA31F1}\ [2010/10/21 18:21:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{021B1EB6-B74C-4D9B-89BB-78AB8CCEE428}: C:\Users\Mitch\AppData\Local\{021B1EB6-B74C-4D9B-89BB-78AB8CCEE428} [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A87EB6EE-E449-436F-95E5-B97985E078BF}: C:\Users\Burgess\AppData\Local\{A87EB6EE-E449-436F-95E5-B97985E078BF}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FBB9C9A7-5C7C-49C2-B537-44A25B9EFAA8}: C:\Users\Mitch\AppData\Local\{FBB9C9A7-5C7C-49C2-B537-44A25B9EFAA8} [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{D4A4CCE1-34ED-444B-B462-F7AE98E4257C}: C:\Users\Burgess\AppData\Local\{D4A4CCE1-34ED-444B-B462-F7AE98E4257C}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{01AF4BC4-E612-4D01-AABD-4026D89B0220}: C:\Users\Burgess\AppData\Local\{01AF4BC4-E612-4D01-AABD-4026D89B0220}\ [2010/10/21 18:21:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{DCA46154-0766-4AD6-8454-1257208B4C86}: C:\Users\Mitch\AppData\Local\{DCA46154-0766-4AD6-8454-1257208B4C86}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3B2676BD-D009-4E84-B77D-B2A77CC4F067}: C:\Users\Mitch\AppData\Local\{3B2676BD-D009-4E84-B77D-B2A77CC4F067}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6338F594-28F8-456E-AB83-36AE2ABCC174}: C:\Users\Burgess\AppData\Local\{6338F594-28F8-456E-AB83-36AE2ABCC174}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F98798E9-967A-4DC6-8E2F-219D49A08CA5}: C:\Users\Burgess\AppData\Local\{F98798E9-967A-4DC6-8E2F-219D49A08CA5}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{01821E4B-21D3-4790-8A4E-94143451F52F}: C:\Users\Mitch\AppData\Local\{01821E4B-21D3-4790-8A4E-94143451F52F} [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F6398D06-40A8-4EA1-9661-949CD74133EA}: C:\Users\Burgess\AppData\Local\{F6398D06-40A8-4EA1-9661-949CD74133EA}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6A0B4CA1-86C5-4DBA-943F-EE39FB73BB5E}: C:\Users\Burgess\AppData\Local\{6A0B4CA1-86C5-4DBA-943F-EE39FB73BB5E}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{683FA8FB-F01E-44C1-ABAC-C6475BB96925}: C:\Users\Burgess\AppData\Local\{683FA8FB-F01E-44C1-ABAC-C6475BB96925}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BE74F2CC-9CD1-4F7A-9A6C-80A0481670AA}: C:\Users\Burgess\AppData\Local\{BE74F2CC-9CD1-4F7A-9A6C-80A0481670AA}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{5D7A8ABB-8592-44BD-B2BA-BF0990146BBA}: C:\Users\Burgess\AppData\Local\{5D7A8ABB-8592-44BD-B2BA-BF0990146BBA}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BD731480-A9EC-4816-B79D-24F95F057CBD}: C:\Users\Burgess\AppData\Local\{BD731480-A9EC-4816-B79D-24F95F057CBD}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3B3CBCB8-F53B-4937-A1F7-ECEE6F55F269}: C:\Users\Burgess\AppData\Local\{3B3CBCB8-F53B-4937-A1F7-ECEE6F55F269}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{EC979111-16D4-4E50-8BAC-EE34414910AE}: C:\Users\Burgess\AppData\Local\{EC979111-16D4-4E50-8BAC-EE34414910AE}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0DA90A41-3898-42ED-98E2-3D419A50CAA1}: C:\Users\Burgess\AppData\Local\{0DA90A41-3898-42ED-98E2-3D419A50CAA1}\ [2010/10/21 18:21:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BAF7AE01-27FB-4B79-988D-FECEA71FA20D}: C:\Users\Burgess\AppData\Local\{BAF7AE01-27FB-4B79-988D-FECEA71FA20D}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C0E5F93A-B27A-4B5F-8801-428B4E0FC2BD}: C:\Users\Burgess\AppData\Local\{C0E5F93A-B27A-4B5F-8801-428B4E0FC2BD}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{68039E31-090F-46FC-AB41-DFDB6C02BBF5}: C:\Users\Burgess\AppData\Local\{68039E31-090F-46FC-AB41-DFDB6C02BBF5}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4544806E-EDAA-4F0E-A7B5-6240275647BE}: C:\Users\Burgess\AppData\Local\{4544806E-EDAA-4F0E-A7B5-6240275647BE}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A6CE39D0-E71C-414D-B947-40A159B0BCB8}: C:\Users\Burgess\AppData\Local\{A6CE39D0-E71C-414D-B947-40A159B0BCB8}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F1002F26-2DA2-498F-B365-12B963ACF028}: C:\Users\Burgess\AppData\Local\{F1002F26-2DA2-498F-B365-12B963ACF028}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{26D99F41-F45E-415B-9A88-9C021FF8B261}: C:\Users\Burgess\AppData\Local\{26D99F41-F45E-415B-9A88-9C021FF8B261}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{CDCD1E9A-0507-4214-8F09-35AA7BE29CCA}: C:\Users\Burgess\AppData\Local\{CDCD1E9A-0507-4214-8F09-35AA7BE29CCA}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7481D296-4103-484E-AE4D-02A2D50810B3}: C:\Users\Burgess\AppData\Local\{7481D296-4103-484E-AE4D-02A2D50810B3}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4088E2FF-59C5-40EA-ADBC-464B50028E94}: C:\Users\Burgess\AppData\Local\{4088E2FF-59C5-40EA-ADBC-464B50028E94}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C6160785-6D8E-4B62-9FA0-7626CA51E5D6}: C:\Users\Burgess\AppData\Local\{C6160785-6D8E-4B62-9FA0-7626CA51E5D6} [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{022FD96B-7F52-4014-AE04-59ADDBDE423B}: C:\Users\Burgess\AppData\Local\{022FD96B-7F52-4014-AE04-59ADDBDE423B}\ [2010/10/21 18:21:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1DB86530-0A76-486B-B420-60A53D9E71CC}: C:\Users\Burgess\AppData\Local\{1DB86530-0A76-486B-B420-60A53D9E71CC}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ED436D7D-4AB9-4822-80BE-8E00D777D7FB}: C:\Users\Burgess\AppData\Local\{ED436D7D-4AB9-4822-80BE-8E00D777D7FB}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{AE84F59B-307C-448C-A770-6C1452076321}: C:\Users\Burgess\AppData\Local\{AE84F59B-307C-448C-A770-6C1452076321}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6999CA1D-4C37-47AF-9FEE-F06C1E4B6C2C}: C:\Users\Burgess\AppData\Local\{6999CA1D-4C37-47AF-9FEE-F06C1E4B6C2C}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0EE3C837-9EA3-4698-BCD5-BD4E8D25D6A0}: C:\Users\Burgess\AppData\Local\{0EE3C837-9EA3-4698-BCD5-BD4E8D25D6A0}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A0DC25C0-24F3-4191-931B-2B3EF93927CD}: C:\Users\Burgess\AppData\Local\{A0DC25C0-24F3-4191-931B-2B3EF93927CD}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0FAB358A-C40F-478C-A5FF-8779B638AD9E}: C:\Users\Burgess\AppData\Local\{0FAB358A-C40F-478C-A5FF-8779B638AD9E}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C9F54624-A59B-4325-AABB-66FF9FD98736}: C:\Users\Burgess\AppData\Local\{C9F54624-A59B-4325-AABB-66FF9FD98736}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C95D7C0B-ADBD-47DF-B008-FB67FEF7A973}: C:\Users\Burgess\AppData\Local\{C95D7C0B-ADBD-47DF-B008-FB67FEF7A973}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FE607F62-6217-4E73-9248-8B7A6B366F88}: C:\Users\Burgess\AppData\Local\{FE607F62-6217-4E73-9248-8B7A6B366F88}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4112B3DA-79AD-48EC-96CD-70B4BC640126}: C:\Users\Burgess\AppData\Local\{4112B3DA-79AD-48EC-96CD-70B4BC640126}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ED17B3FF-1891-4950-80D0-8A81EC2BA586}: C:\Users\Burgess\AppData\Local\{ED17B3FF-1891-4950-80D0-8A81EC2BA586}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{475C8C3D-2621-4C5F-9809-64A15F673D88}: C:\Users\Burgess\AppData\Local\{475C8C3D-2621-4C5F-9809-64A15F673D88}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{55743ADC-2F04-4171-A8D8-6D61E6D761DF}: C:\Users\Burgess\AppData\Local\{55743ADC-2F04-4171-A8D8-6D61E6D761DF}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3B6758DE-B570-4947-8819-AF6487C6D70F}: C:\Users\Burgess\AppData\Local\{3B6758DE-B570-4947-8819-AF6487C6D70F}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{87240927-E5C3-4273-B261-06E215C25FDB}: C:\Users\Burgess\AppData\Local\{87240927-E5C3-4273-B261-06E215C25FDB}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{914891D9-9D3A-4FAF-8338-A591EDF7B91F}: C:\Users\Burgess\AppData\Local\{914891D9-9D3A-4FAF-8338-A591EDF7B91F}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{D2C007E5-07C5-44CC-B784-B15CB859CC51}: C:\Users\Mitch\AppData\Local\{D2C007E5-07C5-44CC-B784-B15CB859CC51}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{672C3E82-15C1-435D-A0E9-10055B4BB729}: C:\Users\Burgess\AppData\Local\{672C3E82-15C1-435D-A0E9-10055B4BB729}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8177E358-6724-4F4F-94ED-F3BA266B2F4D}: C:\Users\Mitch\AppData\Local\{8177E358-6724-4F4F-94ED-F3BA266B2F4D}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{32C66F5A-FE41-4125-A0D7-BB515C3C5CD5}: C:\Users\Mitch\AppData\Local\{32C66F5A-FE41-4125-A0D7-BB515C3C5CD5}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{371F34D1-442E-4DFE-83B5-94FFD0E28AA5}: C:\Users\Burgess\AppData\Local\{371F34D1-442E-4DFE-83B5-94FFD0E28AA5}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{CFAE447E-2334-49F3-816B-18C3BE603BAA}: C:\Users\Burgess\AppData\Local\{CFAE447E-2334-49F3-816B-18C3BE603BAA}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1810704F-1C9F-4845-8233-294709282F64}: C:\Users\Mitch\AppData\Local\{1810704F-1C9F-4845-8233-294709282F64}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{CEF792E0-EB57-4F61-A923-86583A453012}: C:\Users\Burgess\AppData\Local\{CEF792E0-EB57-4F61-A923-86583A453012}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B75241CE-1315-473E-9F67-5BD0CC5B81CE}: C:\Users\Burgess\AppData\Local\{B75241CE-1315-473E-9F67-5BD0CC5B81CE}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{5FFCEFE7-55D7-4596-BB26-35F146CB6514}: C:\Users\Burgess\AppData\Local\{5FFCEFE7-55D7-4596-BB26-35F146CB6514}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B24AA79A-3D0F-488B-B3F2-C272EB293B33}: C:\Users\Burgess\AppData\Local\{B24AA79A-3D0F-488B-B3F2-C272EB293B33} [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{31AC73BF-FC18-4531-992F-1A997056EC2D}: C:\Users\Mitch\AppData\Local\{31AC73BF-FC18-4531-992F-1A997056EC2D}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{EF8738F8-113D-4A9E-99E2-FD24EFDFB8EB}: C:\Users\Mitch\AppData\Local\{EF8738F8-113D-4A9E-99E2-FD24EFDFB8EB}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{31C36255-13C9-47C0-9A9A-86B79BEB0BEB}: C:\Users\Burgess\AppData\Local\{31C36255-13C9-47C0-9A9A-86B79BEB0BEB}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{314DA6F3-F502-4BD1-9E98-3871D2181070}: C:\Users\Mitch\AppData\Local\{314DA6F3-F502-4BD1-9E98-3871D2181070}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7CF1820-6297-46A8-8698-EB993DC9F725}: C:\Users\Mitch\AppData\Local\{B7CF1820-6297-46A8-8698-EB993DC9F725}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F94377AE-23E6-4B0D-980C-F6752EBD5BA6}: C:\Users\Burgess\AppData\Local\{F94377AE-23E6-4B0D-980C-F6752EBD5BA6}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{15DE25A5-6AF4-427C-B0BA-BB6B756A51AA}: C:\Users\Mitch\AppData\Local\{15DE25A5-6AF4-427C-B0BA-BB6B756A51AA}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8F45B187-F84B-4F9B-B355-C6D470852FE5}: C:\Users\Mitch\AppData\Local\{8F45B187-F84B-4F9B-B355-C6D470852FE5}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{26340601-01DA-4892-9DB4-C1DB073BCD2A}: C:\Users\Burgess\AppData\Local\{26340601-01DA-4892-9DB4-C1DB073BCD2A}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C31F456D-3905-407A-BF5F-0C1BF8C7C00E}: C:\Users\Burgess\AppData\Local\{C31F456D-3905-407A-BF5F-0C1BF8C7C00E}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{881B7250-BB32-49A5-BF2A-6C50AEB36157}: C:\Users\Burgess\AppData\Local\{881B7250-BB32-49A5-BF2A-6C50AEB36157}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{D39F2292-FDDF-4A13-A130-8928898C222D}: C:\Users\Mitch\AppData\Local\{D39F2292-FDDF-4A13-A130-8928898C222D} [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A1DD4D3B-AC42-4D35-8EB2-A6801FBD1CC8}: C:\Users\Burgess\AppData\Local\{A1DD4D3B-AC42-4D35-8EB2-A6801FBD1CC8}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{E31A19FB-6077-4256-BA0B-296C016B8660}: C:\Users\Burgess\AppData\Local\{E31A19FB-6077-4256-BA0B-296C016B8660}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{05F81070-019B-45B7-8F80-A9F5C4494815}: C:\Users\Burgess\AppData\Local\{05F81070-019B-45B7-8F80-A9F5C4494815}\ [2010/10/21 18:21:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{5EDEF787-857A-492E-B679-87A15F6F82C9}: C:\Users\Burgess\AppData\Local\{5EDEF787-857A-492E-B679-87A15F6F82C9}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C7C476CA-30CD-4DC9-9988-1B56431ED140}: C:\Users\Burgess\AppData\Local\{C7C476CA-30CD-4DC9-9988-1B56431ED140}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{85F75B53-2E79-4607-A1AA-D4E2D7018781}: C:\Users\Burgess\AppData\Local\{85F75B53-2E79-4607-A1AA-D4E2D7018781}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2010/08/03 12:39:06 | 000,000,000 | ---- | M] () -- C:\Users\Mitch\AppData\Local\Kyeji.bin
[2010/06/22 13:16:02 | 000,000,120 | ---- | C] () -- C:\Users\Mitch\AppData\Local\Npamupukalegete.dat
[2010/06/22 13:16:02 | 000,000,000 | ---- | C] () -- C:\Users\Mitch\AppData\Local\Kyeji.bin
[2010/06/20 06:14:42 | 000,014,497 | ---- | C] () -- C:\Users\Mitch\AppData\Local\agefepohebafi.dll
[2010/06/19 20:42:59 | 000,014,497 | ---- | C] () -- C:\Users\Mitch\AppData\Local\ayujigucinep.dll
[2010/06/19 19:40:20 | 000,014,497 | ---- | C] () -- C:\Users\Mitch\AppData\Local\iyasadoqenezudu.dll
[2010/06/19 18:00:17 | 000,014,713 | ---- | C] () -- C:\Users\Mitch\AppData\Local\okotiholuracan.dll


