1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet Explorer Infected

Discussion in 'Virus & Other Malware Removal' started by Alker431, Nov 15, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Alker431

    Alker431 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    30
    My Internet Explorer, which I have only used once on this computer just to download FireFox, shows what seems to me as signs of being infected.

    In task manager, there are about 6-8 processes of iexplorer.exe running in the backround, even if I haven't done anything. They eat up lots of cpu and memory, and at random times, I also hear radio playing out of nowhere. I can't end these processes either, they just reappear and continue on.

    I've scanned my entire computer with Malwarebytes, AVG free, Windows Defender, and Comodo Internet Security and none of them can detect anything. The only way I was able to get rid of these symptoms was to disable it from the control panel. Everything was fine, until I later found out that I need Internet Explorer to do certain things, like get windows updates or to use certain programs. I was going to try and reformat my computer, but I need a recovery disk that I never made (stupid self). I have come to the end of my ropes and can't find a solution to this problem. Please help me!!!
     
  2. Alker431

    Alker431 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    30
    Can someone please help me? If I need to provide more information of some sort don't hesitate to ask me.
     
  3. Alker431

    Alker431 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    30
    Can anyone out there help me? Any kind of suggestion would be helpful. If there is no solution to this other than sending it somewhere to get fixed, go ahead and tell me.
     
  4. Alker431

    Alker431 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    30
    Here is some more information... sry I didn't know I had to provide this before

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:40:12 AM, on 11/19/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\YouKu\common\ikuacc.exe
    C:\Program Files (x86)\YouKu\iku2\iku.exe
    C:\Program Files (x86)\YouKu\common\ikucmc.exe
    C:\Program Files (x86)\Movie Maker 2.6\MOVIEMK.exe
    C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Norton Safe Web Lite BHO - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (file missing)
    O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    O3 - Toolbar: Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
    O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [IntelNotifierUpdate] rundll32.exe "C:\ProgramData\IntelNotifierUpdate.dll",DllRegisterServer (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe -update activex (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [IntelNotifierUpdate] rundll32.exe "C:\ProgramData\IntelNotifierUpdate.dll",DllRegisterServer (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe -update activex (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\youku\common\ikutm.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\youku\common\ikutm.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\youku\common\ikutm.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{87A0D2CD-574C-4991-A0C1-586C5AFDAA50}: NameServer = 8.26.56.26,156.154.70.22
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Safe Web Lite (NSL) - Symantec Corporation - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10255 bytes


    My Comodo Internet Security keeps saying DDS is a malware and isolates it, even if I disable all of it's features. I don't know how to fix it.
     
  5. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hi and welcome to TSG.

    I am reviewing your logs and will respond with a reply as soon as I can.

    Please note that all my replies are reviewed by a qualified Analyst before I post. This ensures that you will continue to receive quality expert assistance.

    Thank you for your patience.
     
  6. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy
    my name is Daniel and I will be assisting you with your Malware related problems.

    Before we move on, please read the following points carefully.
    • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
    • Perform everything in the correct order. Sometimes one step requires the previous one.
    • If you have any problems while you are following my instructions, Stop there and tell me the exact nature of your problem.
    • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
    • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
    • If I don't hear from you within 3 days from this initial or any subsequent post, I will have to unsubscribe from this thread and move on to assist someone else.
    • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
    • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.



    Download OTL to your Desktop.
    • Double click on the icon to run it.
    • Under the [​IMG] box paste this in
    Code:
    activex
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.
    %PROGRAMFILES%\*.exe
    %LOCALAPPDATA%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.manifest /3
    /md5start
    explorer.exe
    regedit.exe
    winlogon.exe
    wininit.exe
    userinit.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    CREATERESTOREPOINT
    
    • Make sure all other windows are closed to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Please post both logfiles in your next reply.



    Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

    Download TDSSKiller.exe and save it to your desktop
    • Execute TDSSKiller.exe by doubleclicking on it.
    • Press Start Scan
    • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
    • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

    Please post the contents of that log in your next reply.



    Please post in your next reply
    OTL.txt
    Extras.txt
    TDSSKiller Logfile
     
  7. Alker431

    Alker431 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    30
    Hi Larusso, thank you for helping me solve this problem that I have.


    These are the logs from OTL.exe


    ---------------------------------
    First Part (OTL.txt)
    ---------------------------------

    OTL logfile created on: 11/20/2011 8:16:11 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kevin\Downloads
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 71.15% Memory free
    7.99 Gb Paging File | 6.61 Gb Available in Paging File | 82.70% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 57.42 Gb Total Space | 3.02 Gb Free Space | 5.26% Space Free | Partition Type: NTFS
    Drive D: | 232.88 Gb Total Space | 55.67 Gb Free Space | 23.90% Space Free | Partition Type: NTFS
    Drive E: | 91.63 Gb Total Space | 91.02 Gb Free Space | 99.34% Space Free | Partition Type: NTFS
    Drive I: | 11.90 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/20 20:14:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Downloads\OTL.exe
    PRC - [2011/11/10 01:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2011/09/24 15:15:27 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    PRC - [2011/08/10 12:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
    PRC - [2010/01/11 20:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2009/12/23 13:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/24 15:15:27 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/10/07 18:47:16 | 002,663,568 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV:64bit: - [2011/05/25 19:43:26 | 000,161,080 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
    SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2008/07/15 11:20:00 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
    SRV - [2011/09/22 14:58:07 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/08/10 12:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe -- (NSL)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/11 20:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2009/12/23 13:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/11/13 10:47:24 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011/11/11 21:17:07 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2011/10/07 18:47:56 | 000,016,528 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
    DRV:64bit: - [2011/08/08 15:38:05 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\0200000.010\ccSetx64.sys -- (ccSet_NST)
    DRV:64bit: - [2010/02/03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 16:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
    DRV:64bit: - [2009/06/10 12:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel(R)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 B1 32 C2 31 A2 CC 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B6 6D 78 15 53 23 17 43 A3 EA 2A 10 3B 44 80 0B [binary data]
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.order.1: "Yahoo"
    FF - prefs.js..browser.search.order.2: ""
    FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20111044,6902,0,16,0"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
    FF - prefs.js..extensions.enabledItems: {203FB6B2-2E1E-4474-863B-4C483ECCE78E}:2012.1.1.16
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 11.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS [2011/11/20 11:02:04 | 000,000,000 | ---D | M]
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 11.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2011/11/20 10:45:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/12 18:23:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/12 18:23:00 | 000,000,000 | ---D | M]

    [2010/05/21 19:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions
    [2011/11/12 15:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\3j0f6kxc.default\extensions
    [2011/11/11 07:27:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\3j0f6kxc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/10/27 20:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\3j0f6kxc.default\extensions\{BA14329E-9550-4989-B3F2-9732E92D17CC}-TRASH
    [2011/11/18 16:24:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\extensions
    [2011/11/18 16:24:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/11/03 18:43:33 | 000,002,463 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\3j0f6kxc.default\searchplugins\safesearch.xml
    [2011/11/12 18:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/05/13 18:51:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
    [2011/11/04 22:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/06/02 18:18:05 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2011/10/29 16:19:03 | 000,001,222 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 forum.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 support.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 users.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 shop.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 vodka.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 *.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 *.alcohol-soft.*
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll File not found
    O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] Skytel.exe File not found
    O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
    O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
    O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
    O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\YouKu\common\ikutm.dll (youku.com)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\YouKu\common\ikutm.dll (youku.com)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\YouKu\common\ikutm.dll (youku.com)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87A0D2CD-574C-4991-A0C1-586C5AFDAA50}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87A0D2CD-574C-4991-A0C1-586C5AFDAA50}: NameServer = 8.26.56.26,156.154.70.22
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{2397cc12-6600-11df-8428-001d099cb5be}\Shell - "" = AutoRun
    O33 - MountPoints2\{2397cc12-6600-11df-8428-001d099cb5be}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{db10ee84-7927-11e0-a03c-001d099cb5be}\Shell - "" = AutoRun
    O33 - MountPoints2\{db10ee84-7927-11e0-a03c-001d099cb5be}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/19 18:58:28 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMacsoft
    [2011/11/19 18:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iMacsoft
    [2011/11/19 09:39:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/11/19 09:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJackThis
    [2011/11/13 10:47:24 | 000,279,616 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
    [2011/11/13 10:47:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
    [2011/11/13 09:47:30 | 000,000,000 | -H-D | C] -- C:\VritualRoot
    [2011/11/13 09:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2011/11/13 09:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    [2011/11/13 09:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2011/11/13 09:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
    [2011/11/12 21:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nightly
    [2011/11/12 21:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2011/11/12 10:10:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2011/11/11 21:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
    [2011/11/11 20:07:01 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
    [2011/11/11 14:56:41 | 000,118,784 | ---- | C] (CyberLink) -- C:\Windows\SysWow64\srrstr.dll
    [2011/11/11 14:56:40 | 000,118,784 | ---- | C] (CyberLink) -- C:\ProgramData\IntelNotifierUpdate.dll
    [2011/11/08 17:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
    [2011/11/08 17:17:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
    [2011/11/03 16:02:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360X64
    [2011/11/03 16:02:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360X64\0501000.01D
    [2011/11/03 16:01:15 | 000,167,048 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSTx64\0200000.010\ccSetx64.sys
    [2011/11/03 16:01:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64
    [2011/11/03 16:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Safe Web Lite
    [2011/11/03 16:01:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64\0200000.010
    [2011/10/28 06:09:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YONTOO LAYERS RUNTIME
    [2011/10/27 20:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
    [2011/10/27 20:21:53 | 000,000,000 | ---D | C] -- C:\Users\Kevin\.swt
    [2011/10/27 19:31:38 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
    [2011/10/27 19:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
    [2011/10/27 19:17:09 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\WeatherBug
    [2011/10/27 19:17:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\WeatherBug
    [2011/10/27 19:16:07 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Fighters
    [2011/10/27 19:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
    [2011/10/27 19:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
    [2011/10/27 18:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
    [2011/08/26 21:11:45 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Kevin\AppData\Roaming\pcouffin.sys
    [39 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [39 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/20 20:14:30 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2011/11/20 10:56:46 | 000,002,052 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/11/20 10:55:30 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/11/20 10:55:30 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/11/20 10:55:30 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/11/20 10:50:07 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/20 10:50:06 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/20 10:44:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/20 10:44:31 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/19 20:01:30 | 000,000,534 | ---- | M] () -- C:\Users\Kevin\Documents\ax_files.xml
    [2011/11/19 18:20:27 | 000,011,776 | ---- | M] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/13 10:47:24 | 000,279,616 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
    [2011/11/13 09:34:54 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
    [2011/11/13 09:34:38 | 000,001,105 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
    [2011/11/13 09:34:38 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
    [2011/11/13 09:09:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/11/13 09:09:42 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/11/13 08:49:33 | 001,056,768 | ---- | M] () -- C:\Windows\SysNative\defltbase.sdb
    [2011/11/12 21:06:37 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\Nightly.lnk
    [2011/11/12 18:23:05 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/11/11 21:17:07 | 000,530,488 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
    [2011/11/11 16:44:10 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/11/11 14:56:39 | 000,118,784 | ---- | M] (CyberLink) -- C:\Windows\SysWow64\srrstr.dll
    [2011/11/11 14:56:39 | 000,118,784 | ---- | M] (CyberLink) -- C:\ProgramData\IntelNotifierUpdate.dll
    [2011/11/08 17:18:20 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
    [39 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [39 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/13 09:36:56 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2011/11/13 09:34:54 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
    [2011/11/13 09:34:38 | 000,001,105 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
    [2011/11/13 09:34:38 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
    [2011/11/13 09:09:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/11/13 09:09:42 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/11/13 08:49:33 | 001,056,768 | ---- | C] () -- C:\Windows\SysNative\defltbase.sdb
    [2011/11/12 21:06:37 | 000,000,893 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
    [2011/11/12 21:06:37 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\Nightly.lnk
    [2011/11/12 18:23:05 | 000,001,186 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/11/12 18:23:05 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/11/11 16:44:10 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/11/08 17:18:20 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
    [2011/11/03 16:01:13 | 000,007,510 | R--- | C] () -- C:\Windows\SysNative\drivers\NSTx64\0200000.010\ccSetx64.cat
    [2011/11/03 16:01:13 | 000,000,854 | R--- | C] () -- C:\Windows\SysNative\drivers\NSTx64\0200000.010\ccSetx64.inf
    [2011/11/03 16:01:13 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSTx64\0200000.010\isolate.ini
    [2011/08/27 08:30:41 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2011/08/26 21:11:45 | 000,099,384 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\inst.exe
    [2011/08/26 21:11:45 | 000,007,859 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\pcouffin.cat
    [2011/08/26 21:11:45 | 000,001,167 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\pcouffin.inf
    [2011/08/26 21:07:18 | 000,001,057 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\vso_ts_preview.xml
    [2011/08/26 13:50:44 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\Rid.ini
    [2011/08/19 10:57:27 | 000,090,413 | ---- | C] () -- C:\Windows\War3Unin.dat
    [2011/04/12 18:38:02 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2011/02/18 16:50:08 | 000,011,776 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/11 08:53:15 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
    [2010/08/11 08:53:15 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
    [2010/08/11 08:53:15 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
    [2010/05/30 18:41:49 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
    [2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 15:24:58 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
    [2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/09/17 21:23:10 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\.minecraft
    [2011/09/27 15:40:46 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\AVG2012
    [2011/11/08 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Azureus
    [2011/11/12 10:09:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DAEMON Tools Lite
    [2011/10/02 20:38:11 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DAEMON Tools Pro
    [2011/10/27 19:18:27 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Fighters
    [2011/06/17 14:27:24 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\go
    [2010/05/22 13:11:09 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Highresolution Enterprises
    [2011/08/26 15:15:12 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ImTOO
    [2011/08/05 18:19:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\InfraRecorder
    [2011/08/26 13:53:25 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Ku6Softs
    [2011/08/26 13:53:03 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Ku6SpeedUpper
    [2010/09/04 17:30:19 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\LolClient
    [2011/09/17 21:21:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Minecraft Back-up
    [2011/09/24 17:03:40 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\NeopleLauncherDFO
    [2011/08/02 10:26:09 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\RegistryKeys
    [2011/08/02 10:26:09 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Speeding Up My PC
    [2011/08/27 08:12:55 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Vso
    [2011/10/27 19:17:06 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WeatherBug
    [2011/10/28 06:08:29 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2011/08/26 13:53:02 | 000,000,000 | ---D | M](C:\Users\Kevin\Documents\?6??) -- C:\Users\Kevin\Documents\&#37239;6&#35270;&#39057;
    [2011/08/26 13:53:02 | 000,000,000 | ---D | C](C:\Users\Kevin\Documents\?6??) -- C:\Users\Kevin\Documents\&#37239;6&#35270;&#39057;
    [2011/03/06 22:50:27 | 000,035,840 | ---- | M] ()(C:\Users\Kevin\Desktop\Marketamerica ??????.doc) -- C:\Users\Kevin\Desktop\Marketamerica &#28385;&#36275;&#20320;&#30340;&#38656;&#35201;.doc
    [2011/03/06 21:50:23 | 000,035,840 | ---- | C] ()(C:\Users\Kevin\Desktop\Marketamerica ??????.doc) -- C:\Users\Kevin\Desktop\Marketamerica &#28385;&#36275;&#20320;&#30340;&#38656;&#35201;.doc