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
    broni,
    #24
  6. 2010/10/23
    Mburgess

    Mburgess Inactive Thread Starter

    Joined:
    2010/10/17
    Messages:
    24
    Likes Received:
    0
    The results log did not come up because when it restarted it froze then i had to start up in safe mode so i think that does not allow it to come up. But when i opened OTL to do the quick scan this poped up:


     
    Mburgess,
    #25
  7. 2010/10/23
    Mburgess

    Mburgess Inactive Thread Starter

    Joined:
    2010/10/17
    Messages:
    24
    Likes Received:
    0
    Quick Scan Results:

    OTL logfile created on: 10/23/2010 6:40:19 PM - Run 2
    OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Mitch\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
    6.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 361.67 Gb Total Space | 268.35 Gb Free Space | 74.20% Space Free | Partition Type: NTFS
    Drive D: | 10.79 Gb Total Space | 4.50 Gb Free Space | 41.70% Space Free | Partition Type: NTFS

    Computer Name: BURGESS-BIG | User Name: Mitch | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/21 18:10:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
    PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/21 18:10:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
    MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
    MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/10/17 17:08:09 | 000,196,320 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
    SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/04/19 18:12:25 | 000,390,952 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/04/18 03:01:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
    SRV - [2009/09/15 17:29:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
    SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/10/17 17:08:10 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
    DRV - [2010/10/17 17:08:10 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
    DRV - [2010/10/17 17:08:10 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
    DRV - [2010/10/17 17:08:10 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
    DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/01/11 21:05:54 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
    DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009/09/01 16:59:44 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/10/09 17:19:27] [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
    DRV - [2009/08/09 14:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
    DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/13 18:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/13 18:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/13 16:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/13 16:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/13 15:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
    DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/20 03:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2007/06/20 03:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2007/04/23 18:13:22 | 001,769,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5654
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5654
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5654

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5654
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {22181a4d-af90-4ca3-a569-faed9118d6bc}:1.6.0.1126

    FF - HKLM\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2010/10/17 17:10:00 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2010/10/21 18:21:18 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 18:21:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 18:21:12 | 000,000,000 | ---D | M]

    [2010/01/17 13:50:51 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Mozilla\Extensions
    [2010/01/17 13:50:52 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\y5t2ykcy.default\extensions
    [2009/11/17 07:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\y5t2ykcy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/01/17 13:50:51 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\y5t2ykcy.default\extensions\staged-xpis
    [2010/04/21 20:14:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/25 16:41:06 | 000,122,856 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_IEGetPlugin.dll

    O1 HOSTS File: ([2010/10/23 16:34:41 | 000,001,500 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
    O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
    O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
    O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
    O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
    O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
    O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File not found
    O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
    O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
    O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
    O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
    O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Mitch\Pictures\assassins_creed_2.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Mitch\Pictures\assassins_creed_2.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/23 16:34:37 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/10/21 18:10:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
    [2010/10/20 20:24:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/10/20 20:17:31 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2010/10/20 18:57:30 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/19 17:25:41 | 000,000,000 | ---D | C] -- C:\temp
    [2010/10/17 18:14:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
    [2010/10/17 17:10:43 | 000,092,112 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
    [2010/10/17 17:10:35 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
    [2010/10/17 17:10:35 | 000,064,080 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys
    [2010/10/17 17:10:34 | 000,080,464 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys
    [2010/10/17 17:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/10/17 16:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2010/10/17 08:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2010/10/17 08:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010/10/16 03:01:03 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
    [2010/10/15 18:41:14 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Roaming\Malwarebytes
    [2010/10/15 18:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/10/15 18:41:09 | 000,000,000 | ---D | C] -- C:\MalwarebytesPortable
    [2010/10/13 15:23:31 | 000,000,000 | ---D | C] -- C:\bcfc3ac9245f16ca6505ddefed
    [2010/10/11 16:51:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2010/09/28 15:31:01 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Roaming\.minecraft
    [2010/08/10 10:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\35344
    [2010/08/09 08:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\PixiePack Codec Pack
    [2010/08/09 08:26:55 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Documents\iMesh
    [2010/08/09 08:26:55 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\iMesh
    [2010/08/09 08:25:50 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\PackageAware
    [2010/08/06 17:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
    [2010/08/05 19:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MySoftware
    [2010/08/03 18:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\R-Studio
    [2010/08/01 20:17:01 | 000,000,000 | ---D | C] -- C:\HammerAutosave
    [2010/07/31 09:09:03 | 000,000,000 | -HSD | C] -- C:\Windows\BitLockerDiscoveryVolumeContents
    [2010/07/31 09:09:03 | 000,000,000 | ---D | C] -- C:\Windows\CSC
    [2010/07/31 09:09:02 | 000,000,000 | ---D | C] -- C:\Windows\RemotePackages
    [2010/07/29 10:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
    [2010/07/29 09:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
    [2010/07/29 09:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2010/07/29 09:35:42 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2010/07/29 09:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
    [2010/07/29 09:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
    [2010/07/29 09:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services

    ========== Files - Modified Within 90 Days ==========

    [2010/10/23 18:34:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/10/23 18:34:40 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/23 16:34:41 | 000,001,500 | RH-- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/10/21 18:10:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
    [2010/10/17 17:11:38 | 000,673,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/10/17 17:11:38 | 000,125,104 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/10/17 17:11:25 | 000,020,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/17 17:11:25 | 000,020,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/17 17:08:10 | 000,189,520 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
    [2010/10/17 17:08:10 | 000,092,112 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
    [2010/10/17 17:08:10 | 000,080,464 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys
    [2010/10/17 17:08:10 | 000,064,080 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys
    [2010/10/15 19:24:06 | 000,334,625 | RHS- | M] () -- C:\VKNCI
    [2010/10/15 19:24:06 | 000,000,020 | RHS- | M] () -- C:\win7.ld
    [2010/10/13 16:55:55 | 000,430,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/09/29 17:26:18 | 000,013,017 | ---- | M] () -- C:\Users\Mitch\Documents\french rev 2.docx
    [2010/09/29 16:53:54 | 000,013,888 | ---- | M] () -- C:\Users\Mitch\Documents\French rev.docx
    [2010/09/28 15:31:31 | 000,000,721 | ---- | M] () -- C:\Users\Mitch\Desktop\Minecraft - Shortcut.lnk
    [2010/09/02 19:03:42 | 000,011,413 | ---- | M] () -- C:\Users\Mitch\Documents\Private Hack.xlsx
    [2010/08/14 11:45:45 | 000,198,184 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat

    ========== Files Created - No Company Name ==========

    [2010/10/15 19:24:06 | 000,334,625 | RHS- | C] () -- C:\VKNCI
    [2010/10/13 21:28:41 | 000,000,020 | RHS- | C] () -- C:\win7.ld
    [2010/09/29 17:26:18 | 000,013,017 | ---- | C] () -- C:\Users\Mitch\Documents\french rev 2.docx
    [2010/09/29 16:38:37 | 000,013,888 | ---- | C] () -- C:\Users\Mitch\Documents\French rev.docx
    [2010/09/28 15:31:31 | 000,000,721 | ---- | C] () -- C:\Users\Mitch\Desktop\Minecraft - Shortcut.lnk
    [2010/08/14 11:45:45 | 000,198,184 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2010/08/05 19:37:44 | 000,172,032 | ---- | C] () -- C:\Windows\System32\rsUtil.dll
    [2010/07/31 09:29:47 | 000,171,136 | RHS- | C] () -- C:\grldr
    [2010/07/31 09:07:56 | 000,051,867 | ---- | C] () -- C:\Windows\Ultimate.xml
    [2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/10/09 07:37:08 | 000,000,066 | ---- | C] () -- C:\Windows\razor.INI
    [2009/10/06 20:48:06 | 000,000,058 | ---- | C] () -- C:\Windows\System32\msadio.dll
    [2009/09/28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
    [2009/09/13 19:14:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/09 22:59:15 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
    [2009/09/09 22:59:15 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2007/04/27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

    ========== LOP Check ==========

    [2010/10/12 21:51:47 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\.minecraft
    [2010/07/29 18:58:04 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\BitTorrent
    [2010/06/17 06:36:27 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\LolClient
    [2010/01/17 13:50:45 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
    [2010/05/28 14:56:02 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\MAGIX
    [2010/01/19 22:14:11 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\MusicNet
    [2009/11/07 07:04:33 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\SampleView
    [2010/01/17 13:50:52 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Spare Backup
    [2010/10/23 15:56:59 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\uTorrent
    [2010/09/24 09:48:58 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
    Mburgess,
    #26
  8. 2010/10/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #27
  9. 2010/10/23
    Mburgess

    Mburgess Inactive Thread Starter

    Joined:
    2010/10/17
    Messages:
    24
    Likes Received:
    0
    TDSSKiller did not find any Infections:


    2010/10/23 19:21:26.0986 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
    2010/10/23 19:21:26.0986 ================================================================================
    2010/10/23 19:21:26.0986 SystemInfo:
    2010/10/23 19:21:26.0986
    2010/10/23 19:21:26.0986 OS Version: 6.1.7600 ServicePack: 0.0
    2010/10/23 19:21:26.0986 Product type: Workstation
    2010/10/23 19:21:26.0986 ComputerName: BURGESS-BIG
    2010/10/23 19:21:26.0986 UserName: Mitch
    2010/10/23 19:21:26.0986 Windows directory: C:\Windows
    2010/10/23 19:21:26.0986 System windows directory: C:\Windows
    2010/10/23 19:21:26.0986 Processor architecture: Intel x86
    2010/10/23 19:21:26.0986 Number of processors: 2
    2010/10/23 19:21:26.0986 Page size: 0x1000
    2010/10/23 19:21:26.0986 Boot type: Safe boot with network
    2010/10/23 19:21:26.0986 ================================================================================
    2010/10/23 19:21:27.0282 Initialize success
    2010/10/23 19:21:30.0449 ================================================================================
    2010/10/23 19:21:30.0449 Scan started
    2010/10/23 19:21:30.0449 Mode: Manual;
    2010/10/23 19:21:30.0449 ================================================================================
    2010/10/23 19:21:31.0541 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2010/10/23 19:21:31.0588 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2010/10/23 19:21:31.0650 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2010/10/23 19:21:31.0697 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2010/10/23 19:21:31.0744 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2010/10/23 19:21:31.0760 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2010/10/23 19:21:31.0853 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2010/10/23 19:21:31.0884 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2010/10/23 19:21:31.0947 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2010/10/23 19:21:31.0994 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2010/10/23 19:21:32.0025 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2010/10/23 19:21:32.0056 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2010/10/23 19:21:32.0103 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2010/10/23 19:21:32.0134 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2010/10/23 19:21:32.0181 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2010/10/23 19:21:32.0228 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2010/10/23 19:21:32.0259 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2010/10/23 19:21:32.0306 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2010/10/23 19:21:32.0384 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2010/10/23 19:21:32.0415 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2010/10/23 19:21:32.0508 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/10/23 19:21:32.0524 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2010/10/23 19:21:32.0602 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2010/10/23 19:21:32.0649 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2010/10/23 19:21:32.0696 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2010/10/23 19:21:32.0742 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2010/10/23 19:21:32.0805 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    2010/10/23 19:21:32.0836 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2010/10/23 19:21:32.0852 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2010/10/23 19:21:32.0898 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2010/10/23 19:21:32.0930 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2010/10/23 19:21:32.0945 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2010/10/23 19:21:32.0961 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2010/10/23 19:21:32.0992 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2010/10/23 19:21:33.0054 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/10/23 19:21:33.0101 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/10/23 19:21:33.0164 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2010/10/23 19:21:33.0195 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2010/10/23 19:21:33.0273 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/10/23 19:21:33.0288 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2010/10/23 19:21:33.0320 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2010/10/23 19:21:33.0351 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/10/23 19:21:33.0398 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2010/10/23 19:21:33.0444 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2010/10/23 19:21:33.0522 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    2010/10/23 19:21:33.0616 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2010/10/23 19:21:33.0647 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2010/10/23 19:21:33.0694 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2010/10/23 19:21:33.0772 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2010/10/23 19:21:33.0819 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/10/23 19:21:33.0928 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2010/10/23 19:21:34.0053 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2010/10/23 19:21:34.0084 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2010/10/23 19:21:34.0131 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2010/10/23 19:21:34.0146 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2010/10/23 19:21:34.0178 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2010/10/23 19:21:34.0224 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2010/10/23 19:21:34.0256 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2010/10/23 19:21:34.0287 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/10/23 19:21:34.0302 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2010/10/23 19:21:34.0349 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2010/10/23 19:21:34.0365 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/10/23 19:21:34.0427 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2010/10/23 19:21:34.0474 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2010/10/23 19:21:34.0536 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2010/10/23 19:21:34.0568 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2010/10/23 19:21:34.0614 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/10/23 19:21:34.0646 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2010/10/23 19:21:34.0661 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2010/10/23 19:21:34.0724 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2010/10/23 19:21:34.0786 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/10/23 19:21:34.0880 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2010/10/23 19:21:34.0926 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2010/10/23 19:21:34.0973 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
    2010/10/23 19:21:35.0036 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2010/10/23 19:21:35.0082 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2010/10/23 19:21:35.0145 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/10/23 19:21:35.0207 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2010/10/23 19:21:35.0238 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2010/10/23 19:21:35.0348 IntcAzAudAddService (389f5d4859f4300d52ead838f1a17131) C:\Windows\system32\drivers\RTKVHDA.sys
    2010/10/23 19:21:35.0394 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2010/10/23 19:21:35.0441 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/10/23 19:21:35.0472 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/10/23 19:21:35.0504 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2010/10/23 19:21:35.0535 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2010/10/23 19:21:35.0613 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2010/10/23 19:21:35.0628 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2010/10/23 19:21:35.0675 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/10/23 19:21:35.0894 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/10/23 19:21:35.0940 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/10/23 19:21:35.0972 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2010/10/23 19:21:36.0003 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2010/10/23 19:21:36.0096 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/10/23 19:21:36.0159 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2010/10/23 19:21:36.0190 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2010/10/23 19:21:36.0221 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2010/10/23 19:21:36.0237 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2010/10/23 19:21:36.0268 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2010/10/23 19:21:36.0299 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2010/10/23 19:21:36.0330 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2010/10/23 19:21:36.0362 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2010/10/23 19:21:36.0424 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2010/10/23 19:21:36.0486 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2010/10/23 19:21:36.0549 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/10/23 19:21:36.0596 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/10/23 19:21:36.0627 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2010/10/23 19:21:36.0658 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2010/10/23 19:21:36.0689 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2010/10/23 19:21:36.0720 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2010/10/23 19:21:36.0767 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/10/23 19:21:36.0798 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/10/23 19:21:36.0830 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/10/23 19:21:36.0861 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2010/10/23 19:21:36.0892 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2010/10/23 19:21:36.0954 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2010/10/23 19:21:36.0986 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2010/10/23 19:21:37.0001 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2010/10/23 19:21:37.0064 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/10/23 19:21:37.0095 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/10/23 19:21:37.0110 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2010/10/23 19:21:37.0142 