    < End of report >





    -------------------------------------------------------------
    Second Part (Extras.txt)
    -------------------------------------------------------------

    OTL Extras logfile created on: 11/20/2011 8:16:11 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kevin\Downloads
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 71.15% Memory free
    7.99 Gb Paging File | 6.61 Gb Available in Paging File | 82.70% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 57.42 Gb Total Space | 3.02 Gb Free Space | 5.26% Space Free | Partition Type: NTFS
    Drive D: | 232.88 Gb Total Space | 55.67 Gb Free Space | 23.90% Space Free | Partition Type: NTFS
    Drive E: | 91.63 Gb Total Space | 91.02 Gb Free Space | 99.34% Space Free | Partition Type: NTFS
    Drive I: | 11.90 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- Reg Error: Key error. File not found
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Nightly\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- Reg Error: Key error.
    htmlfile [opennew] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- Reg Error: Key error.
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- Reg Error: Key error.
    htmlfile [opennew] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- Reg Error: Key error.
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
    "{4EAB2511-0135-48CA-A47B-CE1E6836793A}" = COMODO Internet Security
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Nightly 11.0a1 (x64 en-US)" = Nightly 11.0a1 (x64 en-US)
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73E80655-FB3C-46F4-BE00-62D248BC490A}" = Visual C++ 2008 Runtime (x64)
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9E2BD6FF-CE8D-47B5-AD9C-0A5C2D54EB3C}" = League of Legends
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
    "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
    "{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "8461-7759-5462-8226" = Vuze
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "COMODO GeekBuddy" = COMODO GeekBuddy
    "conduitEngine" = Conduit Engine
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DFO" = DFOLauncher
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Fallout New Vegas_is1" = Fallout New Vegas
    "iku2.1" = iKu 2
    "iMacsoft DVD Creator" = iMacsoft DVD Creator
    "InfraRecorder" = InfraRecorder
    "Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a
    "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
    "NST" = Norton Safe Web Lite
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Steam App 10" = Counter-Strike
    "Steam App 3590" = Plants vs. Zombies: Game of the Year
    "Steam App 36630" = Rusty Hearts
    "Steam App 440" = Team Fortress 2
    "Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012
    "Steam App 550" = Left 4 Dead 2
    "VLC media player" = VLC media player 1.1.11
    "Vuze_Remote Toolbar" = Vuze Remote Toolbar
    "Warcraft III" = Warcraft III
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Warcraft III" = Warcraft III: All Products

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  8. Alker431

    Alker431 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    30
    This is the log from TDSS


    20:22:29.0368 5004 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
    20:22:30.0116 5004 ============================================================
    20:22:30.0116 5004 Current date / time: 2011/11/20 20:22:30.0116
    20:22:30.0116 5004 SystemInfo:
    20:22:30.0116 5004
    20:22:30.0116 5004 OS Version: 6.1.7600 ServicePack: 0.0
    20:22:30.0116 5004 Product type: Workstation
    20:22:30.0116 5004 ComputerName: KEVIN-PC
    20:22:30.0116 5004 UserName: Kevin
    20:22:30.0116 5004 Windows directory: C:\Windows
    20:22:30.0116 5004 System windows directory: C:\Windows
    20:22:30.0116 5004 Running under WOW64
    20:22:30.0116 5004 Processor architecture: Intel x64
    20:22:30.0116 5004 Number of processors: 2
    20:22:30.0116 5004 Page size: 0x1000
    20:22:30.0116 5004 Boot type: Normal boot
    20:22:30.0116 5004 ============================================================
    20:22:31.0052 5004 Initialize success
    20:22:34.0718 3648 ============================================================
    20:22:34.0718 3648 Scan started
    20:22:34.0718 3648 Mode: Manual;
    20:22:34.0718 3648 ============================================================
    20:22:37.0417 3648 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    20:22:37.0417 3648 1394ohci - ok
    20:22:37.0448 3648 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    20:22:37.0464 3648 ACPI - ok
    20:22:37.0542 3648 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    20:22:37.0542 3648 AcpiPmi - ok
    20:22:37.0620 3648 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    20:22:37.0620 3648 adp94xx - ok
    20:22:37.0714 3648 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    20:22:37.0729 3648 adpahci - ok
    20:22:37.0760 3648 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    20:22:37.0760 3648 adpu320 - ok
    20:22:37.0901 3648 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    20:22:37.0901 3648 AFD - ok
    20:22:37.0948 3648 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    20:22:37.0948 3648 agp440 - ok
    20:22:38.0057 3648 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    20:22:38.0057 3648 aliide - ok
    20:22:38.0088 3648 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    20:22:38.0088 3648 amdide - ok
    20:22:38.0150 3648 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    20:22:38.0150 3648 AmdK8 - ok
    20:22:38.0260 3648 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    20:22:38.0260 3648 AmdPPM - ok
    20:22:38.0291 3648 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    20:22:38.0291 3648 amdsata - ok
    20:22:38.0353 3648 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    20:22:38.0353 3648 amdsbs - ok
    20:22:38.0431 3648 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    20:22:38.0447 3648 amdxata - ok
    20:22:38.0478 3648 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    20:22:38.0478 3648 AppID - ok
    20:22:38.0525 3648 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    20:22:38.0525 3648 arc - ok
    20:22:38.0572 3648 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    20:22:38.0572 3648 arcsas - ok
    20:22:38.0618 3648 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    20:22:38.0618 3648 AsyncMac - ok
    20:22:38.0743 3648 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    20:22:38.0743 3648 atapi - ok
    20:22:38.0884 3648 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    20:22:38.0884 3648 b06bdrv - ok
    20:22:38.0930 3648 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    20:22:38.0930 3648 b57nd60a - ok
    20:22:39.0040 3648 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    20:22:39.0040 3648 Beep - ok
    20:22:39.0102 3648 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    20:22:39.0102 3648 blbdrive - ok
    20:22:39.0289 3648 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    20:22:39.0289 3648 bowser - ok
    20:22:39.0336 3648 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    20:22:39.0336 3648 BrFiltLo - ok
    20:22:39.0430 3648 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    20:22:39.0430 3648 BrFiltUp - ok
    20:22:39.0461 3648 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    20:22:39.0461 3648 Brserid - ok
    20:22:39.0492 3648 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    20:22:39.0492 3648 BrSerWdm - ok
    20:22:39.0539 3648 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    20:22:39.0539 3648 BrUsbMdm - ok
    20:22:39.0632 3648 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    20:22:39.0632 3648 BrUsbSer - ok
    20:22:39.0648 3648 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    20:22:39.0648 3648 BTHMODEM - ok
    20:22:39.0742 3648 ccSet_NST (a8ad33c9dd88c810cac00acc7f4329fb) C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys
    20:22:39.0742 3648 ccSet_NST - ok
    20:22:39.0851 3648 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    20:22:39.0851 3648 cdfs - ok
    20:22:39.0913 3648 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    20:22:39.0913 3648 cdrom - ok
    20:22:40.0022 3648 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    20:22:40.0022 3648 circlass - ok
    20:22:40.0100 3648 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    20:22:40.0100 3648 CLFS - ok
    20:22:40.0241 3648 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    20:22:40.0241 3648 CmBatt - ok
    20:22:40.0288 3648 cmderd (67c7a415e487dfb26d029838f568ef80) C:\Windows\system32\DRIVERS\cmderd.sys
    20:22:40.0288 3648 cmderd - ok
    20:22:40.0334 3648 cmdGuard (f81457b43f083e0ff8eacae720f0537b) C:\Windows\system32\DRIVERS\cmdguard.sys
    20:22:40.0334 3648 cmdGuard - ok
    20:22:40.0459 3648 cmdHlp (0091563e864c5d750771919ea8900763) C:\Windows\system32\DRIVERS\cmdhlp.sys
    20:22:40.0459 3648 cmdHlp - ok
    20:22:40.0490 3648 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    20:22:40.0490 3648 cmdide - ok
    20:22:40.0553 3648 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    20:22:40.0553 3648 CNG - ok
    20:22:40.0631 3648 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    20:22:40.0631 3648 Compbatt - ok
    20:22:40.0662 3648 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    20:22:40.0662 3648 CompositeBus - ok
    20:22:40.0693 3648 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    20:22:40.0693 3648 crcdisk - ok
    20:22:40.0771 3648 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
    20:22:40.0787 3648 CSC - ok
    20:22:40.0974 3648 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    20:22:40.0974 3648 DfsC - ok
    20:22:41.0005 3648 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    20:22:41.0005 3648 discache - ok
    20:22:41.0099 3648 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    20:22:41.0099 3648 Disk - ok
    20:22:41.0161 3648 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    20:22:41.0161 3648 drmkaud - ok
    20:22:41.0333 3648 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    20:22:41.0333 3648 dtsoftbus01 - ok
    20:22:41.0426 3648 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    20:22:41.0442 3648 DXGKrnl - ok
    20:22:41.0536 3648 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
    20:22:41.0536 3648 e1express - ok
    20:22:41.0614 3648 EagleX64 - ok
    20:22:41.0738 3648 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    20:22:41.0785 3648 ebdrv - ok
    20:22:41.0894 3648 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    20:22:41.0894 3648 elxstor - ok
    20:22:41.0910 3648 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    20:22:41.0910 3648 ErrDev - ok
    20:22:41.0972 3648 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    20:22:41.0972 3648 exfat - ok
    20:22:42.0066 3648 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    20:22:42.0066 3648 fastfat - ok
    20:22:42.0113 3648 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    20:22:42.0113 3648 fdc - ok
    20:22:42.0144 3648 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    20:22:42.0144 3648 FileInfo - ok
    20:22:42.0160 3648 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    20:22:42.0160 3648 Filetrace - ok
    20:22:42.0175 3648 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    20:22:42.0191 3648 flpydisk - ok
    20:22:42.0253 3648 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    20:22:42.0300 3648 FltMgr - ok
    20:22:42.0440 3648 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    20:22:42.0440 3648 FsDepends - ok
    20:22:42.0472 3648 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    20:22:42.0472 3648 Fs_Rec - ok
    20:22:42.0518 3648 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
    20:22:42.0534 3648 fvevol - ok
    20:22:42.0596 3648 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    20:22:42.0596 3648 gagp30kx - ok
    20:22:42.0690 3648 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
    20:22:42.0690 3648 hamachi - ok
    20:22:42.0768 3648 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    20:22:42.0768 3648 hcw85cir - ok
    20:22:42.0815 3648 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    20:22:42.0815 3648 HdAudAddService - ok
    20:22:42.0877 3648 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    20:22:42.0877 3648 HDAudBus - ok
    20:22:42.0924 3648 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    20:22:42.0924 3648 HidBatt - ok
    20:22:42.0940 3648 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    20:22:42.0940 3648 HidBth - ok
    20:22:42.0971 3648 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    20:22:42.0971 3648 HidIr - ok
    20:22:43.0096 3648 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    20:22:43.0096 3648 HidUsb - ok
    20:22:43.0142 3648 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    20:22:43.0142 3648 HpSAMD - ok
    20:22:43.0189 3648 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    20:22:43.0189 3648 HTTP - ok
    20:22:43.0345 3648 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    20:22:43.0345 3648 hwpolicy - ok
    20:22:43.0392 3648 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    20:22:43.0392 3648 i8042prt - ok
    20:22:43.0439 3648 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    20:22:43.0454 3648 iaStorV - ok
    20:22:43.0470 3648 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    20:22:43.0486 3648 iirsp - ok
    20:22:43.0579 3648 inspect (db2ce341c290292f60c6bb13b7a1d84e) C:\Windows\system32\DRIVERS\inspect.sys
    20:22:43.0579 3648 inspect - ok
    20:22:43.0704 3648 IntcAzAudAddService (aecdaa95b5bbfac856c4a22d06d3d76a) C:\Windows\system32\drivers\RTKVHD64.sys
    20:22:43.0720 3648 IntcAzAudAddService - ok
    20:22:43.0813 3648 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    20:22:43.0813 3648 intelide - ok
    20:22:43.0860 3648 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    20:22:43.0860 3648 intelppm - ok
    20:22:43.0891 3648 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    20:22:43.0891 3648 IpFilterDriver - ok
    20:22:43.0922 3648 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    20:22:43.0922 3648 IPMIDRV - ok
    20:22:44.0016 3648 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    20:22:44.0016 3648 IPNAT - ok
    20:22:44.0063 3648 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    20:22:44.0063 3648 IRENUM - ok
    20:22:44.0110 3648 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    20:22:44.0110 3648 isapnp - ok
    20:22:44.0188 3648 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    20:22:44.0188 3648 iScsiPrt - ok
    20:22:44.0234 3648 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    20:22:44.0234 3648 kbdclass - ok
    20:22:44.0266 3648 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    20:22:44.0266 3648 kbdhid - ok
    20:22:44.0359 3648 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    20:22:44.0359 3648 KSecDD - ok
    20:22:44.0390 3648 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
    20:22:44.0406 3648 KSecPkg - ok
    20:22:44.0422 3648 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    20:22:44.0437 3648 ksthunk - ok
    20:22:44.0546 3648 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    20:22:44.0562 3648 lltdio - ok
    20:22:44.0609 3648 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    20:22:44.0609 3648 LSI_FC - ok
    20:22:44.0624 3648 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    20:22:44.0624 3648 LSI_SAS - ok
    20:22:44.0671 3648 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    20:22:44.0671 3648 LSI_SAS2 - ok
    20:22:44.0780 3648 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    20:22:44.0796 3648 LSI_SCSI - ok
    20:22:44.0843 3648 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    20:22:44.0843 3648 luafv - ok
    20:22:44.0874 3648 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    20:22:44.0874 3648 megasas - ok
    20:22:44.0921 3648 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    20:22:44.0921 3648 MegaSR - ok
    20:22:45.0014 3648 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    20:22:45.0014 3648 Modem - ok
    20:22:45.0061 3648 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    20:22:45.0061 3648 monitor - ok
    20:22:45.0092 3648 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    20:22:45.0092 3648 mouclass - ok
    20:22:45.0202 3648 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    20:22:45.0202 3648 mouhid - ok
    20:22:45.0233 3648 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    20:22:45.0233 3648 mountmgr - ok
    20:22:45.0248 3648 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    20:22:45.0248 3648 mpio - ok
    20:22:45.0280 3648 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    20:22:45.0280 3648 mpsdrv - ok
    20:22:45.0358 3648 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    20:22:45.0358 3648 MRxDAV - ok
    20:22:45.0373 3648 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
    20:22:45.0389 3648 mrxsmb - ok
    20:22:45.0420 3648 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    20:22:45.0436 3648 mrxsmb10 - ok
    20:22:45.0451 3648 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    20:22:45.0451 3648 mrxsmb20 - ok
    20:22:45.0545 3648 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    20:22:45.0560 3648 msahci - ok
    20:22:45.0607 3648 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    20:22:45.0607 3648 msdsm - ok
    20:22:45.0654 3648 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    20:22:45.0654 3648 Msfs - ok
    20:22:45.0670 3648 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    20:22:45.0670 3648 mshidkmdf - ok
    20:22:45.0701 3648 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    20:22:45.0701 3648 msisadrv - ok
    20:22:45.0794 3648 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    20:22:45.0794 3648 MSKSSRV - ok
    20:22:45.0826 3648 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    20:22:45.0826 3648 MSPCLOCK - ok
    20:22:45.0857 3648 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    20:22:45.0857 3648 MSPQM - ok
    20:22:45.0935 3648 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    20:22:45.0935 3648 MsRPC - ok
    20:22:46.0013 3648 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    20:22:46.0013 3648 mssmbios - ok
    20:22:46.0060 3648 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    20:22:46.0060 3648 MSTEE - ok
    20:22:46.0153 3648 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    20:22:46.0153 3648 MTConfig - ok
    20:22:46.0184 3648 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    20:22:46.0184 3648 Mup - ok
    20:22:46.0231 3648 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    20:22:46.0247 3648 NativeWifiP - ok
    20:22:46.0418 3648 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    20:22:46.0434 3648 NDIS - ok
    20:22:46.0512 3648 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    20:22:46.0512 3648 NdisCap - ok
    20:22:46.0559 3648 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    20:22:46.0574 3648 NdisTapi - ok
    20:22:46.0606 3648 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    20:22:46.0606 3648 Ndisuio - ok
    20:22:46.0652 3648 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    20:22:46.0684 3648 NdisWan - ok
    20:22:46.0715 3648 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    20:22:46.0715 3648 NDProxy - ok
    20:22:46.0777 3648 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    20:22:46.0777 3648 NetBIOS - ok
    20:22:46.0824 3648 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    20:22:46.0824 3648 NetBT - ok
    20:22:46.0933 3648 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    20:22:46.0933 3648 nfrd960 - ok
    20:22:46.0980 3648 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    20:22:46.0980 3648 Npfs - ok
    20:22:47.0011 3648 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    20:22:47.0011 3648 nsiproxy - ok
    20:22:47.0105 3648 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    20:22:47.0136 3648 Ntfs - ok
    20:22:47.0183 3648 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    20:22:47.0183 3648 Null - ok
    20:22:47.0666 3648 nvlddmkm (6f9cbe52517660b68694accee35ec4d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    20:22:48.0119 3648 nvlddmkm - ok
    20:22:48.0259 3648 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    20:22:48.0259 3648 nvraid - ok
    20:22:48.0290 3648 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    20:22:48.0306 3648 nvstor - ok
    20:22:48.0415 3648 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    20:22:48.0415 3648 nv_agp - ok
    20:22:48.0446 3648 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    20:22:48.0446 3648 ohci1394 - ok
    20:22:48.0524 3648 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    20:22:48.0540 3648 Parport - ok
    20:22:48.0556 3648 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    20:22:48.0571 3648 partmgr - ok
    20:22:48.0649 3648 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    20:22:48.0649 3648 pci - ok
    20:22:48.0680 3648 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    20:22:48.0680 3648 pciide - ok
    20:22:48.0712 3648 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    20:22:48.0712 3648 pcmcia - ok
    20:22:48.0743 3648 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    20:22:48.0743 3648 pcw - ok
    20:22:48.0836 3648 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    20:22:48.0836 3648 PEAUTH - ok
    20:22:48.0930 3648 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    20:22:48.0930 3648 PptpMiniport - ok
    20:22:48.0961 3648 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    20:22:48.0961 3648 Processor - ok
    20:22:49.0008 3648 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    20:22:49.0008 3648 Psched - ok
    20:22:49.0117 3648 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    20:22:49.0133 3648 ql2300 - ok
    20:22:49.0164 3648 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    20:22:49.0180 3648 ql40xx - ok
    20:22:49.0211 3648 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    20:22:49.0242 3648 QWAVEdrv - ok
    20:22:49.0336 3648 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    20:22:49.0336 3648 RasAcd - ok
    20:22:49.0367 3648 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    20:22:49.0367 3648 RasAgileVpn - ok
    20:22:49.0414 3648 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    20:22:49.0414 3648 Rasl2tp - ok
    20:22:49.0492 3648 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    20:22:49.0492 3648 RasPppoe - ok
    20:22:49.0554 3648 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    20:22:49.0554 3648 RasSstp - ok
    20:22:49.0601 3648 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    20:22:49.0601 3648 rdbss - ok
    20:22:49.0632 3648 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    20:22:49.0632 3648 rdpbus - ok
    20:22:49.0648 3648 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    20:22:49.0648 3648 RDPCDD - ok
    20:22:49.0741 3648 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
    20:22:49.0741 3648 RDPDR - ok
    20:22:49.0788 3648 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    20:22:49.0788 3648 RDPENCDD - ok
    20:22:49.0819 3648 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    20:22:49.0819 3648 RDPREFMP - ok
    20:22:49.0850 3648 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    20:22:49.0850 3648 RDPWD - ok
    20:22:50.0006 3648 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    20:22:50.0006 3648 rdyboost - ok
    20:22:50.0116 3648 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    20:22:50.0116 3648 rspndr - ok
    20:22:50.0131 3648 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
    20:22:50.0131 3648 s3cap - ok
    20:22:50.0209 3648 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    20:22:50.0225 3648 sbp2port - ok
    20:22:50.0256 3648 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    20:22:50.0256 3648 scfilter - ok
    20:22:50.0287 3648 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    20:22:50.0287 3648 secdrv - ok
    20:22:50.0334 3648 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    20:22:50.0334 3648 Serenum - ok
    20:22:50.0443 3648 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    20:22:50.0443 3648 Serial - ok
    20:22:50.0459 3648 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    20:22:50.0459 3648 sermouse - ok
    20:22:50.0506 3648 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    20:22:50.0506 3648 sffdisk - ok
    20:22:50.0521 3648 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    20:22:50.0521 3648 sffp_mmc - ok
    20:22:50.0552 3648 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    20:22:50.0552 3648 sffp_sd - ok
    20:22:50.0568 3648 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    20:22:50.0568 3648 sfloppy - ok
    20:22:50.0693 3648 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    20:22:50.0693 3648 SiSRaid2 - ok
    20:22:50.0724 3648 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    20:22:50.0724 3648 SiSRaid4 - ok
    20:22:50.0786 3648 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    20:22:50.0786 3648 Smb - ok
    20:22:50.0880 3648 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    20:22:50.0880 3648 spldr - ok
    20:22:50.0974 3648 sptd (d519ad2de7968cd2b47fea807c5b29b2) C:\Windows\System32\Drivers\sptd.sys
    20:22:50.0974 3648 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: d519ad2de7968cd2b47fea807c5b29b2
    20:22:50.0974 3648 sptd ( LockedFile.Multi.Generic ) - warning
    20:22:50.0974 3648 sptd - detected LockedFile.Multi.Generic (1)
    20:22:51.0270 3648 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
    20:22:51.0270 3648 srv - ok
    20:22:51.0332 3648 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
    20:22:51.0332 3648 srv2 - ok
    20:22:51.0379 3648 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
    20:22:51.0379 3648 srvnet - ok
    20:22:51.0566 3648 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    20:22:51.0566 3648 stexstor - ok
    20:22:51.0613 3648 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
    20:22:51.0613 3648 storflt - ok
    20:22:51.0644 3648 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
    20:22:51.0644 3648 storvsc - ok
    20:22:51.0676 3648 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    20:22:51.0676 3648 swenum - ok
    20:22:51.0769 3648 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
    20:22:51.0800 3648 Tcpip - ok
    20:22:51.0925 3648 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
    20:22:51.0956 3648 TCPIP6 - ok
    20:22:51.0988 3648 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    20:22:51.0988 3648 tcpipreg - ok
    20:22:52.0112 3648 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    20:22:52.0112 3648 TDPIPE - ok
    20:22:52.0144 3648 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    20:22:52.0144 3648 TDTCP - ok
    20:22:52.0190 3648 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    20:22:52.0206 3648 tdx - ok
    20:22:52.0237 3648 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    20:22:52.0237 3648 TermDD - ok
    20:22:52.0300 3648 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    20:22:52.0300 3648 tssecsrv - ok
    20:22:52.0393 3648 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    20:22:52.0393 3648 tunnel - ok
    20:22:52.0456 3648 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    20:22:52.0456 3648 uagp35 - ok
    20:22:52.0487 3648 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    20:22:52.0502 3648 udfs - ok
    20:22:52.0565 3648 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    20:22:52.0565 3648 uliagpkx - ok
    20:22:52.0612 3648 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    20:22:52.0612 3648 umbus - ok
    20:22:52.0658 3648 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    20:22:52.0658 3648 UmPass - ok
    20:22:52.0705 3648 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    20:22:52.0705 3648 usbaudio - ok
    20:22:52.0768 3648 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    20:22:52.0768 3648 usbccgp - ok
    20:22:52.0799 3648 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    20:22:52.0799 3648 usbcir - ok
    20:22:52.0830 3648 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    20:22:52.0830 3648 usbehci - ok
    20:22:52.0877 3648 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    20:22:52.0892 3648 usbhub - ok
    20:22:52.0970 3648 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    20:22:52.0970 3648 usbohci - ok
    20:22:52.0986 3648 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    20:22:52.0986 3648 usbprint - ok
    20:22:53.0017 3648 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    20:22:53.0017 3648 usbscan - ok
    20:22:53.0064 3648 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    20:22:53.0064 3648 USBSTOR - ok
    20:22:53.0142 3648 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    20:22:53.0142 3648 usbuhci - ok
    20:22:53.0220 3648 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    20:22:53.0251 3648 vdrvroot - ok
    20:22:53.0329 3648 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    20:22:53.0329 3648 vga - ok
    20:22:53.0407 3648 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    20:22:53.0407 3648 VgaSave - ok
    20:22:53.0438 3648 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    20:22:53.0438 3648 vhdmp - ok
    20:22:53.0470 3648 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    20:22:53.0470 3648 viaide - ok
    20:22:53.0516 3648 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
    20:22:53.0516 3648 vmbus - ok
    20:22:53.0548 3648 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
    20:22:53.0548 3648 VMBusHID - ok
    20:22:53.0626 3648 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    20:22:53.0626 3648 volmgr - ok
    20:22:53.0672 3648 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    20:22:53.0672 3648 volmgrx - ok
    20:22:53.0735 3648 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    20:22:53.0735 3648 volsnap - ok
    20:22:53.0828 3648 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    20:22:53.0828 3648 vsmraid - ok
    20:22:53.0875 3648 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    20:22:53.0875 3648 vwifibus - ok
    20:22:53.0906 3648 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    20:22:53.0906 3648 WacomPen - ok
    20:22:53.0969 3648 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    20:22:53.0969 3648 WANARP - ok
    20:22:54.0000 3648 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    20:22:54.0000 3648 Wanarpv6 - ok
    20:22:54.0109 3648 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    20:22:54.0109 3648 Wd - ok
    20:22:54.0156 3648 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    20:22:54.0172 3648 Wdf01000 - ok
    20:22:54.0234 3648 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    20:22:54.0234 3648 WfpLwf - ok
    20:22:54.0265 3648 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    20:22:54.0265 3648 WIMMount - ok
    20:22:54.0484 3648 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    20:22:54.0484 3648 WmiAcpi - ok
    20:22:54.0546 3648 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    20:22:54.0562 3648 ws2ifsl - ok
    20:22:54.0593 3648 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    20:22:54.0608 3648 WudfPf - ok
    20:22:54.0640 3648 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    20:22:54.0640 3648 WUDFRd - ok
    20:22:54.0749 3648 X6va005 - ok
    20:22:54.0905 3648 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
    20:22:54.0920 3648 xnacc - ok
    20:22:54.0983 3648 MBR (0x1B8) (d8f98fa929a3ce2707b66f8b212f5858) \Device\Harddisk0\DR0
    20:22:54.0998 3648 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - infected
    20:22:54.0998 3648 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
    20:22:54.0998 3648 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
    20:22:54.0998 3648 \Device\Harddisk1\DR1 - ok
    20:22:55.0014 3648 Boot (0x1200) (fea36758ef0025b5244db0ea7eba6050) \Device\Harddisk0\DR0\Partition0
    20:22:55.0014 3648 \Device\Harddisk0\DR0\Partition0 - ok
    20:22:55.0030 3648 Boot (0x1200) (7c1689293d88139f0b5f90e28b42a73d) \Device\Harddisk0\DR0\Partition1
    20:22:55.0030 3648 \Device\Harddisk0\DR0\Partition1 - ok
    20:22:55.0045 3648 Boot (0x1200) (66f6cbb8aea6323300bc8ea1d4c5c0c0) \Device\Harddisk1\DR1\Partition0
    20:22:55.0045 3648 \Device\Harddisk1\DR1\Partition0 - ok
    20:22:55.0045 3648 ============================================================
    20:22:55.0045 3648 Scan finished
    20:22:55.0045 3648 ============================================================
    20:22:55.0061 4604 Detected object count: 2
    20:22:55.0061 4604 Actual detected object count: 2
    20:23:09.0491 4604 sptd ( LockedFile.Multi.Generic ) - skipped by user
    20:23:09.0491 4604 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    20:23:09.0506 4604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - skipped by user
    20:23:09.0506 4604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - User select action: Skip
    20:23:17.0587 1740 Deinitialize success
     