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2010/10/23 19:21:37.0173 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/10/23 19:21:37.0188 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2010/10/23 19:21:37.0220 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2010/10/23 19:21:37.0235 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2010/10/23 19:21:37.0298 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/10/23 19:21:37.0376 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2010/10/23 19:21:37.0454 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2010/10/23 19:21:37.0500 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/10/23 19:21:37.0547 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/10/23 19:21:37.0563 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/10/23 19:21:37.0594 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2010/10/23 19:21:37.0641 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2010/10/23 19:21:37.0656 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2010/10/23 19:21:37.0781 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2010/10/23 19:21:37.0828 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2010/10/23 19:21:37.0844 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2010/10/23 19:21:37.0906 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2010/10/23 19:21:37.0953 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2010/10/23 19:21:38.0218 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2010/10/23 19:21:38.0436 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2010/10/23 19:21:38.0468 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2010/10/23 19:21:38.0514 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
    2010/10/23 19:21:38.0561 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2010/10/23 19:21:38.0592 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2010/10/23 19:21:38.0686 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2010/10/23 19:21:38.0717 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2010/10/23 19:21:38.0733 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2010/10/23 19:21:38.0780 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2010/10/23 19:21:38.0795 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2010/10/23 19:21:38.0826 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2010/10/23 19:21:38.0858 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2010/10/23 19:21:38.0889 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2010/10/23 19:21:39.0029 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/10/23 19:21:39.0060 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2010/10/23 19:21:39.0138 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2010/10/23 19:21:39.0185 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2010/10/23 19:21:39.0232 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2010/10/23 19:21:39.0248 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2010/10/23 19:21:39.0279 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/10/23 19:21:39.0341 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2010/10/23 19:21:39.0372 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/10/23 19:21:39.0419 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/10/23 19:21:39.0482 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/10/23 19:21:39.0497 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/10/23 19:21:39.0513 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2010/10/23 19:21:39.0544 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/10/23 19:21:39.0622 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2010/10/23 19:21:39.0653 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2010/10/23 19:21:39.0684 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2010/10/23 19:21:39.0716 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2010/10/23 19:21:39.0778 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2010/10/23 19:21:39.0856 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/10/23 19:21:39.0903 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2010/10/23 19:21:39.0934 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2010/10/23 19:21:39.0996 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2010/10/23 19:21:40.0074 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2010/10/23 19:21:40.0090 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2010/10/23 19:21:40.0121 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2010/10/23 19:21:40.0184 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2010/10/23 19:21:40.0215 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2010/10/23 19:21:40.0246 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2010/10/23 19:21:40.0262 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2010/10/23 19:21:40.0308 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2010/10/23 19:21:40.0355 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2010/10/23 19:21:40.0386 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2010/10/23 19:21:40.0433 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2010/10/23 19:21:40.0496 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2010/10/23 19:21:40.0558 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
    2010/10/23 19:21:40.0605 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
    2010/10/23 19:21:40.0636 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/10/23 19:21:40.0698 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2010/10/23 19:21:40.0761 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2010/10/23 19:21:40.0823 tbhsd (77bd6143c6dce0a1bf7b5571bed860dc) C:\Windows\system32\drivers\tbhsd.sys
    2010/10/23 19:21:40.0886 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2010/10/23 19:21:40.0948 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/10/23 19:21:40.0979 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2010/10/23 19:21:41.0010 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2010/10/23 19:21:41.0026 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2010/10/23 19:21:41.0042 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2010/10/23 19:21:41.0088 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2010/10/23 19:21:41.0166 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\Windows\system32\DRIVERS\tmactmon.sys
    2010/10/23 19:21:41.0229 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\Windows\system32\DRIVERS\tmcomm.sys
    2010/10/23 19:21:41.0244 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\Windows\system32\DRIVERS\tmevtmgr.sys
    2010/10/23 19:21:41.0291 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\Windows\system32\DRIVERS\tmtdi.sys
    2010/10/23 19:21:41.0338 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/10/23 19:21:41.0400 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/10/23 19:21:41.0416 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2010/10/23 19:21:41.0447 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2010/10/23 19:21:41.0494 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2010/10/23 19:21:41.0541 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2010/10/23 19:21:41.0588 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2010/10/23 19:21:41.0681 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
    2010/10/23 19:21:41.0712 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/10/23 19:21:41.0744 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2010/10/23 19:21:41.0775 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/10/23 19:21:41.0822 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/10/23 19:21:41.0837 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2010/10/23 19:21:41.0900 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/10/23 19:21:41.0931 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    2010/10/23 19:21:41.0962 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/10/23 19:21:41.0993 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/10/23 19:21:42.0056 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
    2010/10/23 19:21:42.0118 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2010/10/23 19:21:42.0149 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/10/23 19:21:42.0180 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2010/10/23 19:21:42.0212 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2010/10/23 19:21:42.0258 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2010/10/23 19:21:42.0274 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2010/10/23 19:21:42.0290 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2010/10/23 19:21:42.0321 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2010/10/23 19:21:42.0352 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2010/10/23 19:21:42.0399 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2010/10/23 19:21:42.0446 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2010/10/23 19:21:42.0477 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    2010/10/23 19:21:42.0508 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2010/10/23 19:21:42.0555 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/10/23 19:21:42.0570 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/10/23 19:21:42.0664 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2010/10/23 19:21:42.0695 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2010/10/23 19:21:42.0789 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2010/10/23 19:21:42.0820 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2010/10/23 19:21:42.0867 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2010/10/23 19:21:43.0007 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    2010/10/23 19:21:43.0038 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/10/23 19:21:43.0085 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/10/23 19:21:43.0132 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2010/10/23 19:21:43.0194 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/10/23 19:21:43.0257 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
    2010/10/23 19:21:43.0304 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
    2010/10/23 19:21:43.0382 {B154377D-700F-42cc-9474-23858FBDF4BD} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD9\000.fcl
    2010/10/23 19:21:43.0413 ================================================================================
    2010/10/23 19:21:43.0413 Scan finished
    2010/10/23 19:21:43.0413 ================================================================================
     
    Mburgess,
    #28
  10. 2010/10/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Did you try to start in normal mode?

    Delete your Combofix file, download fresh one and post new log.
     
    broni,
    #29
  11. 2010/10/23
    Mburgess

    Mburgess Inactive Thread Starter

    Joined:
    2010/10/17
    Messages:
    24
    Likes Received:
    0
    ComboFix 10-10-22.05 - Mitch 10/23/2010 20:18:57.1.2 - x86 NETWORK
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2503 [GMT -7:00]
    Running from: c:\users\Mitch\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Mitch\GT704-WGB_RAW-USB_Drivers.exe
    c:\windows\system32\service
    c:\windows\system32\service\01012010_TIS17_SfFniAU.log
    c:\windows\system32\service\01102009_TIS17_SfFniAU.log
    c:\windows\system32\service\12102009_TIS17_SfFniAU.log
    c:\windows\system32\service\14092009_TIS17_SfFniAU.log
    c:\windows\system32\service\17112009_TIS17_SfFniAU.log
    c:\windows\system32\service\20092009_TIS17_SfFniAU.log
    c:\windows\system32\service\23112009_TIS17_SfFniAU.log
    c:\windows\system32\service\24092009_TIS17_SfFniAU.log
    c:\windows\system32\service\25122009_TIS17_SfFniAU.log
    c:\windows\system32\service\29102009_TIS17_SfFniAU.log

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-24 to 2010-10-24 )))))))))))))))))))))))))))))))
    .

    2010-10-24 03:27 . 2010-10-24 03:27 -------- d-----w- c:\users\Mitch\AppData\Local\temp
    2010-10-24 03:18 . 2010-10-24 03:18 -------- d-----w- C:\32788R22FWJFW
    2010-10-23 23:34 . 2010-10-23 23:34 -------- d-----w- C:\_OTL
    2010-10-20 00:25 . 2010-10-20 00:25 -------- d-----w- C:\temp
    2010-10-18 00:10 . 2010-10-18 00:08 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
    2010-10-18 00:10 . 2010-10-18 00:08 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
    2010-10-18 00:10 . 2010-10-18 00:08 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2010-10-18 00:10 . 2010-10-18 00:08 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
    2010-10-18 00:08 . 2010-10-18 00:09 -------- d-----w- c:\program files\Trend Micro
    2010-10-17 23:19 . 2010-10-17 23:19 -------- d-----w- c:\programdata\NVIDIA Corporation
    2010-10-17 15:54 . 2010-10-17 23:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-10-17 15:54 . 2010-10-17 23:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-10-16 12:45 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-10-16 10:09 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-10-16 10:01 . 2010-10-16 10:01 -------- d-----w- c:\windows\CheckSur
    2010-10-16 02:42 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-16 02:23 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
    2010-10-16 02:20 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-16 02:20 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-16 02:20 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-16 02:20 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-16 02:20 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-16 01:41 . 2010-10-16 01:41 -------- d-----w- c:\users\Mitch\AppData\Roaming\Malwarebytes
    2010-10-16 01:41 . 2010-10-16 01:41 -------- d-----w- c:\programdata\Malwarebytes
    2010-10-16 01:41 . 2010-10-16 02:01 -------- d-----w- C:\MalwarebytesPortable
    2010-10-13 22:23 . 2010-10-13 22:23 -------- d-----w- C:\bcfc3ac9245f16ca6505ddefed
    2010-10-13 02:30 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-28 22:31 . 2010-10-13 04:51 -------- d-----w- c:\users\Mitch\AppData\Roaming\.minecraft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-21 05:32 . 2010-09-15 17:18 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2010-07-29 06:30 . 2010-08-12 03:39 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-07-29 06:30 . 2010-08-12 03:39 82944 ----a-w- c:\windows\system32\iccvid.dll
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}]
    2010-10-18 00:08 234832 ----a-w- c:\program files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam "= "c:\program files\steam\steam.exe" [2010-08-24 1242448]
    "SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [BU]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl "= "RtHDVCpl.exe" [2007-04-23 4435968]
    "BDRegion "= "c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-02 75048]
    "CHotkey "= "zHotkey.exe" [2006-11-07 547840]
    "ModPS2 "= "ModPS2Key.exe" [2006-11-07 53248]
    "PDVD9LanguageShortcut "= "c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-28 50472]
    "RemoteControl9 "= "c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "ShowWnd "= "ShowWnd.exe" [2005-01-27 36864]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Trend Micro Client Framework "= "c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-18 112632]
    "Trend Micro Titanium "= "c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2010-10-18 1062224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv "= "grpconv -o" [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 0 (0x0)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableLUA "= 0 (0x0)
    "EnableUIADesktopToggle "= 0 (0x0)
    "PromptOnSecureDesktop "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
    @= "[6cFgE][S?û?d, ?ìdeô ??d gª?è ¢o?tr?l?è?š !!! !!! !] "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
    @= "Portable Media Devices "

    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/10/09 17:19];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-09-01 23:59 87536]
    R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-10-18 64080]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-18 1343400]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - KLMD25
    *Deregistered* - klmd25

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
    2010-02-17 02:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5654
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
    FF - ProfilePath - c:\users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\y5t2ykcy.default\
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-RunOnce-<NO NAME> - (no file)



    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
    "ImagePath "= "\??\c:\program files\CyberLink\PowerDVD9\000.fcl "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-10-23 20:28:54
    ComboFix-quarantined-files.txt 2010-10-24 03:28
    ComboFix2.txt 2010-10-21 03:23
    ComboFix3.txt 2010-10-21 02:55
    ComboFix4.txt 2010-10-21 02:10

    Pre-Run: 287,889,014,784 bytes free
    Post-Run: 287,847,632,896 bytes free

    - - End Of File - - E176267665DF9ED11C186C7FEB3C666A
     
    Mburgess,
    #30
  12. 2010/10/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Still can't boot into normal mode?
     
    broni,
    #31
  13. 2010/10/24
    Mburgess

    Mburgess Inactive Thread Starter

    Joined:
    2010/10/17
    Messages:
    24
    Likes Received:
    0
    Last I checked no but I'll try again in the morning
     
    Mburgess,
    #32
  14. 2010/10/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok...
     
    broni,
    #33
  15. 2010/10/24
    Mburgess

    Mburgess Inactive Thread Starter

    Joined:
    2010/10/17
    Messages:
    24
    Likes Received:
    0
    Nope still not working
     
    Mburgess,
    #34
  16. 2010/10/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, at this point your computer is totally malware free, so you must have some other issues.

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
     
    broni,
    #35
  17. 2010/10/24
    Mburgess

    Mburgess Inactive Thread Starter

    Joined:
    2010/10/17
    Messages:
    24
    Likes Received:
    0
    That is where I first posted then the Admin guy told me to post here
     
    Mburgess,
    #36
  18. 2010/10/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm not sure, what else to tell you, short of backing up your data and reinstalling Windows.
    Sorry :)
     
    broni,
    #37
  19. 2010/10/25
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.
     
    Admin.,
    #38
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...