  9. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy there and thanks for posting the logs.

    Are you using a legal version of Alcohol ?


    Please download CKScanner to your Desktop.

    Make sure that CKScanner.exe is on the your Desktop before running the application!

    • Start the CKScanner.exe and click Search For Files.
    • After a very short time, when the cursor hourglass disappears, click Save List To File.
    • A message box will verify the file saved
    Please copy/paste the contents from the CKFiles.txt, which is saved on your Desktop, in your next reply.



    Please post in your next reply
    CKFiles.txt
     
  10. Alker431

    Alker431 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    30
    To answer your question, I am not using a legal version of alcohol, that may be a problem.

    Here is the log from CKS

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\users\kevin\documents\vuze downloads\alcohol_120__1.9.8.7612_+_crack\alcohol 120% 1.9.8.7612 + crack\alcohol120_retail_1.9.8.7612.exe
    c:\users\kevin\documents\vuze downloads\alcohol_120__1.9.8.7612_+_crack\alcohol 120% 1.9.8.7612 + crack\crack\deleteactivation.reg
    c:\users\kevin\documents\vuze downloads\alcohol_120__1.9.8.7612_+_crack\alcohol 120% 1.9.8.7612 + crack\crack\dvd-video_auto_play_original_state_from_ms.reg
    c:\users\kevin\documents\vuze downloads\alcohol_120__1.9.8.7612_+_crack\alcohol 120% 1.9.8.7612 + crack\crack\includeinuninstallmenu.reg
    c:\users\kevin\documents\vuze downloads\alcohol_120__1.9.8.7612_+_crack\alcohol 120% 1.9.8.7612 + crack\crack\patch500ml.exe
    c:\users\kevin\documents\vuze downloads\alcohol_120__1.9.8.7612_+_crack\alcohol 120% 1.9.8.7612 + crack\crack\??????????!!!.txt
    c:\users\kevin\documents\vuze downloads\warcraft iii - the frozen throne\warcraft iii - the frozen throne [disk3] -crack,patch,serial.iso
    scanner sequence 3.GL.11.PFAPJE
    ----- EOF -----


    I notice it listed all of my vuze downloads. I believe that the alcohol downloads may be the source of the problem. However, I believe that my Warcraft 3 Frozen Throne download is not the problem, because I had been using it for over a year and only noticed the symptoms of an infection two weeks ago.
     
  11. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy there,

    Cracked (Illegal) Software - Alcohol 120%; Warcraft

    Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk. Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore. This is the most likely cause of your infection.

    If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer. Additionally, cracked programs are illegal.
    I am going to withdraw my help until such software is removed.



    Double click on the OTL icon to run it.
    • In the Extra Registry group check Use SafeList.
    • Make sure all other windows are closed to let it run uninterrupted.
    • Click on the Run Scan Button.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    Please post both in your next reply.



    Please post in your next reply
    OTL.txt
    Extras.txt
     
  12. Alker431

    Alker431 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    30
    Due to your request, I have removed all of my torrented content. I had a legitimate cd key for Warcraft 3 that I had bought myself, so I believed that I could just download the program and install it using my cd key. I thought that if I didn't use the cracks it would be perfectly legal. However, after doing some research it seems that torrenting itself, not just using cracks, is illegal.

    I will now begin my OTL scan
     
  13. Alker431

    Alker431 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    30
    These are the logs from the OTL scan.

    -------------------
    First Part (OTL.exe)
    -------------------

    OTL logfile created on: 11/22/2011 10:19:23 AM - Run 3
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kevin\Desktop\Downloads
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 67.56% Memory free
    7.99 Gb Paging File | 6.50 Gb Available in Paging File | 81.25% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 57.42 Gb Total Space | 4.23 Gb Free Space | 7.37% Space Free | Partition Type: NTFS
    Drive D: | 232.88 Gb Total Space | 55.67 Gb Free Space | 23.90% Space Free | Partition Type: NTFS
    Drive E: | 91.63 Gb Total Space | 91.02 Gb Free Space | 99.34% Space Free | Partition Type: NTFS

    Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/22 09:53:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\Downloads\OTL.exe
    PRC - [2011/11/10 01:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2011/09/24 15:15:27 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    PRC - [2011/08/10 12:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
    PRC - [2010/01/11 20:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/24 15:15:27 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/10/07 18:47:16 | 002,663,568 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV:64bit: - [2011/05/25 19:43:26 | 000,161,080 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
    SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2008/07/15 11:20:00 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
    SRV - [2011/09/22 14:58:07 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/08/10 12:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe -- (NSL)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/11 20:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/11/13 10:47:24 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011/11/11 21:17:07 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2011/10/07 18:47:56 | 000,016,528 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
    DRV:64bit: - [2011/08/08 15:38:05 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\0200000.010\ccSetx64.sys -- (ccSet_NST)
    DRV:64bit: - [2010/02/03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 16:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
    DRV:64bit: - [2009/06/10 12:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel(R)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 B1 32 C2 31 A2 CC 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B6 6D 78 15 53 23 17 43 A3 EA 2A 10 3B 44 80 0B [binary data]
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.order.1: "Yahoo"
    FF - prefs.js..browser.search.order.2: ""
    FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20111044,6902,0,16,0"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
    FF - prefs.js..extensions.enabledItems: {203FB6B2-2E1E-4474-863B-4C483ECCE78E}:2012.1.1.16
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 11.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS [2011/11/21 18:09:45 | 000,000,000 | ---D | M]
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 11.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2011/11/22 09:51:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/12 18:23:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/12 18:23:00 | 000,000,000 | ---D | M]

    [2010/05/21 19:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions
    [2011/11/12 15:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\3j0f6kxc.default\extensions
    [2011/11/11 07:27:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\3j0f6kxc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/10/27 20:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\3j0f6kxc.default\extensions\{BA14329E-9550-4989-B3F2-9732E92D17CC}-TRASH
    [2011/11/18 16:24:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\extensions
    [2011/11/18 16:24:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/11/03 18:43:33 | 000,002,463 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\3j0f6kxc.default\searchplugins\safesearch.xml
    [2011/11/12 18:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/05/13 18:51:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
    [2011/11/04 22:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/06/02 18:18:05 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2011/10/29 16:19:03 | 000,001,222 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 forum.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 support.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 users.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 shop.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 vodka.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 *.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 *.alcohol-soft.*
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll File not found
    O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] Skytel.exe File not found
    O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
    O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
    O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\YouKu\common\ikutm.dll (youku.com)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\YouKu\common\ikutm.dll (youku.com)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\YouKu\common\ikutm.dll (youku.com)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87A0D2CD-574C-4991-A0C1-586C5AFDAA50}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87A0D2CD-574C-4991-A0C1-586C5AFDAA50}: NameServer = 8.26.56.26,156.154.70.22
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{2397cc12-6600-11df-8428-001d099cb5be}\Shell - "" = AutoRun
    O33 - MountPoints2\{2397cc12-6600-11df-8428-001d099cb5be}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{db10ee84-7927-11e0-a03c-001d099cb5be}\Shell - "" = AutoRun
    O33 - MountPoints2\{db10ee84-7927-11e0-a03c-001d099cb5be}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/22 09:39:21 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\COMODO
    [2011/11/19 18:58:28 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMacsoft
    [2011/11/19 18:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iMacsoft
    [2011/11/19 09:39:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/11/19 09:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJackThis
    [2011/11/13 10:47:24 | 000,279,616 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
    [2011/11/13 10:47:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
    [2011/11/13 09:47:30 | 000,000,000 | -H-D | C] -- C:\VritualRoot
    [2011/11/13 09:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2011/11/13 09:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    [2011/11/13 09:34:32 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
    [2011/11/13 09:34:32 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
    [2011/11/13 09:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2011/11/13 09:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
    [2011/11/13 09:09:46 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2011/11/13 09:09:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2011/11/13 09:09:46 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2011/11/13 09:09:46 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2011/11/13 09:09:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2011/11/13 09:09:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2011/11/13 09:09:46 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2011/11/13 09:09:46 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
    [2011/11/13 09:09:46 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2011/11/13 09:09:46 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
    [2011/11/13 09:09:46 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2011/11/13 09:09:46 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
    [2011/11/13 09:09:46 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2011/11/13 09:09:46 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
    [2011/11/13 09:09:46 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
    [2011/11/13 09:09:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
    [2011/11/13 09:09:46 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2011/11/13 09:09:46 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2011/11/13 09:09:45 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2011/11/13 09:09:45 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
    [2011/11/13 09:09:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
    [2011/11/13 09:09:45 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
    [2011/11/13 09:09:45 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
    [2011/11/13 09:09:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2011/11/13 09:09:45 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2011/11/13 09:09:45 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
    [2011/11/13 09:09:45 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
    [2011/11/13 09:09:45 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2011/11/13 09:09:45 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
    [2011/11/13 09:09:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
    [2011/11/13 09:09:45 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2011/11/13 09:09:44 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
    [2011/11/13 09:09:43 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2011/11/13 09:09:43 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2011/11/13 09:09:43 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
    [2011/11/13 09:09:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2011/11/13 09:09:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2011/11/13 09:09:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
    [2011/11/13 09:09:43 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
    [2011/11/13 09:09:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
    [2011/11/13 09:09:43 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2011/11/13 09:09:43 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
    [2011/11/13 09:09:43 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
    [2011/11/13 09:09:43 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2011/11/13 09:09:43 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
    [2011/11/13 09:09:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
    [2011/11/13 09:09:43 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
    [2011/11/13 09:09:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
    [2011/11/13 09:09:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
    [2011/11/13 09:09:43 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2011/11/13 09:09:42 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
    [2011/11/13 09:09:42 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2011/11/13 09:09:42 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2011/11/13 09:09:42 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2011/11/13 09:09:42 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2011/11/13 09:09:42 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2011/11/13 09:09:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2011/11/13 09:09:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2011/11/13 09:09:42 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
    [2011/11/13 09:09:42 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2011/11/13 09:09:42 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2011/11/13 09:09:42 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2011/11/13 09:09:42 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
    [2011/11/13 09:09:42 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
    [2011/11/13 09:09:42 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2011/11/13 09:09:42 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2011/11/13 09:09:41 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2011/11/13 09:09:41 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2011/11/13 09:09:41 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
    [2011/11/13 09:09:41 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
    [2011/11/13 09:05:56 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
    [2011/11/13 09:05:55 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
    [2011/11/13 09:05:55 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2011/11/13 09:05:55 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
    [2011/11/13 09:05:55 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
    [2011/11/13 09:05:55 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2011/11/13 09:05:55 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2011/11/13 09:05:55 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2011/11/13 09:05:55 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
    [2011/11/13 09:05:54 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2011/11/13 09:05:54 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2011/11/13 09:05:54 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
    [2011/11/13 09:05:54 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2011/11/13 09:05:54 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
    [2011/11/13 09:05:54 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
    [2011/11/12 21:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nightly
    [2011/11/12 21:00:41 | 000,190,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
    [2011/11/12 21:00:41 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
    [2011/11/12 21:00:41 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
    [2011/11/12 21:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2011/11/12 20:36:00 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
    [2011/11/12 10:10:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2011/11/11 21:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
    [2011/11/11 20:07:01 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
    [2011/11/11 14:56:41 | 000,118,784 | ---- | C] (CyberLink) -- C:\Windows\SysWow64\srrstr.dll
    [2011/11/11 14:56:40 | 000,118,784 | ---- | C] (CyberLink) -- C:\ProgramData\IntelNotifierUpdate.dll
    [2011/11/03 16:02:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360X64
    [2011/11/03 16:02:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360X64\0501000.01D
    [2011/11/03 16:01:15 | 000,167,048 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSTx64\0200000.010\ccSetx64.sys
    [2011/11/03 16:01:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64
    [2011/11/03 16:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Safe Web Lite
    [2011/11/03 16:01:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64\0200000.010
    [2011/10/28 06:09:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YONTOO LAYERS RUNTIME
    [2011/10/27 20:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
    [2011/10/27 20:21:53 | 000,000,000 | ---D | C] -- C:\Users\Kevin\.swt
    [2011/10/27 19:31:38 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
    [2011/10/27 19:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
    [2011/10/27 19:17:09 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\WeatherBug
    [2011/10/27 19:17:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\WeatherBug
    [2011/10/27 19:16:07 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Fighters
    [2011/10/27 19:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
    [2011/10/27 19:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
    [2011/10/27 18:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
    [2011/08/26 21:11:45 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Kevin\AppData\Roaming\pcouffin.sys
    [39 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [39 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/22 10:20:59 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2011/11/22 09:56:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/22 09:56:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/22 09:51:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/22 09:51:05 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/21 16:12:13 | 000,458,240 | ---- | M] () -- C:\Users\Kevin\Desktop\CKScanner.exe
    [2011/11/20 10:56:46 | 000,002,052 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/11/20 10:55:30 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/11/20 10:55:30 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/11/20 10:55:30 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/11/19 20:01:30 | 000,000,534 | ---- | M] () -- C:\Users\Kevin\Documents\ax_files.xml
    [2011/11/19 18:20:27 | 000,011,776 | ---- | M] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/13 10:47:24 | 000,279,616 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
    [2011/11/13 09:34:54 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
    [2011/11/13 09:34:38 | 000,001,105 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
    [2011/11/13 09:34:38 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
    [2011/11/13 09:34:32 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
    [2011/11/13 09:34:32 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
    [2011/11/13 09:09:46 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2011/11/13 09:09:46 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2011/11/13 09:09:46 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2011/11/13 09:09:46 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2011/11/13 09:09:46 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2011/11/13 09:09:46 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2011/11/13 09:09:46 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2011/11/13 09:09:46 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
    [2011/11/13 09:09:46 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2011/11/13 09:09:46 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
    [2011/11/13 09:09:46 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2011/11/13 09:09:46 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
    [2011/11/13 09:09:46 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2011/11/13 09:09:46 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
    [2011/11/13 09:09:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/11/13 09:09:46 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
    [2011/11/13 09:09:46 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
    [2011/11/13 09:09:46 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2011/11/13 09:09:46 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2011/11/13 09:09:45 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2011/11/13 09:09:45 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
    [2011/11/13 09:09:45 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
    [2011/11/13 09:09:45 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
    [2011/11/13 09:09:45 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
    [2011/11/13 09:09:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2011/11/13 09:09:45 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2011/11/13 09:09:45 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
    [2011/11/13 09:09:45 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
    [2011/11/13 09:09:45 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2011/11/13 09:09:45 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
    [2011/11/13 09:09:45 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
    [2011/11/13 09:09:45 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2011/11/13 09:09:44 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
    [2011/11/13 09:09:43 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2011/11/13 09:09:43 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2011/11/13 09:09:43 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
    [2011/11/13 09:09:43 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2011/11/13 09:09:43 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2011/11/13 09:09:43 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
    [2011/11/13 09:09:43 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
    [2011/11/13 09:09:43 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
    [2011/11/13 09:09:43 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2011/11/13 09:09:43 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
    [2011/11/13 09:09:43 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
    [2011/11/13 09:09:43 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2011/11/13 09:09:43 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
    [2011/11/13 09:09:43 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
    [2011/11/13 09:09:43 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
    [2011/11/13 09:09:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
    [2011/11/13 09:09:43 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
    [2011/11/13 09:09:43 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2011/11/13 09:09:42 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
    [2011/11/13 09:09:42 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2011/11/13 09:09:42 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2011/11/13 09:09:42 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2011/11/13 09:09:42 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2011/11/13 09:09:42 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2011/11/13 09:09:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2011/11/13 09:09:42 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2011/11/13 09:09:42 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
    [2011/11/13 09:09:42 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2011/11/13 09:09:42 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2011/11/13 09:09:42 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2011/11/13 09:09:42 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
    [2011/11/13 09:09:42 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
    [2011/11/13 09:09:42 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/11/13 09:09:42 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2011/11/13 09:09:42 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2011/11/13 09:09:41 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2011/11/13 09:09:41 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2011/11/13 09:09:41 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
    [2011/11/13 09:09:41 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
    [2011/11/13 09:05:56 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
    [2011/11/13 09:05:55 | 001,863,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
    [2011/11/13 09:05:55 | 001,837,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2011/11/13 09:05:55 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
    [2011/11/13 09:05:55 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
    [2011/11/13 09:05:55 | 000,470,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2011/11/13 09:05:55 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2011/11/13 09:05:55 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2011/11/13 09:05:55 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
    [2011/11/13 09:05:54 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2011/11/13 09:05:54 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2011/11/13 09:05:54 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
    [2011/11/13 09:05:54 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2011/11/13 09:05:54 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
    [2011/11/13 09:05:54 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
    [2011/11/13 08:49:33 | 001,056,768 | ---- | M] () -- C:\Windows\SysNative\defltbase.sdb
    [2011/11/12 21:06:37 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\Nightly.lnk
    [2011/11/12 21:00:26 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
    [2011/11/12 21:00:26 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
    [2011/11/12 21:00:26 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
    [2011/11/12 21:00:26 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
    [2011/11/12 18:23:05 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/11/12 10:10:33 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2011/11/11 21:17:07 | 000,530,488 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
    [2011/11/11 16:44:10 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/11/11 14:56:39 | 000,118,784 | ---- | M] (CyberLink) -- C:\Windows\SysWow64\srrstr.dll
    [2011/11/11 14:56:39 | 000,118,784 | ---- | M] (CyberLink) -- C:\ProgramData\IntelNotifierUpdate.dll
    [39 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [39 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/21 16:12:09 | 000,458,240 | ---- | C] () -- C:\Users\Kevin\Desktop\CKScanner.exe
    [2011/11/13 09:36:56 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2011/11/13 09:34:54 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
    [2011/11/13 09:34:38 | 000,001,105 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
    [2011/11/13 09:34:38 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
    [2011/11/13 09:09:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/11/13 09:09:42 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/11/13 08:49:33 | 001,056,768 | ---- | C] () -- C:\Windows\SysNative\defltbase.sdb
    [2011/11/12 21:06:37 | 000,000,893 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
    [2011/11/12 21:06:37 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\Nightly.lnk
    [2011/11/12 18:23:05 | 000,001,186 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/11/12 18:23:05 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/11/11 16:44:10 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/11/03 16:01:13 | 000,007,510 | R--- | C] () -- C:\Windows\SysNative\drivers\NSTx64\0200000.010\ccSetx64.cat
    [2011/11/03 16:01:13 | 000,000,854 | R--- | C] () -- C:\Windows\SysNative\drivers\NSTx64\0200000.010\ccSetx64.inf
    [2011/11/03 16:01:13 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSTx64\0200000.010\isolate.ini
    [2011/08/27 08:30:41 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2011/08/26 21:11:45 | 000,099,384 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\inst.exe
    [2011/08/26 21:11:45 | 000,007,859 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\pcouffin.cat
    [2011/08/26 21:11:45 | 000,001,167 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\pcouffin.inf
    [2011/08/26 21:07:18 | 000,001,057 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\vso_ts_preview.xml
    [2011/08/26 13:50:44 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\Rid.ini
    [2011/08/19 10:57:27 | 000,090,413 | ---- | C] () -- C:\Windows\War3Unin.dat
    [2011/04/12 18:38:02 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2011/02/18 16:50:08 | 000,011,776 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/11 08:53:15 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
    [2010/08/11 08:53:15 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
    [2010/08/11 08:53:15 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
    [2010/05/30 18:41:49 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
    [2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 15:24:58 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
    [2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== Files - Unicode (All) ==========
    [2011/08/26 13:53:02 | 000,000,000 | ---D | M](C:\Users\Kevin\Documents\?6??) -- C:\Users\Kevin\Documents\&#37239;6&#35270;&#39057;
    [2011/08/26 13:53:02 | 000,000,000 | ---D | C](C:\Users\Kevin\Documents\?6??) -- C:\Users\Kevin\Documents\&#37239;6&#35270;&#39057;
    [2011/03/06 22:50:27 | 000,035,840 | ---- | M] ()(C:\Users\Kevin\Desktop\Marketamerica ??????.doc) -- C:\Users\Kevin\Desktop\Marketamerica &#28385;&#36275;&#20320;&#30340;&#38656;&#35201;.doc
    [2011/03/06 21:50:23 | 000,035,840 | ---- | C] ()(C:\Users\Kevin\Desktop\Marketamerica ??????.doc) -- C:\Users\Kevin\Desktop\Marketamerica &#28385;&#36275;&#20320;&#30340;&#38656;&#35201;.doc

    < End of report >



    -----------------------
    Second Part (Extras.txt)
    -----------------------

    OTL Extras logfile created on: 11/22/2011 10:19:23 AM - Run 3
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kevin\Desktop\Downloads
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 67.56% Memory free
    7.99 Gb Paging File | 6.50 Gb Available in Paging File | 81.25% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 57.42 Gb Total Space | 4.23 Gb Free Space | 7.37% Space Free | Partition Type: NTFS
    Drive D: | 232.88 Gb Total Space | 55.67 Gb Free Space | 23.90% Space Free | Partition Type: NTFS
    Drive E: | 91.63 Gb Total Space | 91.02 Gb Free Space | 99.34% Space Free | Partition Type: NTFS

    Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- Reg Error: Key error. File not found
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Nightly\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- Reg Error: Key error.
    htmlfile [opennew] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- Reg Error: Key error.
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- Reg Error: Key error.
    htmlfile [opennew] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- Reg Error: Key error.
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
    "{4EAB2511-0135-48CA-A47B-CE1E6836793A}" = COMODO Internet Security
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Nightly 11.0a1 (x64 en-US)" = Nightly 11.0a1 (x64 en-US)
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73E80655-FB3C-46F4-BE00-62D248BC490A}" = Visual C++ 2008 Runtime (x64)
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9E2BD6FF-CE8D-47B5-AD9C-0A5C2D54EB3C}" = League of Legends
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
    "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
    "{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "8461-7759-5462-8226" = Vuze
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "COMODO GeekBuddy" = COMODO GeekBuddy
    "conduitEngine" = Conduit Engine
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DFO" = DFOLauncher
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Fallout New Vegas_is1" = Fallout New Vegas
    "iku2.1" = iKu 2
    "iMacsoft DVD Creator" = iMacsoft DVD Creator
    "InfraRecorder" = InfraRecorder
    "Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a
    "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
    "NST" = Norton Safe Web Lite
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Steam App 10" = Counter-Strike
    "Steam App 3590" = Plants vs. Zombies: Game of the Year
    "Steam App 36630" = Rusty Hearts
    "Steam App 440" = Team Fortress 2
    "Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012
    "Steam App 550" = Left 4 Dead 2
    "VLC media player" = VLC media player 1.1.11
    "Vuze_Remote Toolbar" = Vuze Remote Toolbar
    "Warcraft III" = Warcraft III
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Warcraft III" = Warcraft III: All Products

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  14. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy,

    This is not correct. Torrenting itself is legal.
    As an example, I used it to download some Linux disturbs because it goes faster than via FTP.
    It all depends on what you are downloading.



    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed.



    Execute TDSSKiller.exe and press Start Scan.
    • Ensure Cure is selected ( it should be by default )
      Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed
    • Click Continue then click Reboot now.

    Once complete, a log will be produced at the root drive which is typically C:\
    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

    Please post the contents of that log in your next reply.



    Please download and scan with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Note: Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    You can use this thread as a guide.

    Please include the C:\ComboFix.txt in your next reply for further review.



    Please post in your next reply
    TDSSKiller log
    Combofix.txt
    How is your system behaving now ?
     
  15. Alker431

    Alker431 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    30
    On the topic of torrenting, is it legal to download copyrighted material and activating it using a legitimate key?

    Example:
    I buy a program and write down the key needed to install it. Later, I buy a new computer and want to install the program, but I lost the installer (I still have the key). Because of this, I download the installer from a torrent (can or cannot include a crack). I then install it without using the crack, but my actual key from before.

    Is the above example legal?


    Back on topic, here is the log from TDSSKIller

    14:49:22.0134 3884 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
    14:49:22.0524 3884 ============================================================
    14:49:22.0524 3884 Current date / time: 2011/11/22 14:49:22.0524
    14:49:22.0524 3884 SystemInfo:
    14:49:22.0524 3884
    14:49:22.0524 3884 OS Version: 6.1.7600 ServicePack: 0.0
    14:49:22.0524 3884 Product type: Workstation
    14:49:22.0524 3884 ComputerName: KEVIN-PC
    14:49:22.0524 3884 UserName: Kevin
    14:49:22.0524 3884 Windows directory: C:\Windows
    14:49:22.0524 3884 System windows directory: C:\Windows
    14:49:22.0524 3884 Running under WOW64
    14:49:22.0524 3884 Processor architecture: Intel x64
    14:49:22.0524 3884 Number of processors: 2
    14:49:22.0524 3884 Page size: 0x1000
    14:49:22.0524 3884 Boot type: Normal boot
    14:49:22.0524 3884 ============================================================
    14:49:23.0865 3884 Initialize success
    14:49:28.0467 4656 ============================================================
    14:49:28.0467 4656 Scan started
    14:49:28.0467 4656 Mode: Manual;
    14:49:28.0467 4656 ============================================================
    14:49:31.0416 4656 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    14:49:31.0416 4656 1394ohci - ok
    14:49:31.0603 4656 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    14:49:31.0618 4656 ACPI - ok
    14:49:31.0790 4656 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    14:49:31.0790 4656 AcpiPmi - ok
    14:49:32.0055 4656 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    14:49:32.0055 4656 adp94xx - ok
    14:49:32.0336 4656 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    14:49:32.0336 4656 adpahci - ok
    14:49:32.0523 4656 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    14:49:32.0523 4656 adpu320 - ok
    14:49:32.0773 4656 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    14:49:32.0788 4656 AFD - ok
    14:49:32.0882 4656 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    14:49:32.0882 4656 agp440 - ok
    14:49:32.0913 4656 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    14:49:32.0913 4656 aliide - ok
    14:49:32.0960 4656 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    14:49:32.0960 4656 amdide - ok
    14:49:32.0991 4656 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    14:49:32.0991 4656 AmdK8 - ok
    14:49:33.0100 4656 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    14:49:33.0100 4656 AmdPPM - ok
    14:49:33.0116 4656 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    14:49:33.0116 4656 amdsata - ok
    14:49:33.0163 4656 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    14:49:33.0163 4656 amdsbs - ok
    14:49:33.0194 4656 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    14:49:33.0210 4656 amdxata - ok
    14:49:33.0350 4656 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    14:49:33.0350 4656 AppID - ok
    14:49:33.0412 4656 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    14:49:33.0412 4656 arc - ok
    14:49:33.0444 4656 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    14:49:33.0444 4656 arcsas - ok
    14:49:33.0490 4656 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    14:49:33.0490 4656 AsyncMac - ok
    14:49:33.0568 4656 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    14:49:33.0568 4656 atapi - ok
    14:49:33.0631 4656 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    14:49:33.0631 4656 b06bdrv - ok
    14:49:33.0724 4656 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    14:49:33.0740 4656 b57nd60a - ok
    14:49:33.0787 4656 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    14:49:33.0787 4656 Beep - ok
    14:49:33.0896 4656 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    14:49:33.0896 4656 blbdrive - ok
    14:49:33.0974 4656 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    14:49:33.0974 4656 bowser - ok
    14:49:34.0130 4656 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    14:49:34.0146 4656 BrFiltLo - ok
    14:49:34.0208 4656 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    14:49:34.0208 4656 BrFiltUp - ok
    14:49:34.0255 4656 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    14:49:34.0255 4656 Brserid - ok
    14:49:34.0302 4656 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    14:49:34.0317 4656 BrSerWdm - ok
    14:49:34.0348 4656 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    14:49:34.0348 4656 BrUsbMdm - ok
    14:49:34.0520 4656 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    14:49:34.0520 4656 BrUsbSer - ok
    14:49:34.0582 4656 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    14:49:34.0582 4656 BTHMODEM - ok
    14:49:34.0645 4656 ccSet_NST (a8ad33c9dd88c810cac00acc7f4329fb) C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys
    14:49:34.0645 4656 ccSet_NST - ok
    14:49:34.0738 4656 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    14:49:34.0738 4656 cdfs - ok
    14:49:34.0801 4656 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    14:49:34.0801 4656 cdrom - ok
    14:49:34.0879 4656 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    14:49:34.0879 4656 circlass - ok
    14:49:34.0941 4656 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    14:49:34.0941 4656 CLFS - ok
    14:49:35.0082 4656 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    14:49:35.0082 4656 CmBatt - ok
    14:49:35.0144 4656 cmderd (67c7a415e487dfb26d029838f568ef80) C:\Windows\system32\DRIVERS\cmderd.sys
    14:49:35.0144 4656 cmderd - ok
    14:49:35.0206 4656 cmdGuard (f81457b43f083e0ff8eacae720f0537b) C:\Windows\system32\DRIVERS\cmdguard.sys
    14:49:35.0206 4656 cmdGuard - ok
    14:49:35.0269 4656 cmdHlp (0091563e864c5d750771919ea8900763) C:\Windows\system32\DRIVERS\cmdhlp.sys
    14:49:35.0269 4656 cmdHlp - ok
    14:49:35.0347 4656 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    14:49:35.0347 4656 cmdide - ok
    14:49:35.0378 4656 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    14:49:35.0378 4656 CNG - ok
    14:49:35.0409 4656 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    14:49:35.0409 4656 Compbatt - ok
    14:49:35.0472 4656 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    14:49:35.0472 4656 CompositeBus - ok
    14:49:35.0503 4656 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    14:49:35.0503 4656 crcdisk - ok
    14:49:35.0565 4656 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
    14:49:35.0565 4656 CSC - ok
    14:49:35.0628 4656 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    14:49:35.0628 4656 DfsC - ok
    14:49:35.0659 4656 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    14:49:35.0659 4656 discache - ok
    14:49:35.0737 4656 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    14:49:35.0737 4656 Disk - ok
    14:49:35.0940 4656 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    14:49:35.0940 4656 drmkaud - ok
    14:49:36.0002 4656 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    14:49:36.0002 4656 dtsoftbus01 - ok
    14:49:36.0080 4656 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    14:49:36.0096 4656 DXGKrnl - ok
    14:49:36.0189 4656 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
    14:49:36.0189 4656 e1express - ok
    14:49:36.0252 4656 EagleX64 - ok
    14:49:36.0376 4656 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    14:49:36.0408 4656 ebdrv - ok
    14:49:36.0532 4656 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    14:49:36.0532 4656 elxstor - ok
    14:49:36.0564 4656 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    14:49:36.0564 4656 ErrDev - ok
    14:49:36.0610 4656 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    14:49:36.0626 4656 exfat - ok
    14:49:36.0735 4656 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    14:49:36.0735 4656 fastfat - ok
    14:49:36.0782 4656 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    14:49:36.0782 4656 fdc - ok
    14:49:36.0829 4656 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    14:49:36.0829 4656 FileInfo - ok
    14:49:36.0922 4656 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    14:49:36.0922 4656 Filetrace - ok
    14:49:36.0938 4656 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    14:49:36.0954 4656 flpydisk - ok
    14:49:36.0985 4656 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    14:49:36.0985 4656 FltMgr - ok
    14:49:37.0032 4656 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    14:49:37.0032 4656 FsDepends - ok
    14:49:37.0156 4656 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    14:49:37.0156 4656 Fs_Rec - ok
    14:49:37.0203 4656 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
    14:49:37.0203 4656 fvevol - ok
    14:49:37.0312 4656 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    14:49:37.0312 4656 gagp30kx - ok
    14:49:37.0390 4656 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
    14:49:37.0406 4656 hamachi - ok
    14:49:37.0422 4656 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    14:49:37.0422 4656 hcw85cir - ok
    14:49:37.0484 4656 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    14:49:37.0484 4656 HdAudAddService - ok
    14:49:37.0609 4656 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    14:49:37.0609 4656 HDAudBus - ok
    14:49:37.0656 4656 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    14:49:37.0671 4656 HidBatt - ok
    14:49:37.0687 4656 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    14:49:37.0687 4656 HidBth - ok
    14:49:37.0734 4656 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    14:49:37.0734 4656 HidIr - ok
    14:49:37.0858 4656 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    14:49:37.0858 4656 HidUsb - ok
    14:49:37.0968 4656 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    14:49:37.0968 4656 HpSAMD - ok
    14:49:38.0030 4656 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    14:49:38.0046 4656 HTTP - ok
    14:49:38.0108 4656 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    14:49:38.0108 4656 hwpolicy - ok
    14:49:38.0170 4656 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    14:49:38.0170 4656 i8042prt - ok
    14:49:38.0217 4656 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    14:49:38.0217 4656 iaStorV - ok
    14:49:38.0280 4656 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    14:49:38.0280 4656 iirsp - ok
    14:49:38.0373 4656 inspect (db2ce341c290292f60c6bb13b7a1d84e) C:\Windows\system32\DRIVERS\inspect.sys
    14:49:38.0373 4656 inspect - ok
    14:49:38.0623 4656 IntcAzAudAddService (aecdaa95b5bbfac856c4a22d06d3d76a) C:\Windows\system32\drivers\RTKVHD64.sys
    14:49:38.0638 4656 IntcAzAudAddService - ok
    14:49:38.0857 4656 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    14:49:38.0857 4656 intelide - ok
    14:49:38.0888 4656 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    14:49:38.0888 4656 intelppm - ok
    14:49:38.0919 4656 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:49:38.0919 4656 IpFilterDriver - ok
    14:49:39.0122 4656 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    14:49:39.0122 4656 IPMIDRV - ok
    14:49:39.0153 4656 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    14:49:39.0153 4656 IPNAT - ok
    14:49:39.0200 4656 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    14:49:39.0200 4656 IRENUM - ok
    14:49:39.0231 4656 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    14:49:39.0231 4656 isapnp - ok
    14:49:39.0262 4656 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    14:49:39.0262 4656 iScsiPrt - ok
    14:49:39.0434 4656 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    14:49:39.0434 4656 kbdclass - ok
    14:49:39.0465 4656 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    14:49:39.0465 4656 kbdhid - ok
    14:49:39.0512 4656 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    14:49:39.0512 4656 KSecDD - ok
    14:49:39.0621 4656 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
    14:49:39.0621 4656 KSecPkg - ok
    14:49:39.0715 4656 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    14:49:39.0715 4656 ksthunk - ok
    14:49:39.0808 4656 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    14:49:39.0808 4656 lltdio - ok
    14:49:39.0902 4656 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    14:49:39.0918 4656 LSI_FC - ok
    14:49:39.0964 4656 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    14:49:39.0964 4656 LSI_SAS - ok
    14:49:40.0042 4656 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    14:49:40.0089 4656 LSI_SAS2 - ok
    14:49:40.0183 4656 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    14:49:40.0183 4656 LSI_SCSI - ok
    14:49:40.0214 4656 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    14:49:40.0214 4656 luafv - ok
    14:49:40.0245 4656 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    14:49:40.0245 4656 megasas - ok
    14:49:40.0292 4656 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    14:49:40.0292 4656 MegaSR - ok
    14:49:40.0386 4656 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    14:49:40.0386 4656 Modem - ok
    14:49:40.0417 4656 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    14:49:40.0417 4656 monitor - ok
    14:49:40.0448 4656 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    14:49:40.0448 4656 mouclass - ok
    14:49:40.0557 4656 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    14:49:40.0557 4656 mouhid - ok
    14:49:40.0620 4656 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    14:49:40.0635 4656 mountmgr - ok
    14:49:40.0651 4656 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    14:49:40.0666 4656 mpio - ok
    14:49:40.0698 4656 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    14:49:40.0698 4656 mpsdrv - ok
    14:49:40.0729 4656 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    14:49:40.0729 4656 MRxDAV - ok
    14:49:40.0760 4656 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
    14:49:40.0760 4656 mrxsmb - ok
    14:49:40.0838 4656 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    14:49:40.0854 4656 mrxsmb10 - ok
    14:49:40.0869 4656 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    14:49:40.0885 4656 mrxsmb20 - ok
    14:49:40.0994 4656 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    14:49:40.0994 4656 msahci - ok
    14:49:41.0025 4656 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    14:49:41.0041 4656 msdsm - ok
    14:49:41.0088 4656 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    14:49:41.0088 4656 Msfs - ok
    14:49:41.0103 4656 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    14:49:41.0103 4656 mshidkmdf - ok
    14:49:41.0150 4656 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    14:49:41.0150 4656 msisadrv - ok
    14:49:41.0228 4656 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    14:49:41.0228 4656 MSKSSRV - ok
    14:49:41.0322 4656 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    14:49:41.0337 4656 MSPCLOCK - ok
    14:49:41.0384 4656 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    14:49:41.0384 4656 MSPQM - ok
    14:49:41.0509 4656 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    14:49:41.0509 4656 MsRPC - ok
    14:49:41.0556 4656 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    14:49:41.0571 4656 mssmbios - ok
    14:49:41.0634 4656 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    14:49:41.0649 4656 MSTEE - ok
    14:49:41.0680 4656 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    14:49:41.0680 4656 MTConfig - ok
    14:49:41.0727 4656 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    14:49:41.0727 4656 Mup - ok
    14:49:41.0836 4656 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    14:49:41.0836 4656 NativeWifiP - ok
    14:49:42.0086 4656 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    14:49:42.0242 4656 NDIS - ok
    14:49:42.0351 4656 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    14:49:42.0367 4656 NdisCap - ok
    14:49:42.0398 4656 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    14:49:42.0398 4656 NdisTapi - ok
    14:49:42.0460 4656 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    14:49:42.0460 4656 Ndisuio - ok
    14:49:42.0523 4656 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    14:49:42.0523 4656 NdisWan - ok
    14:49:42.0570 4656 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    14:49:42.0585 4656 NDProxy - ok
    14:49:43.0100 4656 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    14:49:43.0131 4656 NetBIOS - ok
    14:49:43.0490 4656 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    14:49:43.0506 4656 NetBT - ok
    14:49:43.0568 4656 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    14:49:43.0584 4656 nfrd960 - ok
    14:49:43.0677 4656 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    14:49:43.0677 4656 Npfs - ok
    14:49:43.0724 4656 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    14:49:43.0724 4656 nsiproxy - ok
    14:49:43.0818 4656 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    14:49:43.0833 4656 Ntfs - ok
    14:49:43.0911 4656 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    14:49:43.0911 4656 Null - ok
    14:49:44.0566 4656 nvlddmkm (6f9cbe52517660b68694accee35ec4d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    14:49:44.0660 4656 nvlddmkm - ok
    14:49:44.0800 4656 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    14:49:44.0800 4656 nvraid - ok
    14:49:44.0832 4656 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    14:49:44.0832 4656 nvstor - ok
    14:49:44.0910 4656 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    14:49:44.0910 4656 nv_agp - ok
    14:49:44.0988 4656 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    14:49:44.0988 4656 ohci1394 - ok
    14:49:45.0050 4656 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    14:49:45.0050 4656 Parport - ok
    14:49:45.0066 4656 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    14:49:45.0066 4656 partmgr - ok
    14:49:45.0112 4656 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    14:49:45.0112 4656 pci - ok
    14:49:45.0159 4656 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    14:49:45.0159 4656 pciide - ok
    14:49:45.0206 4656 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    14:49:45.0206 4656 pcmcia - ok
    14:49:45.0237 4656 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    14:49:45.0237 4656 pcw - ok
    14:49:45.0284 4656 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    14:49:45.0300 4656 PEAUTH - ok
    14:49:45.0424 4656 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    14:49:45.0424 4656 PptpMiniport - ok
    14:49:45.0456 4656 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    14:49:45.0456 4656 Processor - ok
    14:49:45.0502 4656 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    14:49:45.0518 4656 Psched - ok
    14:49:45.0643 4656 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    14:49:45.0658 4656 ql2300 - ok
    14:49:45.0768 4656 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    14:49:45.0783 4656 ql40xx - ok
    14:49:45.0799 4656 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    14:49:45.0799 4656 QWAVEdrv - ok
    14:49:45.0846 4656 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    14:49:45.0846 4656 RasAcd - ok
    14:49:45.0970 4656 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    14:49:45.0970 4656 RasAgileVpn - ok
    14:49:45.0986 4656 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    14:49:45.0986 4656 Rasl2tp - ok
    14:49:46.0033 4656 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    14:49:46.0033 4656 RasPppoe - ok
    14:49:46.0126 4656 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    14:49:46.0126 4656 RasSstp - ok
    14:49:46.0158 4656 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    14:49:46.0173 4656 rdbss - ok
    14:49:46.0204 4656 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    14:49:46.0204 4656 rdpbus - ok
    14:49:46.0314 4656 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    14:49:46.0329 4656 RDPCDD - ok
    14:49:46.0360 4656 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
    14:49:46.0360 4656 RDPDR - ok
    14:49:46.0392 4656 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    14:49:46.0392 4656 RDPENCDD - ok
    14:49:46.0407 4656 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    14:49:46.0407 4656 RDPREFMP - ok
    14:49:46.0563 4656 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    14:49:46.0563 4656 RDPWD - ok
    14:49:46.0641 4656 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    14:49:46.0641 4656 rdyboost - ok
    14:49:46.0813 4656 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    14:49:46.0813 4656 rspndr - ok
    14:49:46.0906 4656 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
    14:49:46.0906 4656 s3cap - ok
    14:49:46.0938 4656 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    14:49:46.0938 4656 sbp2port - ok
    14:49:46.0984 4656 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    14:49:46.0984 4656 scfilter - ok
    14:49:47.0094 4656 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    14:49:47.0094 4656 secdrv - ok
    14:49:47.0156 4656 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    14:49:47.0156 4656 Serenum - ok
    14:49:47.0187 4656 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    14:49:47.0203 4656 Serial - ok
    14:49:47.0374 4656 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    14:49:47.0374 4656 sermouse - ok
    14:49:47.0437 4656 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    14:49:47.0437 4656 sffdisk - ok
    14:49:47.0484 4656 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    14:49:47.0484 4656 sffp_mmc - ok
    14:49:47.0515 4656 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    14:49:47.0530 4656 sffp_sd - ok
    14:49:47.0577 4656 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    14:49:47.0577 4656 sfloppy - ok
    14:49:47.0655 4656 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    14:49:47.0686 4656 SiSRaid2 - ok
    14:49:47.0718 4656 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    14:49:47.0733 4656 SiSRaid4 - ok
    14:49:47.0764 4656 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    14:49:47.0764 4656 Smb - ok
    14:49:47.0874 4656 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    14:49:47.0874 4656 spldr - ok
    14:49:47.0920 4656 sptd - ok
    14:49:48.0669 4656 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
    14:49:49.0262 4656 srv - ok
    14:49:49.0309 4656 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
    14:49:49.0324 4656 srv2 - ok
    14:49:49.0371 4656 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
    14:49:49.0371 4656 srvnet - ok
    14:49:49.0527 4656 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    14:49:49.0527 4656 stexstor - ok
    14:49:49.0574 4656 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
    14:49:49.0574 4656 storflt - ok
    14:49:49.0699 4656 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
    14:49:49.0699 4656 storvsc - ok
    14:49:49.0730 4656 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    14:49:49.0730 4656 swenum - ok
    14:49:49.0808 4656 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
    14:49:49.0824 4656 Tcpip - ok
    14:49:49.0995 4656 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
    14:49:50.0011 4656 TCPIP6 - ok
    14:49:50.0104 4656 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    14:49:50.0104 4656 tcpipreg - ok
    14:49:50.0136 4656 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    14:49:50.0136 4656 TDPIPE - ok
    14:49:50.0167 4656 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    14:49:50.0167 4656 TDTCP - ok
    14:49:50.0214 4656 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    14:49:50.0214 4656 tdx - ok
    14:49:50.0245 4656 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    14:49:50.0245 4656 TermDD - ok
    14:49:50.0292 4656 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    14:49:50.0292 4656 tssecsrv - ok
    14:49:50.0338 4656 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    14:49:50.0338 4656 tunnel - ok
    14:49:50.0432 4656 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    14:49:50.0432 4656 uagp35 - ok
    14:49:50.0463 4656 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    14:49:50.0463 4656 udfs - ok
    14:49:50.0510 4656 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    14:49:50.0526 4656 uliagpkx - ok
    14:49:50.0557 4656 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    14:49:50.0557 4656 umbus - ok
    14:49:50.0588 4656 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    14:49:50.0588 4656 UmPass - ok
    14:49:50.0682 4656 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    14:49:50.0697 4656 usbaudio - ok
    14:49:50.0744 4656 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    14:49:50.0744 4656 usbccgp - ok
    14:49:50.0806 4656 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    14:49:50.0806 4656 usbcir - ok
    14:49:50.0838 4656 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    14:49:50.0838 4656 usbehci - ok
    14:49:50.0931 4656 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    14:49:50.0947 4656 usbhub - ok
    14:49:50.0978 4656 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    14:49:50.0978 4656 usbohci - ok
    14:49:51.0025 4656 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    14:49:51.0025 4656 usbprint - ok
    14:49:51.0056 4656 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    14:49:51.0056 4656 usbscan - ok
    14:49:51.0134 4656 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    14:49:51.0150 4656 USBSTOR - ok
    14:49:51.0196 4656 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    14:49:51.0196 4656 usbuhci - ok
    14:49:51.0274 4656 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    14:49:51.0274 4656 vdrvroot - ok
    14:49:51.0337 4656 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    14:49:51.0337 4656 vga - ok
    14:49:51.0352 4656 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    14:49:51.0368 4656 VgaSave - ok
    14:49:51.0399 4656 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    14:49:51.0399 4656 vhdmp - ok
    14:49:51.0415 4656 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    14:49:51.0415 4656 viaide - ok
    14:49:51.0508 4656 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
    14:49:51.0508 4656 vmbus - ok
    14:49:51.0555 4656 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
    14:49:51.0555 4656 VMBusHID - ok
    14:49:51.0586 4656 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    14:49:51.0586 4656 volmgr - ok
    14:49:51.0680 4656 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    14:49:51.0680 4656 volmgrx - ok
    14:49:51.0742 4656 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    14:49:51.0758 4656 volsnap - ok
    14:49:51.0852 4656 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    14:49:51.0852 4656 vsmraid - ok
    14:49:51.0883 4656 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    14:49:51.0883 4656 vwifibus - ok
    14:49:51.0945 4656 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    14:49:51.0961 4656 WacomPen - ok
    14:49:52.0054 4656 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    14:49:52.0054 4656 WANARP - ok
    14:49:52.0070 4656 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    14:49:52.0070 4656 Wanarpv6 - ok
    14:49:52.0132 4656 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    14:49:52.0132 4656 Wd - ok
    14:49:52.0164 4656 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    14:49:52.0179 4656 Wdf01000 - ok
    14:49:52.0273 4656 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    14:49:52.0273 4656 WfpLwf - ok
    14:49:52.0320 4656 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    14:49:52.0320 4656 WIMMount - ok
    14:49:52.0444 4656 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    14:49:52.0444 4656 WmiAcpi - ok
    14:49:52.0522 4656 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    14:49:52.0522 4656 ws2ifsl - ok
    14:49:52.0585 4656 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    14:49:52.0585 4656 WudfPf - ok
    14:49:52.0616 4656 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    14:49:52.0632 4656 WUDFRd - ok
    14:49:52.0725 4656 X6va005 - ok
    14:49:52.0928 4656 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
    14:49:52.0928 4656 xnacc - ok
    14:49:53.0006 4656 MBR (0x1B8) (d8f98fa929a3ce2707b66f8b212f5858) \Device\Harddisk0\DR0
    14:49:53.0006 4656 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - infected
    14:49:53.0006 4656 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
    14:49:53.0006 4656 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
    14:49:53.0006 4656 \Device\Harddisk1\DR1 - ok
    14:49:53.0022 4656 Boot (0x1200) (fea36758ef0025b5244db0ea7eba6050) \Device\Harddisk0\DR0\Partition0
    14:49:53.0022 4656 \Device\Harddisk0\DR0\Partition0 - ok
    14:49:53.0037 4656 Boot (0x1200) (7c1689293d88139f0b5f90e28b42a73d) \Device\Harddisk0\DR0\Partition1
    14:49:53.0037 4656 \Device\Harddisk0\DR0\Partition1 - ok
    14:49:53.0037 4656 Boot (0x1200) (66f6cbb8aea6323300bc8ea1d4c5c0c0) \Device\Harddisk1\DR1\Partition0
    14:49:53.0037 4656 \Device\Harddisk1\DR1\Partition0 - ok
    14:49:53.0037 4656 ============================================================
    14:49:53.0053 4656 Scan finished
    14:49:53.0053 4656 ============================================================
    14:49:53.0068 4648 Detected object count: 1
    14:49:53.0068 4648 Actual detected object count: 1
    14:50:00.0447 4648 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - will be cured on reboot
    14:50:00.0447 4648 \Device\Harddisk0\DR0 - ok
    14:50:00.0463 4648 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - User select action: Cure
    14:50:03.0318 2840 Deinitialize success




    Here is the log from Combofix

    ComboFix 11-11-22.01 - Kevin 11/22/2011 15:03:28.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2933 [GMT -8:00]
    Running from: c:\users\Kevin\Desktop\ComboFix.exe
    AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
    FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
    SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\aedebaa.tmp
    c:\programdata\aewieaa.tmp
    c:\programdata\amihbaa.tmp
    c:\programdata\bewieaa.tmp
    c:\programdata\bmihbaa.tmp
    c:\programdata\cdwnbaa.tmp
    c:\programdata\cewieaa.tmp
    c:\programdata\cmihbaa.tmp
    c:\programdata\ddwnbaa.tmp
    c:\programdata\dmihbaa.tmp
    c:\programdata\edwnbaa.tmp
    c:\programdata\eewieaa.tmp
    c:\programdata\emihbaa.tmp
    c:\programdata\fdwnbaa.tmp
    c:\programdata\gdwnbaa.tmp
    c:\programdata\iamlbaa.tmp
    c:\programdata\IntelNotifierUpdate.dll
    c:\programdata\jamlbaa.tmp
    c:\programdata\kamlbaa.tmp
    c:\programdata\kbvzaaa.tmp
    c:\programdata\korhbaa.tmp
    c:\programdata\lamlbaa.tmp
    c:\programdata\lbvzaaa.tmp
    c:\programdata\mamlbaa.tmp
    c:\programdata\mbvzaaa.tmp
    c:\programdata\nbvzaaa.tmp
    c:\programdata\obvzaaa.tmp
    c:\programdata\ojwmbaa.tmp
    c:\programdata\pjwmbaa.tmp
    c:\programdata\qcvlbaa.tmp
    c:\programdata\qjwmbaa.tmp
    c:\programdata\rcvlbaa.tmp
    c:\programdata\rjwmbaa.tmp
    c:\programdata\scvlbaa.tmp
    c:\programdata\sjwmbaa.tmp
    c:\programdata\tcvlbaa.tmp
    c:\programdata\ucvlbaa.tmp
    c:\programdata\wddebaa.tmp
    c:\programdata\yddebaa.tmp
    c:\programdata\zddebaa.tmp
    c:\users\Kevin\AppData\Roaming\inst.exe
    c:\users\Kevin\AppData\Roaming\vso_ts_preview.xml
    c:\windows\svchost.exe
    c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps\CrashDumpsUpdate\CrashDumpsup.DLL
    c:\windows\system32\config\systemprofile\AppData\Local\ElevatedDiagnostics\ElevatedDiagnosticsUpdate\ElevatedDiagnosticsup.DLL
    c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftup.DLL
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-22 23:15 . 2011-11-22 23:15 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-22 22:53 . 2011-11-22 22:53 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3914F3D-9BD3-4900-9366-B4CE32D55E6D}\offreg.dll
    2011-11-22 17:39 . 2011-11-22 17:39 -------- d-----w- c:\users\Kevin\AppData\Local\COMODO
    2011-11-20 02:58 . 2011-11-20 02:58 -------- d-----w- c:\program files (x86)\iMacsoft
    2011-11-19 17:39 . 2011-11-19 17:39 388096 ----a-r- c:\users\Kevin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-15 23:50 . 2011-10-18 09:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3914F3D-9BD3-4900-9366-B4CE32D55E6D}\mpengine.dll
    2011-11-13 18:47 . 2011-11-13 18:47 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-11-13 17:47 . 2011-11-13 17:47 -------- d-----w- C:\VritualRoot
    2011-11-13 17:34 . 2011-11-13 19:10 -------- d-----w- c:\programdata\Comodo
    2011-11-13 17:34 . 2011-11-13 17:34 -------- d-----w- c:\program files\COMODO
    2011-11-13 17:34 . 2011-11-13 17:34 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
    2011-11-13 17:34 . 2011-11-13 17:34 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
    2011-11-13 17:33 . 2011-11-13 17:34 -------- d-----w- c:\programdata\Comodo Downloader
    2011-11-13 17:05 . 2011-11-13 17:05 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-11-13 05:06 . 2011-11-22 22:48 -------- d-----w- c:\program files\Nightly
    2011-11-13 05:00 . 2011-11-13 05:00 -------- d-----w- c:\program files\Java
    2011-11-13 04:36 . 2011-11-13 05:00 525544 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-13 02:23 . 2011-11-05 06:53 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-11-13 02:23 . 2011-11-05 06:53 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
    2011-11-13 02:23 . 2011-11-05 06:53 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-11-13 02:23 . 2011-11-05 06:53 478168 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-11-13 02:23 . 2011-11-05 06:53 1989592 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
    2011-11-13 02:23 . 2011-11-05 06:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
    2011-11-13 02:23 . 2011-11-05 03:21 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
    2011-11-13 02:23 . 2011-11-05 03:21 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
    2011-11-12 18:10 . 2011-11-12 18:10 -------- d-----w- c:\windows\system32\Macromed
    2011-11-12 04:07 . 2011-11-12 04:07 -------- d-----w- c:\users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
    2011-11-11 22:56 . 2011-11-11 22:56 118784 ----a-w- c:\windows\SysWow64\srrstr.dll
    2011-11-04 00:02 . 2011-11-04 00:02 -------- d-----w- c:\windows\system32\drivers\N360X64
    2011-11-04 00:01 . 2011-11-04 00:01 -------- d-----w- c:\windows\system32\drivers\NSTx64
    2011-11-04 00:01 . 2011-11-04 00:01 -------- d-----w- c:\program files (x86)\Norton Safe Web Lite
    2011-10-28 14:09 . 2011-11-13 17:13 -------- d-----w- c:\program files (x86)\YONTOO LAYERS RUNTIME
    2011-10-28 04:51 . 2011-11-13 18:47 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
    2011-10-28 04:21 . 2011-10-28 04:21 -------- d-----w- c:\users\Kevin\.swt
    2011-10-28 03:31 . 2011-10-28 03:31 -------- d-----w- c:\program files (x86)\MagicISO
    2011-10-28 03:17 . 2011-10-28 03:17 -------- d-----w- c:\users\Kevin\AppData\Local\WeatherBug
    2011-10-28 03:17 . 2011-10-28 03:17 -------- d-----w- c:\users\Kevin\AppData\Roaming\WeatherBug
    2011-10-28 03:17 . 2011-10-28 03:17 18944 ----a-r- c:\users\Kevin\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
    2011-10-28 03:16 . 2011-10-28 03:18 -------- d-----w- c:\users\Kevin\AppData\Roaming\Fighters
    2011-10-28 03:15 . 2011-10-28 03:18 -------- d-----w- c:\programdata\Fighters
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-12 18:10 . 2011-05-17 22:25 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-12 05:17 . 2010-05-22 23:26 530488 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-10-08 02:48 . 2011-10-08 02:48 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-10-08 02:47 . 2011-10-08 02:47 574216 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-10-08 02:47 . 2011-10-08 02:47 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-10-08 02:47 . 2011-10-08 02:47 16528 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-10-08 02:47 . 2011-10-08 02:47 41200 ----a-w- c:\windows\system32\cmdcsr.dll
    2011-10-08 02:47 . 2011-10-08 02:47 300200 ----a-w- c:\windows\SysWow64\guard32.dll
    2011-10-08 02:47 . 2011-10-08 02:47 388280 ----a-w- c:\windows\system32\guard64.dll
    2011-09-21 00:22 . 2011-09-21 00:22 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-09-21 00:21 . 2011-09-21 00:21 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-09-21 00:21 . 2011-09-21 00:21 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-09-21 00:21 . 2011-09-21 00:21 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-09-01 00:00 . 2011-02-11 00:04 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-27 16:12 . 2011-08-27 05:11 82816 ----a-w- c:\users\Kevin\AppData\Roaming\pcouffin.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 23:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-01-17 23:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-24 3077528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 213304]
    "CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 184120]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Norton Update"="c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftup.DLL" [2011-11-11 148480]
    "Classes Update"="c:\windows\system32\config\systemprofile\AppData\Local\ElevatedDiagnostics\ElevatedDiagnosticsUpdate\ElevatedDiagnosticsup.DLL" [2011-11-11 148480]
    "AppDataLow Update"="c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps\CrashDumpsUpdate\CrashDumpsup.DLL" [2011-11-11 148480]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe" [2011-04-17 235168]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
    @=""
    .
    R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 161080]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 X6va005;X6va005;c:\users\Kevin\AppData\Local\Temp\0056001.tmp [x]
    R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [x]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [x]
    S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2011-08-10 138760]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-12 240232]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RAVCpl64.exe" [2008-08-05 6455840]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 9264456]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\guard64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyServer = 0.0.0.0:80
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    LSP: c:\program files (x86)\YouKu\common\ikutm.dll
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{87A0D2CD-574C-4991-A0C1-586C5AFDAA50}: NameServer = 8.26.56.26,156.154.70.22
    FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\New folder\
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
    Wow6432Node-HKCU-Run-LightScribe Control Panel - c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    Wow6432Node-HKCU-Run-Weather - c:\program files (x86)\AWS\WeatherBug\Weather.exe
    Wow6432Node-HKU-Default-Run-IntelNotifierUpdate - c:\programdata\IntelNotifierUpdate.dll
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    HKLM-Run-Skytel - Skytel.exe
    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
    "ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Kevin\AppData\Local\Temp\0056001.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
    be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
    34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
    "{30CEEEA2-3742-40E4-85DD-812BF1CBB83D}"=hex:51,66,7a,6c,4c,1d,38,12,cc,ed,dd,
    34,70,79,8a,05,fa,cb,c2,6b,f4,95,fc,29
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F0DA78E9-6B60-42FB-BC26-EF2CFB8C8FF3}"=hex:51,66,7a,6c,4c,1d,38,12,87,7b,c9,
    f4,52,25,95,07,c3,30,ac,6c,fe,d2,cb,e7
    "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
    f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:a4,7f,85,2f,28,a2,cc,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,a5,14,86,b1,c5,06,4f,90,e5,d4,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,a5,14,86,b1,c5,06,4f,90,e5,d4,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\08\01\08\05\05(}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-11-22 15:29:29
    ComboFix-quarantined-files.txt 2011-11-22 23:29
    .
    Pre-Run: 4,409,765,888 bytes free
    Post-Run: 4,552,105,984 bytes free
    .
    - - End Of File - - ED872CFC073007A9D708E43A3EC0004D
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027039

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice