Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

after a long time i got infected..


  • Please log in to reply

#1
DrDark

DrDark

    Member

  • Member
  • PipPip
  • 33 posts
Hello. i've been surfing at g2g for a long time already after i got help and learned a lot from here..
But it seems like i got infected somehow.
My internet started acting weird lately, It started stopping to load web sites in the middle of process it started disconnecting from some of my game servers..
So i decided to run a normal scan with my Anti-Virus and with MBAM anti virus found nothing while MBAM found 16 infections and cleaned them all.
But MBAM keeps prompting me that some malicious program named svdysfjs.exe is trying to send information to some kind of an IP.
even after rebooting! so i'd like to make sure if there are any more infections in my computer and get help removing them here is my OTL log :
OTL logfile created on: 9/5/2011 6:08:38 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\David\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 58.91% Memory free
6.00 Gb Paging File | 4.51 Gb Available in Paging File | 75.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.78 Gb Total Space | 38.65 Gb Free Space | 36.54% Space Free | Partition Type: NTFS
Drive D: | 359.88 Gb Total Space | 181.71 Gb Free Space | 50.49% Space Free | Partition Type: NTFS
Drive E: | 2.27 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/05 18:08:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\David\Downloads\OTL.exe
PRC - [2011/09/03 19:19:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/29 20:15:26 | 000,227,328 | ---- | M] () -- C:\Windows\System32\drivers\svdysfjs.exe
PRC - [2011/08/07 18:06:15 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/08/03 17:46:33 | 000,411,432 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2011/08/02 14:24:26 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\Steam.exe
PRC - [2011/07/23 04:21:57 | 001,708,544 | ---- | M] (Curse) -- C:\Users\David\AppData\Local\Apps\2.0\41W2Q2DY.JQR\9RXYXV0R.BJ0\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/25 10:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/05/25 10:24:56 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/05/25 10:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/27 15:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/20 12:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/20 12:20:04 | 000,313,152 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/12/24 16:52:08 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/03 19:19:29 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/15 03:09:47 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
MOD - [2011/08/15 03:09:28 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\47a4b624c147aae197214d4ee5f0661b\Microsoft.VisualBasic.ni.dll
MOD - [2011/08/15 03:09:17 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
MOD - [2011/08/15 03:09:04 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
MOD - [2011/08/15 03:08:54 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/08/15 03:07:15 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d17a5e7b3e9c6ea0f5c66093771b35eb\CustomMarshalers.ni.dll
MOD - [2011/08/15 03:07:12 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e285e2af5e0e8ac7d91936b2cb18542f\System.Runtime.Serialization.ni.dll
MOD - [2011/08/15 03:07:10 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\b907dd027bbe99c5035b1d6355f83998\SMDiagnostics.ni.dll
MOD - [2011/08/15 03:07:09 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\052fc9c848a7f4630980ae0fd7a282e0\System.ServiceModel.ni.dll
MOD - [2011/08/15 03:06:51 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\364993b444187c2dd988cab2fb0f98c6\System.Deployment.ni.dll
MOD - [2011/08/15 03:06:50 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/15 03:06:31 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/15 03:06:30 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll
MOD - [2011/08/15 03:06:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/08/15 03:06:16 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\ebdaeeb5ef1a6209d67a2f70fcaf5cd5\System.Core.ni.dll
MOD - [2011/08/15 03:06:11 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\c0d90fae726bca4f272ac9a2906b3741\System.Security.ni.dll
MOD - [2011/08/15 03:06:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/15 03:06:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/15 03:06:02 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/15 03:05:57 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/08/12 04:37:02 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/07 18:06:15 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/08/03 17:46:32 | 014,401,832 | ---- | M] () -- D:\Program Files\Steam\bin\libcef.dll
MOD - [2011/08/03 17:46:32 | 000,914,216 | ---- | M] () -- D:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2011/08/03 17:46:32 | 000,190,248 | ---- | M] () -- D:\Program Files\Steam\bin\chromehtml.dll
MOD - [2011/08/03 17:46:32 | 000,155,432 | ---- | M] () -- D:\Program Files\Steam\bin\avformat-52.dll
MOD - [2011/08/03 17:46:32 | 000,091,432 | ---- | M] () -- D:\Program Files\Steam\bin\avutil-50.dll
MOD - [2011/05/26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/05/20 22:35:00 | 000,247,400 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/04 17:57:40 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/29 20:15:26 | 000,227,328 | ---- | M] () [Auto | Running] -- C:\Windows\System32\drivers\svdysfjs.exe -- (svdysfjs)
SRV - [2011/08/03 17:46:33 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/21 17:06:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 10:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/12/24 16:52:08 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)


========== Driver Services (SafeList) ==========

DRV - [2011/09/05 17:57:05 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/09/05 17:56:54 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B8BECB5-67C6-469D-9B7C-DB73027215D1}\MpKsl6de7834f.sys -- (MpKsl6de7834f)
DRV - [2011/07/23 01:09:35 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/25 10:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 97 F3 92 81 69 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/25 17:18:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/03 19:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/25 17:18:00 | 000,000,000 | ---D | M]

[2011/07/21 01:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2011/09/01 15:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\3ehjyyk2.default\extensions
[2011/07/27 16:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/27 16:37:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3EHJYYK2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3EHJYYK2.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3EHJYYK2.DEFAULT\EXTENSIONS\[email protected]
[2011/09/03 19:19:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 11:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdm2.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download all with Free Download Manager - D:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - D:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - D:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - D:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1968709D-1509-4F6F-AB2A-513FF7D148AB}: NameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/13 15:55:00 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6b63be87-b374-11e0-9d00-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6b63be87-b374-11e0-9d00-806e6f6e6963}\Shell\AutoRun\command - "" = E:\barmaster.exe
O33 - MountPoints2\{7bac99b7-b47c-11e0-a326-f860597b746e}\Shell - "" = AutoRun
O33 - MountPoints2\{7bac99b7-b47c-11e0-a326-f860597b746e}\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/05 17:47:37 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Malwarebytes
[2011/09/05 17:47:27 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/05 17:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/05 17:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/05 17:47:23 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/05 17:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/05 15:41:22 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{379D29EB-6BAC-45F7-8EDB-57D4C279BED0}
[2011/09/05 15:41:03 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{926AC026-FC3B-4D8F-853F-74EC1B798548}
[2011/09/05 15:22:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{E03DA6B0-845C-403C-8CCB-2C925020F4EF}
[2011/09/05 15:22:29 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{BD8543C4-81E0-490D-A7A1-8D04D854D4E9}
[2011/09/05 15:16:18 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{29093643-4A18-4E02-9B69-A679621E9D12}
[2011/09/05 15:15:58 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{D34FDA5D-3C71-423D-8A3C-7D2CA740A05A}
[2011/09/05 10:33:08 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F0E9E021-2BD3-4CF5-8EBE-08EF25871BE7}
[2011/09/05 10:32:44 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{E25B6946-062C-47DA-9DC3-298012622FE9}
[2011/09/05 10:27:14 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{5BF901C1-C714-4701-8A58-ED08E88776EC}
[2011/09/05 10:26:57 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B32CA0EF-87EE-431D-B11C-6D38E5663407}
[2011/09/05 10:21:26 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{44F15D01-A7BF-4486-9CD0-B532F7B91CA7}
[2011/09/05 10:21:09 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{5C43B8B8-4115-4669-AB84-D992CA0CE3D9}
[2011/09/05 10:15:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{AB0027FB-6723-4A8B-B7B7-E738826B1323}
[2011/09/05 10:15:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2135A67D-67DF-451F-8D94-2C9A0FD0040C}
[2011/09/05 10:09:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{1257722B-2177-4FAA-B949-92373914FC18}
[2011/09/05 10:09:39 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{AA0E125A-D021-4021-8218-BA1765964099}
[2011/09/05 10:04:09 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{BFAFF6F0-DAB7-4A17-96AF-5EA95C0A2EF8}
[2011/09/05 10:03:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F6D170BC-3E25-4764-A91A-296B6226C15A}
[2011/09/05 09:58:20 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{65BB5D1B-BD74-4B6A-BA6D-110F1B892C33}
[2011/09/05 09:58:06 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A6456984-307F-4F5B-9425-232EC6727096}
[2011/09/05 09:52:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F2A319D1-9664-4B9F-ABF2-30FD51ED3DE4}
[2011/09/05 09:52:22 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{70EFB74E-040A-4C9E-9C3A-3364CD25D50D}
[2011/09/05 09:46:54 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{72B3C531-A3B8-434B-91AF-2042B7F2C1A8}
[2011/09/05 09:46:36 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{5702D4C7-DD11-4BA0-B647-B74587826820}
[2011/09/05 09:41:12 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{7E08B04C-5AAA-47B6-8510-1AD9B9A54E98}
[2011/09/05 09:40:54 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{438FD29E-B8AA-4805-BAFE-98E4768310FC}
[2011/09/05 09:35:30 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{FE885909-66B7-4C33-803C-9B4E156524C5}
[2011/09/05 09:35:11 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{799834E6-0F0C-4B82-AE31-1BE0AEC4E571}
[2011/09/05 09:29:41 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{7633120E-58C5-482A-AF89-B1E6980D2DB8}
[2011/09/05 09:29:25 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{1F568D83-941A-4292-AF3F-7F4377644E07}
[2011/09/05 09:24:04 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{9DA1A338-9B1E-4F76-9491-BAB738D7E31E}
[2011/09/05 09:23:41 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3E2D309D-37D0-4658-9495-B1AA65075016}
[2011/09/05 09:18:12 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{48A1A5C4-C38E-4F75-A2FC-F80E62C59260}
[2011/09/05 09:17:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{92AE68F5-495D-4F5F-8F02-CB6F51EF618D}
[2011/09/05 09:12:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{0A5C97C9-2B15-4AE2-8770-19513446DC46}
[2011/09/05 09:12:13 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{07A20E79-068E-4D86-AA16-450A3DE5314C}
[2011/09/05 09:06:38 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2BFEC3A4-AE72-4126-9595-FA8823DCEC17}
[2011/09/05 09:06:12 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{884F5C3F-7748-4B7C-BAB3-12D050140B71}
[2011/09/05 09:00:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{5C21E34E-7261-485A-BDCC-3185F4B782B5}
[2011/09/05 09:00:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{DA73F1A4-126D-48D4-86B5-137C938B9F36}
[2011/09/05 08:54:59 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{BE18CC9E-506C-4D26-AF06-04EAEDCDB1C1}
[2011/09/05 08:54:44 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{59A3C491-F4E2-4ED2-939C-61DE28DC717D}
[2011/09/05 08:49:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{5CFF915C-BED6-4F38-BB8F-64A582812937}
[2011/09/05 08:48:59 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{70F12720-EAB6-471E-B0F9-9D85D5980839}
[2011/09/05 08:43:20 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B40F9D1C-3433-4FC4-AEBA-AD6AEC2B7C3D}
[2011/09/05 08:42:55 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{03DED73B-2B1E-4FD9-A3B8-03259722E25A}
[2011/09/05 08:37:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{7C24D5E3-EC76-40DA-B621-36395C4D5A61}
[2011/09/05 08:37:14 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F20F2E1A-F2F6-4B0F-9E17-3F1237B5A0D4}
[2011/09/05 08:31:30 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B9D1423B-D0A6-4C9A-9E24-7EA3E462F1B0}
[2011/09/05 08:31:10 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{E135DC3D-8BFE-46B7-A910-3C40ED18CEC7}
[2011/09/05 08:25:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{CC0DB4D0-6C5D-409B-AC5B-4B9499D9CB97}
[2011/09/05 08:25:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{6A675E3E-5698-4D3E-BEBC-71DB41ED8659}
[2011/09/05 08:20:03 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3CB39732-4FCF-411C-8F39-3AD132D26FA4}
[2011/09/05 08:19:42 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{63728338-3FE9-49D5-B4B7-0AE7E861917F}
[2011/09/05 08:14:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{7E389DB1-2244-43E5-A63F-0513AA6179E7}
[2011/09/05 08:13:45 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A3DE3573-108A-488D-B5F6-4D0834C896F2}
[2011/09/05 08:08:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{6429A608-ABF2-45B0-AEC6-64FCB3275EA8}
[2011/09/05 08:08:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{49C985B2-D7A8-43DE-AAD7-A06CA58B1BCA}
[2011/09/05 08:02:29 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{476783B4-6EC8-4C1F-9B31-296C5D349569}
[2011/09/05 08:02:12 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{AE24ACD2-DD6E-4F3E-A29B-72B314ECCF0A}
[2011/09/05 07:56:44 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{4799C9CF-B894-4CFF-9EBE-EB7283386078}
[2011/09/05 07:56:27 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{5EF42479-6C4E-4109-BAE1-78C066465BF8}
[2011/09/05 07:51:00 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{76CBD2ED-E08A-4624-B300-C767FF7D38FB}
[2011/09/05 07:50:43 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C30C98DB-617D-439F-A52D-F8B9462568C2}
[2011/09/05 07:45:18 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A9201A78-A6FD-409C-9EC7-2BBAC956E558}
[2011/09/05 07:44:59 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{6669AF14-53C3-4521-BA1D-6B22F46F1EDF}
[2011/09/05 07:39:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F621011F-2674-495F-8091-04A02E1C2DAD}
[2011/09/05 07:39:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{939A36E9-A9E3-4533-90C0-D4B281CDF958}
[2011/09/05 07:33:38 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{0FCC9963-D903-4AED-9308-5E4F420C151C}
[2011/09/05 07:33:15 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A2C4AA1B-E644-48FB-862A-1126CC320BD3}
[2011/09/05 07:27:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{11F892C4-6BCD-4C6E-9733-78B3AC317FC8}
[2011/09/05 07:27:31 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A3C68CF6-6D88-4537-85E4-1D36A1E1E781}
[2011/09/05 07:22:10 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{5FC1BC0C-D030-4D86-B59E-D046D50C4A81}
[2011/09/05 07:21:51 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{6993D300-1E85-4A4B-9BFD-A1BD22ECEC01}
[2011/09/05 07:16:20 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{62D1DB0D-7FF3-40AD-B463-09623CAE90FD}
[2011/09/05 07:16:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{971319A0-E948-4261-80C4-C686812FD231}
[2011/09/05 07:10:35 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F9CE95FB-580F-4FDD-82DF-443D10D9E12F}
[2011/09/05 07:10:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B8927BA3-16D8-4E34-9307-3EC580171A41}
[2011/09/05 07:04:51 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{97AC9929-ACB9-4E52-B5AC-80EF8BA035FA}
[2011/09/05 07:04:35 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A095DF2B-323B-45CC-978A-C1D73E7F8ADC}
[2011/09/05 06:59:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{132F4DED-71C1-4D01-98C9-3E9F15021C32}
[2011/09/05 06:58:45 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{7B22696B-4FCC-42C1-A424-DE25B1CEBCCA}
[2011/09/05 06:53:14 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{03A606DC-ED20-42B6-95A1-6D96737D7BA3}
[2011/09/05 06:52:58 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{61C728AF-FF8E-4D7B-BDD9-F91BAEABD531}
[2011/09/05 06:47:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{9072AD36-5F9F-4F75-950D-6017B78419A3}
[2011/09/05 06:47:06 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{0B263E5C-4377-4467-93C0-1A21F3A5753A}
[2011/09/05 06:41:39 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2CAC025C-A750-4580-8764-E125E495AA68}
[2011/09/05 06:41:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{4D725630-B0E2-4696-B947-598481D9C92A}
[2011/09/05 06:35:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{9693DC9A-9E76-4F94-9C18-ACCE40D47E3C}
[2011/09/05 06:35:35 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{9DC20B76-36BC-4E15-AE9D-97953AD8BFF3}
[2011/09/05 06:29:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{52D3C5E8-49DA-4E10-A2F4-18D13B2A24C2}
[2011/09/05 06:29:26 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B65B569C-A1DA-40A7-AE2D-CD8F81B222D9}
[2011/09/05 06:23:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{74C47C88-742D-438A-B806-B770C70DB31F}
[2011/09/05 06:23:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{93053FF5-C02E-491D-B79C-9D086B535B47}
[2011/09/05 06:18:11 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{1B551059-0A37-446E-B7AA-63F7DCC5398B}
[2011/09/05 06:17:54 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3F135408-1543-4723-8D4E-86255CCCD6F5}
[2011/09/05 06:12:20 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{FB5BE545-D8DF-48E7-80E3-E5638509199A}
[2011/09/05 06:12:02 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{E110F97E-0B66-4E4E-9789-BA57BF9B9AC8}
[2011/09/05 06:06:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{D726E7B1-1B24-48C1-862A-BB0AF22B9280}
[2011/09/05 06:05:58 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{90FB4E93-0868-4C96-930B-78DE1CD5758B}
[2011/09/05 06:00:29 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3A871E90-BCEA-41F0-9674-A4E895666F6A}
[2011/09/05 06:00:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3A67C0E2-5101-4E82-8E77-FFEFC99277DF}
[2011/09/05 05:54:22 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{92852D4A-4A46-4349-A8DE-27F84EB7B98D}
[2011/09/05 05:54:03 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{D77DC3B4-3257-453B-AFEE-178904E518F3}
[2011/09/05 05:48:42 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{615D0CC3-2819-4AA6-AC75-0E9E8754604C}
[2011/09/05 05:48:27 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C6380BDD-9BAC-4532-A2BE-722BDB0D0B8C}
[2011/09/05 05:42:51 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{59B36A17-03CA-4CFE-964B-A9D3311C2C93}
[2011/09/05 05:42:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{1E0186BD-B455-45D2-9D0B-AB0A60982B99}
[2011/09/05 05:36:48 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{E10BA133-CF78-4D5D-947F-2B7D35E048F6}
[2011/09/05 05:36:29 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{CD10435D-3590-40D2-A930-6EF169EC7BA4}
[2011/09/05 05:31:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F2A76A2B-BD77-4AC2-84DF-FCCE8CE932FB}
[2011/09/05 05:30:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C405CB06-25B9-45F7-A124-D01D2DFE24CF}
[2011/09/05 05:25:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{6FEB7B6E-0835-487F-8AB6-403D429DA224}
[2011/09/05 05:25:11 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B3824313-105E-448B-AEBE-92324308A2B4}
[2011/09/05 05:19:39 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{297F1668-4D8F-4A1A-9AB2-6E3185D40342}
[2011/09/05 05:19:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{5EDB7582-8D68-42AE-9C7B-59FFE54D9053}
[2011/09/05 05:14:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{CCAF462A-A3E9-4D06-82AC-404C6F43751A}
[2011/09/05 05:13:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{CF6A225E-9F28-41D2-A526-1C4E71623CBF}
[2011/09/05 05:08:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{8EFF0CD4-3325-4625-AF7F-6CCA51720989}
[2011/09/05 05:08:08 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B7D57E6B-1B75-41D2-9F97-15093F848C82}
[2011/09/05 05:02:36 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{25270127-747C-4669-9BE6-FAC919C07CEB}
[2011/09/05 05:02:21 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{932E9F06-3D23-4531-A01D-01B996B2315B}
[2011/09/05 04:56:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{873C9405-CF9C-44CD-B845-600EBC83F113}
[2011/09/05 04:56:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{4F4D6631-FFC9-4933-A353-1FAED5B33649}
[2011/09/05 04:50:58 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{ECB7A604-56DB-40A0-B2B9-C8A6330AFC52}
[2011/09/05 04:50:42 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{687DF26F-44EB-40E7-95D8-ABD55E39590B}
[2011/09/05 04:45:18 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A88B0743-0A53-4AFB-9E73-0E44DF1BE4EA}
[2011/09/05 04:45:01 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2428E836-F977-48D9-923B-499F8570A421}
[2011/09/05 04:39:27 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{EC5BABB6-CB0D-4A13-8DB1-41531FF91E76}
[2011/09/05 04:39:10 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A4C02028-D0C2-4A84-AB44-4AB5FF25753F}
[2011/09/05 04:33:43 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{4F6D169C-6FE1-4180-9FAE-A50DA0B175BC}
[2011/09/05 04:33:25 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2D38AFF1-F7F4-4B6F-9ADD-A509D51D8250}
[2011/09/05 04:27:53 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{BB016359-5B40-481F-ADCE-65056FDCBFE8}
[2011/09/05 04:27:38 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{CA6B61FB-6453-4515-9C1A-18F4CBFA03B4}
[2011/09/05 04:22:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{866C2909-7559-47D8-861A-4AC63AC7E20A}
[2011/09/05 04:22:04 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{00551274-C53D-4F7A-A27E-AA7054AE0BE8}
[2011/09/05 04:16:34 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{CC85A244-AE0C-4645-B0B1-357976110955}
[2011/09/05 04:16:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{66FFF392-2CB2-4DA2-A2A8-F145E090E2B6}
[2011/09/05 04:10:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{53BBD678-7BD7-4CA2-AA5A-9D929EA1F72D}
[2011/09/05 04:10:26 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F110F8A0-6ABF-45C4-94B8-71B15F2AFCE7}
[2011/09/05 04:04:54 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{4379550E-4CA8-416F-B65C-B33CE1BE803F}
[2011/09/05 04:04:33 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{23DAFEB5-5BA5-47A0-A6DA-F42E8B355B42}
[2011/09/05 03:59:13 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{FE775030-46EA-4159-9EF9-D57C1042C502}
[2011/09/05 03:58:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B4CC113D-5962-4E04-A74C-DE57B289F428}
[2011/09/05 03:53:11 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{D18235A4-B5FB-4150-A295-4D1682D9E629}
[2011/09/05 03:52:53 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2A3C9B70-3989-4CA9-940C-B88650F9140B}
[2011/09/05 03:47:41 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{18F18045-8E57-4C21-A7F9-2E32BC9DBBCE}
[2011/09/05 03:47:26 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C025DEC4-F447-4747-B192-97CCF9EB82D6}
[2011/09/05 03:41:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{EDE79CD0-5585-48F9-B96C-1548E529D5C2}
[2011/09/05 03:41:30 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{88716963-E685-4FD8-8AA7-16EC209CE57E}
[2011/09/05 03:35:58 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{9BC03B26-7398-4163-A65E-D517C97BC9FD}
[2011/09/05 03:35:41 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B0B25810-DCAC-45DE-AAF5-316017A3C905}
[2011/09/05 03:30:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{46BFE67B-517E-44FE-9AC6-2252D2C00DF6}
[2011/09/05 03:30:01 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{569598F4-3AF0-43BA-BD8D-6E342747B45F}
[2011/09/05 03:24:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{91F765AD-A24E-4B93-A117-C0AC6747B38A}
[2011/09/05 03:24:02 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{9C2C8186-A517-46EB-81F6-ABA01425E055}
[2011/09/05 03:18:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{7B9B68C7-54E5-4B3E-9477-42A100CBBF68}
[2011/09/05 03:18:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{E5CD0DBF-53C3-4804-A840-76208F4EB2E6}
[2011/09/05 03:13:16 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2188D6CD-2807-463F-9CA5-AFD81D78D870}
[2011/09/05 03:12:58 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{29D94930-5ADB-47EE-B24C-5A3CB34FEFEC}
[2011/09/05 03:07:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{81E74B4C-54B1-4D8C-861B-3BC3AEA7AB23}
[2011/09/05 03:07:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2D29D4D7-2FD5-4BC2-8952-3DF04E842B6A}
[2011/09/05 03:01:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{851A4AA9-8C01-4F88-9FE7-20CFD0DAB991}
[2011/09/05 03:01:30 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{CAA60E57-F5F0-45D2-BA7F-033D0B77DA7B}
[2011/09/05 02:56:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B0410E18-6D4F-4958-B6B3-21C8385BB7F1}
[2011/09/05 02:55:48 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B14BB8F8-A7CA-4252-91E0-E65A66D9B5C1}
[2011/09/05 02:50:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{87F51B22-EA2A-4295-91DD-C8A4ABC7DAE0}
[2011/09/05 02:50:09 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{921BFBF8-A407-4034-8F96-5490703C6109}
[2011/09/05 02:44:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{E53D0A80-51EC-48E5-9C50-A9D0F70781B8}
[2011/09/05 02:44:30 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{81E97B02-4D2B-4DD0-9B8D-182E78931939}
[2011/09/05 02:40:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C3EFACBE-D9DA-4802-8484-F14DB5EE0AC2}
[2011/09/04 16:00:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011/09/04 15:49:35 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\StarCraft II
[2011/09/04 15:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011/09/04 15:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/09/04 14:40:02 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{D6FF7F64-10BF-4194-A7D5-790A17C26FD1}
[2011/09/04 02:39:36 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{CB611F31-4738-465C-BAE8-A0CF7F89397C}
[2011/09/03 14:39:09 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2EFBA414-4E2A-44A6-BC22-3469F44C2AE8}
[2011/09/03 14:38:57 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C19F6088-C11E-430B-A66E-74A496F0EC07}
[2011/09/02 15:27:59 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{77770DBD-A2E1-43CB-9292-7DA6C77F27C1}
[2011/09/02 03:27:35 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{9058A9BD-3325-46EA-A243-EE4B96CDB713}
[2011/09/01 15:27:04 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{87E53EE2-513C-49DA-9A21-F6BDA1EC96CB}
[2011/09/01 15:26:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F0BFA99E-B1CE-4F2C-80C0-4288CE90B84D}
[2011/09/01 15:15:29 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C1E70F4B-9F33-4D4B-A21F-5422E0109C98}
[2011/09/01 15:15:16 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{6135B9D9-A103-44BC-ABFB-4C3F24CC721E}
[2011/09/01 15:10:31 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{58BE3F7C-1FC2-4589-B934-36B749414365}
[2011/09/01 15:10:18 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{51EECE91-4DF2-471C-82ED-F86189124036}
[2011/09/01 15:05:31 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{396DA97A-F34E-4819-8578-A45B8A4A05D8}
[2011/09/01 15:05:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{336A8548-688B-414F-B4E6-A659DF8C3E7E}
[2011/09/01 15:00:49 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{1532D231-202F-4BBE-835E-CAE822B61F79}
[2011/09/01 15:00:36 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{63931623-C801-400D-B264-FBEFAE0D819D}
[2011/08/31 03:34:36 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B945A8DD-FA0E-46CA-9148-E477C523193A}
[2011/08/30 15:33:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{0625A8EE-68F4-4995-9733-44C4E53E0F78}
[2011/08/30 15:33:16 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{963A87C0-ED0C-4817-A358-E64CB348BD68}
[2011/08/30 03:32:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{4D35A46A-391B-4645-BC12-7457CA83A351}
[2011/08/29 15:32:21 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{0C02FA83-DAAA-4472-9FA2-A3BBBE24BFB4}
[2011/08/29 15:32:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B377C15A-2AFF-4325-B23C-1B2040A025E8}
[2011/08/26 05:53:35 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{7487101F-1A6B-4C56-8E05-2F4F3D12AB6E}
[2011/08/25 17:53:10 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{4415A639-665E-4731-AA66-3C41358FD92A}
[2011/08/25 17:52:55 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{87D59B5B-FF5A-4F26-8B3B-A3DADFF008AC}
[2011/08/24 01:03:35 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{BCA16200-CEFA-49D0-AEA7-45E170C12359}
[2011/08/23 13:03:11 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{DB44552E-B32A-417C-9735-4A12F708913B}
[2011/08/23 01:02:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2E2C477E-3568-4EDB-B74C-50C6E80FFD41}
[2011/08/22 13:01:45 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{8DC00E5E-1E9C-475E-95D2-39E667B616D3}
[2011/08/22 13:01:33 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{D1CA5E36-4CFE-47F3-B0BC-BECB19B9E20A}
[2011/08/22 01:01:06 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3E0843A5-887D-4E0A-BD76-501C2C4BDFA1}
[2011/08/21 13:00:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{14432A07-50AD-4ADB-9FE5-B49D6FBE7C5A}
[2011/08/21 01:00:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B4C71B2F-DF2C-44B8-9E48-CAF3617CE4B3}
[2011/08/20 12:58:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{33152CA3-9104-45AE-9E35-6F4E63276022}
[2011/08/20 12:19:59 | 000,487,316 | ---- | C] (Blizzard Entertainment) -- C:\Users\David\Desktop\FTkey.exe
[2011/08/20 12:19:58 | 000,419,961 | ---- | C] (Blizzard Entertainment) -- C:\Users\David\Desktop\cdkey.exe
[2011/08/20 12:18:37 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2011/08/20 00:57:43 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{25FA35CE-B47C-4692-9DF6-41497BDA2EB2}
[2011/08/19 12:57:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{AD7474AF-278A-4515-81EA-A908E7B21FB8}
[2011/08/19 00:56:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{E3AED8AE-891C-4ECD-AC4E-EB451FB38C77}
[2011/08/18 12:54:43 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C7C87975-DA44-49D6-BE71-6E58116E3430}
[2011/08/18 00:54:18 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{DA6A9B45-EBB5-4775-96E8-10F5B22B3D29}
[2011/08/17 12:52:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3A434ACF-6486-425C-BE6C-DFC35BAF4B55}
[2011/08/17 00:52:16 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{ABA3E089-3932-46CC-83BC-5C7F89DF54EC}
[2011/08/16 12:51:38 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{172D0774-F8C8-47AD-945A-758453A11EBD}
[2011/08/16 00:51:13 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{BBDCB324-098B-4241-B274-F2A3D82C4418}
[2011/08/15 20:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5
[2011/08/15 12:50:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{801FCDFC-45A1-49D1-9BA9-E14041E55D83}
[2011/08/15 12:49:53 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3D0AB0CD-059D-4F84-A93C-45F465AB1E80}
[2011/08/15 00:49:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A0D5B2F8-963D-48B8-9BA7-A15BFA14EE07}
[2011/08/15 00:49:16 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C3D58F03-A314-4041-986A-D9D86E689D6D}
[2011/08/14 12:48:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F8514F4F-12A5-4D25-B3AC-AE67D229F615}
[2011/08/14 12:48:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{19C42D3F-9500-4F0B-A6E5-EFED27AF9097}
[2011/08/13 15:27:01 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{012E5A7A-B57B-44E6-84BB-3FBF9346C336}
[2011/08/13 15:26:49 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{DF6D2840-D106-44B5-B9C4-9CE6445402BE}
[2011/08/13 03:26:36 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3EB632CF-F673-4D4F-A30C-6E6C9BCFD4FB}
[2011/08/12 15:25:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B5938EB8-7FAF-4B07-8653-FAEC259FC753}
[2011/08/12 15:25:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{83EFDBC5-0A9C-404A-83D8-4631ED5426C2}
[2011/08/12 03:24:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{82B1D83D-8957-45B9-B792-C514569B3EEF}
[2011/08/12 03:24:21 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{7ECFBAFF-103C-4DF3-BCDA-241D2832EF09}
[2011/08/12 02:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex Workshop v6.6
[2011/08/11 15:22:45 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{76DAF466-26EC-4698-A15E-0AEE0409C89B}
[2011/08/11 15:22:33 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{218B56CD-D53B-494E-B2DE-7307C11BE370}
[2011/08/11 03:22:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{9F8CA2B6-8190-473E-A11C-AEEEFC0FB8AF}
[2011/08/11 01:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2011/08/11 01:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS
[2011/08/11 01:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server
[2011/08/10 23:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\FlashFXP 4
[2011/08/10 23:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\FlashFXP
[2011/08/10 15:21:43 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{8D21CA34-E62B-46DB-9B31-E51D98E7B502}
[2011/08/10 10:25:01 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Free Download Manager
[2011/08/10 10:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[2011/08/10 03:21:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{6EAD848D-D9C0-43A9-A555-6DEEB6CAC9E3}
[2011/08/09 15:20:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{9758E71E-5FF9-4045-B34C-BEFC0FBA21CF}
[2011/08/09 15:20:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{05393595-9C01-4CE9-A127-49B255083B36}
[2011/08/08 16:52:39 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F8112221-4E7B-4206-B909-2B6294A6FB9E}
[2011/08/08 16:52:20 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{02535687-3D23-4F27-B6B6-D763C4835D09}
[2011/08/07 22:50:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/08/07 21:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/08/07 19:26:06 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\RIFT
[2011/08/07 19:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
[2011/08/07 18:06:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\PMB Files
[2011/08/07 18:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/08/07 18:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/08/07 15:56:45 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{41C057E1-C960-41FE-9BEF-A580903407CA}
[2011/08/07 15:56:33 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{713EFC10-057B-4736-9DB6-1E6E43C65119}
[2011/08/06 20:14:31 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{D0E4C220-74DD-4DD9-B596-35A3E4F03F48}
[2011/08/06 20:14:18 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C0BA96DC-90B9-4C31-8FA1-A5D7C88E3461}
[2011/08/06 20:13:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

========== Files - Modified Within 30 Days ==========

[2011/09/05 17:56:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/05 17:56:45 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/05 17:55:44 | 000,014,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/05 17:55:43 | 000,014,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/05 17:47:27 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/05 15:38:21 | 236,317,710 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/04 20:05:13 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/09/04 15:59:48 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/09/03 20:20:12 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/09/03 20:15:39 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/09/03 20:10:13 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/09/03 17:39:42 | 002,032,054 | ---- | M] () -- C:\Users\David\Desktop\IMG_0674.JPG
[2011/09/02 19:46:35 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/02 19:46:35 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/29 20:42:08 | 000,000,326 | ---- | M] () -- C:\Users\David\Desktop\HP Printer Diagnostic Tools.url
[2011/08/29 20:15:26 | 000,227,328 | ---- | M] () -- C:\Windows\System32\drivers\svdysfjs.exe
[2011/08/29 20:15:26 | 000,000,017 | ---- | M] () -- C:\Windows\keys.ini
[2011/08/26 14:53:31 | 000,000,955 | ---- | M] () -- C:\Users\David\Desktop\Zygor Guides Updater.lnk
[2011/08/22 05:45:03 | 003,764,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/20 12:18:43 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2011/08/20 12:18:43 | 000,000,842 | ---- | M] () -- C:\Windows\War3Unin.dat
[2011/08/15 20:42:23 | 000,000,621 | ---- | M] () -- C:\Users\David\Desktop\Guitar Pro 5.lnk
[2011/08/14 16:43:16 | 000,090,420 | ---- | M] () -- C:\Users\David\Documents\com.kairosoft.gm08E.plist
[2011/08/12 02:31:32 | 000,090,420 | ---- | M] () -- C:\Users\David\Documents\com.kairosoft.gm08E.BAK
[2011/08/12 02:25:21 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Hex Workshop Hex Editor (32 bit).lnk
[2011/08/11 01:42:53 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2011/08/10 23:57:21 | 000,000,717 | ---- | M] () -- C:\Users\David\Documents\configureMe.js
[2011/08/10 23:42:25 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2011/08/07 21:15:51 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/08/07 19:33:46 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Play RIFT.lnk
[2011/08/06 21:53:59 | 004,417,977 | ---- | M] () -- C:\Users\David\Desktop\gdf.jpg

========== Files Created - No Company Name ==========

[2011/09/05 17:47:27 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/04 15:49:35 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/09/03 18:21:25 | 002,032,054 | ---- | C] () -- C:\Users\David\Desktop\IMG_0674.JPG
[2011/08/29 20:42:08 | 000,000,326 | ---- | C] () -- C:\Users\David\Desktop\HP Printer Diagnostic Tools.url
[2011/08/29 20:15:26 | 000,000,017 | ---- | C] () -- C:\Windows\keys.ini
[2011/08/29 20:15:24 | 000,227,328 | ---- | C] () -- C:\Windows\System32\drivers\svdysfjs.exe
[2011/08/20 12:18:37 | 000,000,842 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/08/15 20:42:23 | 000,000,621 | ---- | C] () -- C:\Users\David\Desktop\Guitar Pro 5.lnk
[2011/08/14 16:43:16 | 000,090,420 | ---- | C] () -- C:\Users\David\Documents\com.kairosoft.gm08E.plist
[2011/08/12 02:37:37 | 000,090,420 | ---- | C] () -- C:\Users\David\Documents\com.kairosoft.gm08E.BAK
[2011/08/12 02:25:21 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\Hex Workshop Hex Editor (32 bit).lnk
[2011/08/11 01:42:53 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2011/08/10 23:42:25 | 000,000,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashFXP.lnk
[2011/08/10 23:42:25 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2011/08/07 21:15:51 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/08/07 19:33:46 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Play RIFT.lnk
[2011/08/06 21:53:53 | 004,417,977 | ---- | C] () -- C:\Users\David\Desktop\gdf.jpg
[2011/08/06 20:13:10 | 236,317,710 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/07/25 17:11:33 | 000,221,308 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/07/25 17:11:33 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/07/23 00:33:41 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/07/22 17:50:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/07/22 17:50:38 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/21 15:58:00 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2009/07/14 07:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 07:33:53 | 003,764,360 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 05:05:48 | 000,626,040 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 05:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 05:05:48 | 000,107,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 05:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 05:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 05:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 02:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 02:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 02:11:12 | 000,409,344 | ---- | C] () -- C:\Windows\System32\xkgoglmr.dat
[2009/07/14 02:11:12 | 000,365,824 | ---- | C] () -- C:\Windows\System32\euqsjiof.dat
[2009/07/14 02:11:12 | 000,154,368 | ---- | C] () -- C:\Windows\System32\xutfujrj.dat
[2009/07/14 02:11:12 | 000,138,496 | ---- | C] () -- C:\Windows\System32\knyijkqe.dat
[2009/07/14 02:11:12 | 000,058,112 | ---- | C] () -- C:\Windows\System32\umbltqaa.dat
[2009/07/14 02:11:12 | 000,055,040 | ---- | C] () -- C:\Windows\System32\gesjguxa.dat
[2009/07/14 02:11:12 | 000,041,728 | ---- | C] () -- C:\Windows\System32\egghnixi.dat
[2009/07/14 02:11:12 | 000,034,048 | ---- | C] () -- C:\Windows\System32\zvkmoxna.dat
[2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/06/22 01:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe

========== LOP Check ==========

[2011/07/23 02:05:58 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DAEMON Tools Lite
[2011/09/02 20:47:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Free Download Manager
[2011/08/07 23:01:34 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\RIFT
[2011/07/27 16:40:15 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SystemRequirementsLab
[2011/08/22 05:42:42 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\uTorrent
[2011/09/04 20:05:13 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/09/03 20:10:13 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/09/03 20:15:39 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/09/03 20:20:12 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/09/05 01:41:03 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 9/5/2011 6:08:38 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\David\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 58.91% Memory free
6.00 Gb Paging File | 4.51 Gb Available in Paging File | 75.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.78 Gb Total Space | 38.65 Gb Free Space | 36.54% Space Free | Partition Type: NTFS
Drive D: | 359.88 Gb Total Space | 181.71 Gb Free Space | 50.49% Space Free | Partition Type: NTFS
Drive E: | 2.27 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B8.1224.1
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BAF9E4D0-F3D1-4355-B973-1384CDF1941C}" = Hex Workshop v6.6
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2DC2589-C894-43DD-BA70-8FDCA7360584}" = 5600
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"FL Studio 9" = FL Studio 9
"Free Download Manager_is1" = Free Download Manager 3.0
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hardcore" = Hardcore
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IL Download Manager" = IL Download Manager
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 6.0.1 (x86 en-US)" = Mozilla Firefox 6.0.1 (x86 en-US)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PoiZone" = PoiZone
"PS3 Media Server" = PS3 Media Server
"Sawer" = Sawer
"Shop for HP Supplies" = Shop for HP Supplies
"StarCraft II" = StarCraft II
"Steam App 41300" = Altitude
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/3/2011 7:55:01 AM | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = 432: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/3/2011 7:55:01 AM | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = 424: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/3/2011 7:57:33 AM | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1688406450-QkxaMDAwMkVBJTg4RUFBNDk3QkQ4QUIyMDQwREE1WEcwNg==._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 9/3/2011 1:10:10 PM | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Faulting application name: brcdcmon.exe, version: 0.0.0.0, time stamp:
0x4b1ae3d2 Faulting module name: brcdcmon.exe, version: 0.0.0.0, time stamp: 0x4b1ae3d2
Exception
code: 0xc0000005 Fault offset: 0x00005bc6 Faulting process id: 0x1524 Faulting application
start time: 0x01cc6a5c54feed7e Faulting application path: C:\Windows\TEMP\brcdcmon.exe
Faulting
module path: C:\Windows\TEMP\brcdcmon.exe Report Id: 94088514-d64f-11e0-b70c-00241d825d7d

Error - 9/3/2011 1:20:11 PM | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Faulting application name: dm3config.exe, version: 0.0.0.0, time stamp:
0x4b1ae3d2 Faulting module name: dm3config.exe, version: 0.0.0.0, time stamp: 0x4b1ae3d2
Exception
code: 0xc0000005 Fault offset: 0x00005bc6 Faulting process id: 0x1278 Faulting application
start time: 0x01cc6a5dbb8907e6 Faulting application path: C:\Windows\TEMP\dm3config.exe
Faulting
module path: C:\Windows\TEMP\dm3config.exe Report Id: fa54f954-d650-11e0-b70c-00241d825d7d

Error - 9/3/2011 3:07:08 PM | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = 452: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/3/2011 3:07:08 PM | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = 548: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/3/2011 5:16:21 PM | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1688406450-QkxaMDAwMkVBJTg4RUFBNDk3QkQ4QUIyMDQwREE1WEcwNg==._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 9/3/2011 6:08:51 PM | Computer Name = David-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 9/4/2011 9:18:59 AM | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = 548: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 9/5/2011 8:23:24 AM | Computer Name = David-PC | Source = DCOM | ID = 10016
Description =

Error - 9/5/2011 8:26:03 AM | Computer Name = David-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:23:54 PM on ?9/?5/?2011 was unexpected.

Error - 9/5/2011 8:26:04 AM | Computer Name = DAVID-PC | Source = BugCheck | ID = 1001
Description =

Error - 9/5/2011 8:26:49 AM | Computer Name = David-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/5/2011 8:26:58 AM | Computer Name = David-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/5/2011 8:27:10 AM | Computer Name = David-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 9/5/2011 8:38:36 AM | Computer Name = David-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:29:40 PM on ?9/?5/?2011 was unexpected.

Error - 9/5/2011 8:38:37 AM | Computer Name = DAVID-PC | Source = BugCheck | ID = 1001
Description =

Error - 9/5/2011 8:38:52 AM | Computer Name = David-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 9/5/2011 8:39:23 AM | Computer Name = David-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >


and here is my MBAM log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7655

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

9/5/2011 5:55:15 PM
mbam-log-2011-09-05 (17-55-15).txt

Scan type: Quick scan
Objects scanned: 184022
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{73205909-BCA5-4409-9F5B-B0DFCE8A6B1C} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\brumauyxtgrm.brumauyxtgrm.1.0 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\brumauyxtgrm.brumauyxtgrm (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73205909-BCA5-4409-9F5B-B0DFCE8A6B1C} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$XNTUninstall643$ (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
c:\Windows\$xntuninstall643$ (Adware.AdRotator) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\$xntuninstall643$\gnuuc.dll (Adware.BHO) -> Quarantined and deleted successfully.
c:\Windows\Temp\brcdcmon.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\Windows\dlmclient.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\dphostw.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Windows\drwebcom.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Windows\fgccsrt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Temp\conhost.exe (Trojan.Agent.BTMGen) -> Quarantined and deleted successfully.
c:\Windows\$xntuninstall643$\apuninstall.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\Windows\$xntuninstall643$\zrpt.xml (Adware.AdRotator) -> Quarantined and deleted successfully.


Thanks in advance : )
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Let's go straight to Combofix:

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Now let's try MBAM again:

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator
*Make sure it checks for updates first.

*select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:Services
svdysfjs

:OTL
SRV - [2011/08/29 20:15:26 | 000,227,328 | ---- | M] () [Auto | Running] -- C:\Windows\System32\drivers\svdysfjs.exe -- (svdysfjs)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O33 - MountPoints2\{6b63be87-b374-11e0-9d00-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6b63be87-b374-11e0-9d00-806e6f6e6963}\Shell\AutoRun\command - "" = E:\barmaster.exe
O33 - MountPoints2\{7bac99b7-b47c-11e0-a326-f860597b746e}\Shell - "" = AutoRun
O33 - MountPoints2\{7bac99b7-b47c-11e0-a326-f860597b746e}\Shell\AutoRun\command - "" = H:\Autorun.exe
[2011/08/29 20:15:24 | 000,227,328 | ---- | C] () -- C:\Windows\System32\drivers\svdysfjs.exe
[2009/07/14 02:11:12 | 000,409,344 | ---- | C] () -- C:\Windows\System32\xkgoglmr.dat
[2009/07/14 02:11:12 | 000,365,824 | ---- | C] () -- C:\Windows\System32\euqsjiof.dat
[2009/07/14 02:11:12 | 000,154,368 | ---- | C] () -- C:\Windows\System32\xutfujrj.dat
[2009/07/14 02:11:12 | 000,138,496 | ---- | C] () -- C:\Windows\System32\knyijkqe.dat
[2009/07/14 02:11:12 | 000,058,112 | ---- | C] () -- C:\Windows\System32\umbltqaa.dat
[2009/07/14 02:11:12 | 000,055,040 | ---- | C] () -- C:\Windows\System32\gesjguxa.dat
[2009/07/14 02:11:12 | 000,041,728 | ---- | C] () -- C:\Windows\System32\egghnixi.dat
[2009/07/14 02:11:12 | 000,034,048 | ---- | C] () -- C:\Windows\System32\zvkmoxna.dat
[2011/09/04 20:05:13 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/09/03 20:10:13 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/09/03 20:15:39 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/09/03 20:20:12 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\At5.job

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Windows\Tasks\At*.job
sc config svdysfjs start= disabled /c
     
:Commands
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply

Open OTL again (right click and Run As Administrator) and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Ron
  • 0

#3
DrDark

DrDark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Thank you for the fast replay!

here is what you asked for:

comboFix Log:

ComboFix 11-09-05.03 - David 09/05/2011 20:12:59.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1991 [GMT 3:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\keys.ini
c:\windows\system32\mfc100deu.dll
c:\windows\system32\nvdispco3220150.dll
c:\windows\system32\sound
.
.
((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 )))))))))))))))))))))))))))))))
.
.
2011-09-05 17:18 . 2011-09-05 17:18 -------- d-----w- c:\users\David\AppData\Local\temp
2011-09-05 17:18 . 2011-09-05 17:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-09-05 17:18 . 2011-09-05 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-05 14:56 . 2011-09-05 14:56 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B8BECB5-67C6-469D-9B7C-DB73027215D1}\MpKsl6de7834f.sys
2011-09-05 14:47 . 2011-09-05 14:47 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes
2011-09-05 14:47 . 2011-07-06 16:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-05 14:47 . 2011-09-05 14:47 -------- d-----w- c:\programdata\Malwarebytes
2011-09-05 14:47 . 2011-09-05 14:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-05 14:47 . 2011-07-06 16:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-05 12:51 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B8BECB5-67C6-469D-9B7C-DB73027215D1}\mpengine.dll
2011-09-04 12:49 . 2011-09-04 13:00 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2011-08-29 17:15 . 2011-08-29 17:15 227328 ----a-w- c:\windows\system32\drivers\svdysfjs.exe
2011-08-26 00:00 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-20 09:18 . 2011-08-20 09:18 139264 ----a-w- c:\windows\War3Unin.exe
2011-08-12 00:35 . 2011-07-21 13:11 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-12 00:35 . 2011-07-21 13:11 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A313B03-BD55-4C19-A6FA-0AE803ACAE68}\gapaengine.dll
2011-08-12 00:06 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-12 00:06 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-12 00:04 . 2011-07-16 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-12 00:03 . 2011-06-15 08:55 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-12 00:03 . 2011-06-15 08:55 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-12 00:03 . 2011-06-15 08:55 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-12 00:03 . 2011-06-15 08:54 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-08-12 00:03 . 2011-06-15 08:55 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-08-12 00:03 . 2011-06-15 08:55 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-10 22:42 . 2011-08-10 22:45 -------- d-----w- c:\programdata\PMS
2011-08-10 22:42 . 2011-08-10 22:45 -------- d-----w- c:\program files\PS3 Media Server
2011-08-10 20:42 . 2011-08-10 20:42 -------- d-----w- c:\program files\FlashFXP 4
2011-08-10 20:42 . 2011-08-10 20:42 -------- d-----w- c:\programdata\FlashFXP
2011-08-10 07:25 . 2011-09-02 17:47 -------- d-----w- c:\users\David\AppData\Roaming\Free Download Manager
2011-08-07 18:15 . 2008-07-31 07:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-08-07 18:15 . 2008-07-31 07:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2011-08-07 18:15 . 2008-07-12 05:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-08-07 18:15 . 2008-07-12 05:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-08-07 18:15 . 2008-07-12 05:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-08-07 16:26 . 2011-08-07 20:01 -------- d-----w- c:\users\David\AppData\Roaming\RIFT
2011-08-07 15:06 . 2011-09-05 15:27 -------- d-----w- c:\users\David\AppData\Local\PMB Files
2011-08-07 15:06 . 2011-08-10 21:29 -------- d-----w- c:\programdata\PMB Files
2011-08-07 15:05 . 2011-08-07 15:05 -------- d-----w- c:\program files\Pando Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-05 14:57 . 2011-07-21 12:57 16608 ----a-w- c:\windows\gdrv.sys
2011-08-12 02:44 . 2011-07-22 16:17 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-12 01:37 . 2011-07-21 13:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-27 13:37 . 2011-07-27 13:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-22 22:09 . 2011-07-22 22:09 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-22 15:09 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-22 14:37 . 2011-07-22 14:37 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-22 14:37 . 2011-07-22 14:37 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-07-22 14:37 . 2011-07-22 14:37 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-07-22 14:37 . 2011-07-22 14:37 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-07-22 14:37 . 2011-07-22 14:37 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-07-22 14:37 . 2011-07-22 14:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-07-22 14:37 . 2011-07-22 14:37 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-07-22 14:37 . 2011-07-22 14:37 367104 ----a-w- c:\windows\system32\html.iec
2011-07-22 14:37 . 2011-07-22 14:37 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-07-22 14:37 . 2011-07-22 14:37 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-22 14:37 . 2011-07-22 14:37 161792 ----a-w- c:\windows\system32\msls31.dll
2011-07-22 14:37 . 2011-07-22 14:37 152064 ----a-w- c:\windows\system32\wextract.exe
2011-07-22 14:37 . 2011-07-22 14:37 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-07-22 14:37 . 2011-07-22 14:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-22 14:37 . 2011-07-22 14:37 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-22 14:37 . 2011-07-22 14:37 11776 ----a-w- c:\windows\system32\mshta.exe
2011-07-22 14:37 . 2011-07-22 14:37 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-07-22 14:37 . 2011-07-22 14:37 101888 ----a-w- c:\windows\system32\admparse.dll
2011-07-21 14:44 . 2011-03-28 15:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-21 13:00 . 2011-07-21 13:00 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-07-12 08:20 . 2011-07-12 08:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 08:20 . 2011-07-12 08:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 08:20 . 2011-07-12 08:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 08:20 . 2011-07-12 08:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-06-20 05:57 . 2011-07-21 13:08 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D14E5668-0EA7-4F29-B776-CCC45344E792}\mpengine.dll
2011-06-11 02:29 . 2011-07-21 14:09 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-09-03 16:19 . 2011-07-20 22:50 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"Steam"="d:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-07 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6711840]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-13 1833504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-7-23 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl01f876e3;MpKsl01f876e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl01f876e3.sys [x]
R1 MpKsl043868ef;MpKsl043868ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl043868ef.sys [x]
R1 MpKsl055a496f;MpKsl055a496f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl055a496f.sys [x]
R1 MpKsl0632e5fe;MpKsl0632e5fe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl0632e5fe.sys [x]
R1 MpKsl07148b3c;MpKsl07148b3c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{632F0AAE-408C-4A3B-ABDF-C8846A7486EA}\MpKsl07148b3c.sys [x]
R1 MpKsl09d4d866;MpKsl09d4d866;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl09d4d866.sys [x]
R1 MpKsl0d640058;MpKsl0d640058;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl0d640058.sys [x]
R1 MpKsl15568eb0;MpKsl15568eb0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl15568eb0.sys [x]
R1 MpKsl1695baba;MpKsl1695baba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D18B00FC-4DE6-4451-80A3-AF7AAAA88010}\MpKsl1695baba.sys [x]
R1 MpKsl175a4e39;MpKsl175a4e39;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl175a4e39.sys [x]
R1 MpKsl19bff4e7;MpKsl19bff4e7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl19bff4e7.sys [x]
R1 MpKsl1ab0e726;MpKsl1ab0e726;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl1ab0e726.sys [x]
R1 MpKsl1bfdaa06;MpKsl1bfdaa06;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl1bfdaa06.sys [x]
R1 MpKsl1c6fe90f;MpKsl1c6fe90f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl1c6fe90f.sys [x]
R1 MpKsl1c98c671;MpKsl1c98c671;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl1c98c671.sys [x]
R1 MpKsl1de9dc44;MpKsl1de9dc44;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl1de9dc44.sys [x]
R1 MpKsl1e027eea;MpKsl1e027eea;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl1e027eea.sys [x]
R1 MpKsl1fad5185;MpKsl1fad5185;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl1fad5185.sys [x]
R1 MpKsl21c2c0b9;MpKsl21c2c0b9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl21c2c0b9.sys [x]
R1 MpKsl250556a2;MpKsl250556a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl250556a2.sys [x]
R1 MpKsl2c4e09f5;MpKsl2c4e09f5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl2c4e09f5.sys [x]
R1 MpKsl2cb2d2c9;MpKsl2cb2d2c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl2cb2d2c9.sys [x]
R1 MpKsl2dc660f6;MpKsl2dc660f6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl2dc660f6.sys [x]
R1 MpKsl2ebeca94;MpKsl2ebeca94;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl2ebeca94.sys [x]
R1 MpKsl2f90538f;MpKsl2f90538f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{632F0AAE-408C-4A3B-ABDF-C8846A7486EA}\MpKsl2f90538f.sys [x]
R1 MpKsl2fb4854a;MpKsl2fb4854a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl2fb4854a.sys [x]
R1 MpKsl302cdf42;MpKsl302cdf42;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl302cdf42.sys [x]
R1 MpKsl312886a2;MpKsl312886a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl312886a2.sys [x]
R1 MpKsl33b8e292;MpKsl33b8e292;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl33b8e292.sys [x]
R1 MpKsl353abf6b;MpKsl353abf6b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl353abf6b.sys [x]
R1 MpKsl35639c0d;MpKsl35639c0d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl35639c0d.sys [x]
R1 MpKsl3605b348;MpKsl3605b348;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl3605b348.sys [x]
R1 MpKsl38880623;MpKsl38880623;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl38880623.sys [x]
R1 MpKsl3c8ef92d;MpKsl3c8ef92d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl3c8ef92d.sys [x]
R1 MpKsl3f13a2b7;MpKsl3f13a2b7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl3f13a2b7.sys [x]
R1 MpKsl3fef8b39;MpKsl3fef8b39;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl3fef8b39.sys [x]
R1 MpKsl40868003;MpKsl40868003;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6860B483-8400-4386-A5F8-E2D12F00B349}\MpKsl40868003.sys [x]
R1 MpKsl409338f3;MpKsl409338f3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl409338f3.sys [x]
R1 MpKsl42747f65;MpKsl42747f65;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl42747f65.sys [x]
R1 MpKsl4570d4c0;MpKsl4570d4c0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl4570d4c0.sys [x]
R1 MpKsl46752c81;MpKsl46752c81;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl46752c81.sys [x]
R1 MpKsl474a40e7;MpKsl474a40e7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl474a40e7.sys [x]
R1 MpKsl4c48c254;MpKsl4c48c254;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl4c48c254.sys [x]
R1 MpKsl4ddb59d2;MpKsl4ddb59d2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl4ddb59d2.sys [x]
R1 MpKsl53bf58b4;MpKsl53bf58b4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl53bf58b4.sys [x]
R1 MpKsl53dbd265;MpKsl53dbd265;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0A1A93E-E776-4BD4-86C3-6BC11D32D212}\MpKsl53dbd265.sys [x]
R1 MpKsl547ea603;MpKsl547ea603;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl547ea603.sys [x]
R1 MpKsl54f923f4;MpKsl54f923f4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl54f923f4.sys [x]
R1 MpKsl5648cc9c;MpKsl5648cc9c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl5648cc9c.sys [x]
R1 MpKsl56d24699;MpKsl56d24699;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl56d24699.sys [x]
R1 MpKsl586e6e13;MpKsl586e6e13;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl586e6e13.sys [x]
R1 MpKsl58bddd47;MpKsl58bddd47;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl58bddd47.sys [x]
R1 MpKsl59586bf7;MpKsl59586bf7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl59586bf7.sys [x]
R1 MpKsl598e231e;MpKsl598e231e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl598e231e.sys [x]
R1 MpKsl59b67746;MpKsl59b67746;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl59b67746.sys [x]
R1 MpKsl5d4e8faa;MpKsl5d4e8faa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl5d4e8faa.sys [x]
R1 MpKsl5dd6f8c2;MpKsl5dd6f8c2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{632F0AAE-408C-4A3B-ABDF-C8846A7486EA}\MpKsl5dd6f8c2.sys [x]
R1 MpKsl602280f8;MpKsl602280f8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl602280f8.sys [x]
R1 MpKsl61df1f77;MpKsl61df1f77;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl61df1f77.sys [x]
R1 MpKsl670f9129;MpKsl670f9129;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl670f9129.sys [x]
R1 MpKsl679f6e67;MpKsl679f6e67;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl679f6e67.sys [x]
R1 MpKsl6b689054;MpKsl6b689054;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl6b689054.sys [x]
R1 MpKsl6c9d3ffb;MpKsl6c9d3ffb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl6c9d3ffb.sys [x]
R1 MpKsl6d8166b5;MpKsl6d8166b5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl6d8166b5.sys [x]
R1 MpKsl7209c3cd;MpKsl7209c3cd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{941B2CC2-E445-4783-8BE6-9051024A8F1D}\MpKsl7209c3cd.sys [x]
R1 MpKsl74c12c3a;MpKsl74c12c3a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl74c12c3a.sys [x]
R1 MpKsl7552954b;MpKsl7552954b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl7552954b.sys [x]
R1 MpKsl75709a4c;MpKsl75709a4c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{632F0AAE-408C-4A3B-ABDF-C8846A7486EA}\MpKsl75709a4c.sys [x]
R1 MpKsl760ba0a3;MpKsl760ba0a3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl760ba0a3.sys [x]
R1 MpKsl790a1299;MpKsl790a1299;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl790a1299.sys [x]
R1 MpKsl79216c16;MpKsl79216c16;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl79216c16.sys [x]
R1 MpKsl7983933c;MpKsl7983933c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl7983933c.sys [x]
R1 MpKsl7b41d320;MpKsl7b41d320;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl7b41d320.sys [x]
R1 MpKsl7d9fa7aa;MpKsl7d9fa7aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl7d9fa7aa.sys [x]
R1 MpKsl7e980dbe;MpKsl7e980dbe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl7e980dbe.sys [x]
R1 MpKsl7ef23a82;MpKsl7ef23a82;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl7ef23a82.sys [x]
R1 MpKsl82e632d4;MpKsl82e632d4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl82e632d4.sys [x]
R1 MpKsl83a0ab04;MpKsl83a0ab04;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl83a0ab04.sys [x]
R1 MpKsl874714c1;MpKsl874714c1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl874714c1.sys [x]
R1 MpKsl87c40f57;MpKsl87c40f57;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl87c40f57.sys [x]
R1 MpKsl88f5acb5;MpKsl88f5acb5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl88f5acb5.sys [x]
R1 MpKsl8991e790;MpKsl8991e790;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{632F0AAE-408C-4A3B-ABDF-C8846A7486EA}\MpKsl8991e790.sys [x]
R1 MpKsl89ca87ff;MpKsl89ca87ff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl89ca87ff.sys [x]
R1 MpKsl8aae052a;MpKsl8aae052a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{632F0AAE-408C-4A3B-ABDF-C8846A7486EA}\MpKsl8aae052a.sys [x]
R1 MpKsl8afaf10f;MpKsl8afaf10f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl8afaf10f.sys [x]
R1 MpKsl8d74a0f5;MpKsl8d74a0f5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl8d74a0f5.sys [x]
R1 MpKsl8dfa661d;MpKsl8dfa661d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl8dfa661d.sys [x]
R1 MpKsl906bafc6;MpKsl906bafc6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl906bafc6.sys [x]
R1 MpKsl907fd832;MpKsl907fd832;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl907fd832.sys [x]
R1 MpKsl90dde4ad;MpKsl90dde4ad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl90dde4ad.sys [x]
R1 MpKsl90f421c5;MpKsl90f421c5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl90f421c5.sys [x]
R1 MpKsl92da453b;MpKsl92da453b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl92da453b.sys [x]
R1 MpKsl93880538;MpKsl93880538;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl93880538.sys [x]
R1 MpKsl9402f748;MpKsl9402f748;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl9402f748.sys [x]
R1 MpKsl940b7f52;MpKsl940b7f52;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl940b7f52.sys [x]
R1 MpKsl94ac6aaf;MpKsl94ac6aaf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl94ac6aaf.sys [x]
R1 MpKsl950e2e23;MpKsl950e2e23;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl950e2e23.sys [x]
R1 MpKsl96b1b5e0;MpKsl96b1b5e0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{718776A1-0C9A-421A-AC59-BEED8D5E800B}\MpKsl96b1b5e0.sys [x]
R1 MpKsl970fdc3f;MpKsl970fdc3f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl970fdc3f.sys [x]
R1 MpKsl99bd521b;MpKsl99bd521b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl99bd521b.sys [x]
R1 MpKsl9b019b10;MpKsl9b019b10;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{632F0AAE-408C-4A3B-ABDF-C8846A7486EA}\MpKsl9b019b10.sys [x]
R1 MpKsl9db8f3b4;MpKsl9db8f3b4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsl9db8f3b4.sys [x]
R1 MpKsla05a26c5;MpKsla05a26c5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{632F0AAE-408C-4A3B-ABDF-C8846A7486EA}\MpKsla05a26c5.sys [x]
R1 MpKsla2c34aea;MpKsla2c34aea;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsla2c34aea.sys [x]
R1 MpKsla393b75a;MpKsla393b75a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsla393b75a.sys [x]
R1 MpKsla3f5841d;MpKsla3f5841d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsla3f5841d.sys [x]
R1 MpKsla405f4e4;MpKsla405f4e4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsla405f4e4.sys [x]
R1 MpKsla67ce7e5;MpKsla67ce7e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsla67ce7e5.sys [x]
R1 MpKsla7013909;MpKsla7013909;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC0B50E-08DC-45B8-9D99-3BCC092000C8}\MpKsla7013909.sys [x]
R1 MpKsla9c1f8c2;MpKsla9c1f8c2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsla9c1f8c2.sys [x]
R1 MpKslaa3cdfa1;MpKslaa3cdfa1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslaa3cdfa1.sys [x]
R1 MpKslac76fb20;MpKslac76fb20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslac76fb20.sys [x]
R1 MpKslae2908cc;MpKslae2908cc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslae2908cc.sys [x]
R1 MpKslb020dd45;MpKslb020dd45;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslb020dd45.sys [x]
R1 MpKslb198d396;MpKslb198d396;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslb198d396.sys [x]
R1 MpKslb2892ddd;MpKslb2892ddd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslb2892ddd.sys [x]
R1 MpKslb2ba98aa;MpKslb2ba98aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslb2ba98aa.sys [x]
R1 MpKslb2ef93e3;MpKslb2ef93e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslb2ef93e3.sys [x]
R1 MpKslb3b8b1fc;MpKslb3b8b1fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslb3b8b1fc.sys [x]
R1 MpKslb791ad97;MpKslb791ad97;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslb791ad97.sys [x]
R1 MpKslb8250cb9;MpKslb8250cb9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslb8250cb9.sys [x]
R1 MpKslb9f32101;MpKslb9f32101;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslb9f32101.sys [x]
R1 MpKslba5a15d7;MpKslba5a15d7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslba5a15d7.sys [x]
R1 MpKslbacc5ac0;MpKslbacc5ac0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslbacc5ac0.sys [x]
R1 MpKslbdbc9550;MpKslbdbc9550;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslbdbc9550.sys [x]
R1 MpKslc2999ee5;MpKslc2999ee5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslc2999ee5.sys [x]
R1 MpKslc341f3b9;MpKslc341f3b9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslc341f3b9.sys [x]
R1 MpKslc34b45e0;MpKslc34b45e0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslc34b45e0.sys [x]
R1 MpKslc47bf346;MpKslc47bf346;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslc47bf346.sys [x]
R1 MpKslc4be2164;MpKslc4be2164;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslc4be2164.sys [x]
R1 MpKslc56e3a84;MpKslc56e3a84;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslc56e3a84.sys [x]
R1 MpKslc6496576;MpKslc6496576;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslc6496576.sys [x]
R1 MpKslc6e75d3a;MpKslc6e75d3a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslc6e75d3a.sys [x]
R1 MpKslc734d274;MpKslc734d274;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslc734d274.sys [x]
R1 MpKslc8988268;MpKslc8988268;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslc8988268.sys [x]
R1 MpKslc945086f;MpKslc945086f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslc945086f.sys [x]
R1 MpKslcbec2801;MpKslcbec2801;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslcbec2801.sys [x]
R1 MpKslcc1513e5;MpKslcc1513e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslcc1513e5.sys [x]
R1 MpKslcc32e79d;MpKslcc32e79d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{632F0AAE-408C-4A3B-ABDF-C8846A7486EA}\MpKslcc32e79d.sys [x]
R1 MpKsld461c7d7;MpKsld461c7d7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsld461c7d7.sys [x]
R1 MpKsld7c7fde9;MpKsld7c7fde9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{632F0AAE-408C-4A3B-ABDF-C8846A7486EA}\MpKsld7c7fde9.sys [x]
R1 MpKsld8b3da39;MpKsld8b3da39;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsld8b3da39.sys [x]
R1 MpKsldabb7bd1;MpKsldabb7bd1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsldabb7bd1.sys [x]
R1 MpKsldd46d31f;MpKsldd46d31f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsldd46d31f.sys [x]
R1 MpKslded159e7;MpKslded159e7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslded159e7.sys [x]
R1 MpKsldf2a2b3b;MpKsldf2a2b3b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsldf2a2b3b.sys [x]
R1 MpKsle042322e;MpKsle042322e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsle042322e.sys [x]
R1 MpKsle4653493;MpKsle4653493;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsle4653493.sys [x]
R1 MpKsle5481eb5;MpKsle5481eb5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsle5481eb5.sys [x]
R1 MpKsle88ea13e;MpKsle88ea13e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsle88ea13e.sys [x]
R1 MpKsle8c40343;MpKsle8c40343;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsle8c40343.sys [x]
R1 MpKsleaa23692;MpKsleaa23692;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsleaa23692.sys [x]
R1 MpKsleac50eb2;MpKsleac50eb2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC0B50E-08DC-45B8-9D99-3BCC092000C8}\MpKsleac50eb2.sys [x]
R1 MpKslec5aff5a;MpKslec5aff5a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC0B50E-08DC-45B8-9D99-3BCC092000C8}\MpKslec5aff5a.sys [x]
R1 MpKslec9ac704;MpKslec9ac704;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslec9ac704.sys [x]
R1 MpKsled65d558;MpKsled65d558;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsled65d558.sys [x]
R1 MpKsled94a743;MpKsled94a743;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKsled94a743.sys [x]
R1 MpKslef5869ca;MpKslef5869ca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslef5869ca.sys [x]
R1 MpKslefff5b38;MpKslefff5b38;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslefff5b38.sys [x]
R1 MpKslf0991f59;MpKslf0991f59;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{632F0AAE-408C-4A3B-ABDF-C8846A7486EA}\MpKslf0991f59.sys [x]
R1 MpKslf1afd0a7;MpKslf1afd0a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslf1afd0a7.sys [x]
R1 MpKslf2528410;MpKslf2528410;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslf2528410.sys [x]
R1 MpKslf303d6e9;MpKslf303d6e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslf303d6e9.sys [x]
R1 MpKslf3f340d3;MpKslf3f340d3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC0B50E-08DC-45B8-9D99-3BCC092000C8}\MpKslf3f340d3.sys [x]
R1 MpKslf611c999;MpKslf611c999;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslf611c999.sys [x]
R1 MpKslf76b4d82;MpKslf76b4d82;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslf76b4d82.sys [x]
R1 MpKslf773a40a;MpKslf773a40a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslf773a40a.sys [x]
R1 MpKslf8df9a7b;MpKslf8df9a7b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslf8df9a7b.sys [x]
R1 MpKslf9faa475;MpKslf9faa475;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslf9faa475.sys [x]
R1 MpKslfd12dbb2;MpKslfd12dbb2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslfd12dbb2.sys [x]
R1 MpKslfd2df3ea;MpKslfd2df3ea;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslfd2df3ea.sys [x]
R1 MpKslfd36abb4;MpKslfd36abb4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslfd36abb4.sys [x]
R1 MpKslfd393f68;MpKslfd393f68;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslfd393f68.sys [x]
R1 MpKslfde0420d;MpKslfde0420d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslfde0420d.sys [x]
R1 MpKslfeaeb98f;MpKslfeaeb98f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslfeaeb98f.sys [x]
R1 MpKslff3f8ab5;MpKslff3f8ab5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66E175F0-BBBC-496B-99A3-D2A73179E970}\MpKslff3f8ab5.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 svdysfjs;svdysfjs;c:\windows\system32\drivers\svdysfjs.exe [2011-08-29 227328]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-19 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-19 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-21 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-22 218688]
S1 MpKsl6de7834f;MpKsl6de7834f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B8BECB5-67C6-469D-9B7C-DB73027215D1}\MpKsl6de7834f.sys [2011-09-05 28752]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2008-12-24 68136]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL6DE7834F
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://d:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://d:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{1968709D-1509-4F6F-AB2A-513FF7D148AB}: NameServer = 10.0.0.138
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\3ehjyyk2.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-05 20:21:15
ComboFix-quarantined-files.txt 2011-09-05 17:21
.
Pre-Run: 41,571,442,688 bytes free
Post-Run: 42,864,259,072 bytes free
.
- - End Of File - - 18DF0C7C608E807EF4C45DAEFC13E351


TDSS Log:



2011/09/05 20:52:54.0740 5456 TDSS rootkit removing tool 2.5.18.0 Sep 5 2011 09:53:09
2011/09/05 20:52:54.0970 5456 ================================================================================
2011/09/05 20:52:54.0970 5456 SystemInfo:
2011/09/05 20:52:54.0970 5456
2011/09/05 20:52:54.0970 5456 OS Version: 6.1.7601 ServicePack: 1.0
2011/09/05 20:52:54.0970 5456 Product type: Workstation
2011/09/05 20:52:54.0970 5456 ComputerName: DAVID-PC
2011/09/05 20:52:54.0970 5456 UserName: David
2011/09/05 20:52:54.0970 5456 Windows directory: C:\Windows
2011/09/05 20:52:54.0970 5456 System windows directory: C:\Windows
2011/09/05 20:52:54.0970 5456 Processor architecture: Intel x86
2011/09/05 20:52:54.0970 5456 Number of processors: 4
2011/09/05 20:52:54.0970 5456 Page size: 0x1000
2011/09/05 20:52:54.0970 5456 Boot type: Normal boot
2011/09/05 20:52:54.0970 5456 ================================================================================
2011/09/05 20:52:56.0084 5456 Initialize success
2011/09/05 20:53:10.0569 6112 ================================================================================
2011/09/05 20:53:10.0569 6112 Scan started
2011/09/05 20:53:10.0569 6112 Mode: Manual;
2011/09/05 20:53:10.0569 6112 ================================================================================
2011/09/05 20:53:11.0573 6112 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/09/05 20:53:11.0620 6112 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/09/05 20:53:11.0659 6112 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/09/05 20:53:11.0728 6112 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/05 20:53:11.0760 6112 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/05 20:53:11.0785 6112 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/05 20:53:11.0844 6112 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/09/05 20:53:11.0892 6112 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/09/05 20:53:11.0926 6112 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/09/05 20:53:11.0950 6112 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/09/05 20:53:11.0975 6112 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/09/05 20:53:11.0997 6112 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/09/05 20:53:12.0025 6112 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/05 20:53:12.0039 6112 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/05 20:53:12.0068 6112 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/09/05 20:53:12.0100 6112 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/05 20:53:12.0126 6112 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/09/05 20:53:12.0158 6112 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/09/05 20:53:12.0216 6112 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/09/05 20:53:12.0243 6112 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/05 20:53:12.0284 6112 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/05 20:53:12.0297 6112 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/09/05 20:53:12.0354 6112 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/09/05 20:53:12.0399 6112 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/09/05 20:53:12.0431 6112 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/09/05 20:53:12.0467 6112 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/05 20:53:12.0502 6112 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/05 20:53:12.0527 6112 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/05 20:53:12.0550 6112 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/05 20:53:12.0581 6112 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/09/05 20:53:12.0605 6112 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/05 20:53:12.0628 6112 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/05 20:53:12.0640 6112 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/05 20:53:12.0672 6112 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/05 20:53:12.0917 6112 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/05 20:53:12.0969 6112 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/05 20:53:13.0000 6112 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/05 20:53:13.0043 6112 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/09/05 20:53:13.0078 6112 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/05 20:53:13.0124 6112 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/09/05 20:53:13.0155 6112 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/09/05 20:53:13.0192 6112 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/05 20:53:13.0242 6112 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/09/05 20:53:13.0276 6112 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/05 20:53:13.0325 6112 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/09/05 20:53:13.0382 6112 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/09/05 20:53:13.0405 6112 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/09/05 20:53:13.0443 6112 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/09/05 20:53:13.0510 6112 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
2011/09/05 20:53:13.0546 6112 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/09/05 20:53:13.0568 6112 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/09/05 20:53:13.0626 6112 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/09/05 20:53:13.0680 6112 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/09/05 20:53:13.0737 6112 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/05 20:53:13.0791 6112 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/05 20:53:13.0867 6112 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/09/05 20:53:13.0936 6112 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/05 20:53:13.0974 6112 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/09/05 20:53:14.0035 6112 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/09/05 20:53:14.0062 6112 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/09/05 20:53:14.0100 6112 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/05 20:53:14.0132 6112 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/09/05 20:53:14.0148 6112 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/09/05 20:53:14.0172 6112 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/05 20:53:14.0194 6112 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/09/05 20:53:14.0232 6112 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/09/05 20:53:14.0272 6112 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/05 20:53:14.0307 6112 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/05 20:53:14.0365 6112 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/05 20:53:14.0418 6112 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\Windows\gdrv.sys
2011/09/05 20:53:14.0463 6112 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/05 20:53:14.0500 6112 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/05 20:53:14.0553 6112 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/09/05 20:53:14.0593 6112 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/09/05 20:53:14.0621 6112 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/05 20:53:14.0645 6112 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/05 20:53:14.0679 6112 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/05 20:53:14.0754 6112 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/09/05 20:53:14.0825 6112 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/09/05 20:53:14.0890 6112 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/09/05 20:53:14.0940 6112 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/05 20:53:14.0977 6112 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/09/05 20:53:15.0001 6112 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/09/05 20:53:15.0026 6112 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/05 20:53:15.0140 6112 IntcAzAudAddService (33a8c13c71698218be432020cc668d5c) C:\Windows\system32\drivers\RTKVHDA.sys
2011/09/05 20:53:15.0190 6112 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/09/05 20:53:15.0221 6112 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/05 20:53:15.0254 6112 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/05 20:53:15.0301 6112 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/09/05 20:53:15.0340 6112 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/09/05 20:53:15.0371 6112 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/09/05 20:53:15.0388 6112 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/09/05 20:53:15.0409 6112 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/09/05 20:53:15.0429 6112 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/09/05 20:53:15.0462 6112 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/09/05 20:53:15.0512 6112 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/05 20:53:15.0535 6112 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/05 20:53:15.0602 6112 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/05 20:53:15.0643 6112 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/05 20:53:15.0663 6112 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/05 20:53:15.0687 6112 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/05 20:53:15.0704 6112 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/05 20:53:15.0728 6112 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/09/05 20:53:15.0813 6112 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/09/05 20:53:15.0867 6112 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/05 20:53:15.0895 6112 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/05 20:53:15.0938 6112 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/09/05 20:53:16.0102 6112 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/05 20:53:16.0164 6112 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/09/05 20:53:16.0214 6112 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/05 20:53:16.0252 6112 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/09/05 20:53:16.0307 6112 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/09/05 20:53:16.0357 6112 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/09/05 20:53:17.0294 6112 MpKsl6de7834f (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B8BECB5-67C6-469D-9B7C-DB73027215D1}\MpKsl6de7834f.sys
2011/09/05 20:53:18.0775 6112 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/09/05 20:53:18.0812 6112 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/05 20:53:18.0858 6112 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/09/05 20:53:18.0893 6112 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/05 20:53:18.0935 6112 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/05 20:53:18.0961 6112 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/05 20:53:18.0999 6112 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/09/05 20:53:19.0033 6112 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/09/05 20:53:19.0070 6112 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/09/05 20:53:19.0090 6112 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/05 20:53:19.0109 6112 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/09/05 20:53:19.0152 6112 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/05 20:53:19.0192 6112 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/05 20:53:19.0223 6112 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/09/05 20:53:19.0246 6112 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/09/05 20:53:19.0278 6112 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/09/05 20:53:19.0296 6112 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/09/05 20:53:19.0313 6112 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/05 20:53:19.0329 6112 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/09/05 20:53:19.0365 6112 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/05 20:53:19.0424 6112 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/09/05 20:53:19.0463 6112 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/05 20:53:19.0502 6112 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/05 20:53:19.0546 6112 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/05 20:53:19.0569 6112 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/05 20:53:19.0609 6112 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/09/05 20:53:19.0646 6112 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/05 20:53:19.0685 6112 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/05 20:53:19.0748 6112 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/05 20:53:19.0800 6112 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/09/05 20:53:19.0831 6112 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/09/05 20:53:19.0858 6112 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/05 20:53:19.0913 6112 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/09/05 20:53:19.0951 6112 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/09/05 20:53:20.0176 6112 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/05 20:53:20.0416 6112 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/09/05 20:53:20.0453 6112 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/09/05 20:53:20.0518 6112 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/09/05 20:53:20.0573 6112 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/09/05 20:53:20.0656 6112 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/09/05 20:53:20.0696 6112 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/09/05 20:53:20.0718 6112 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/09/05 20:53:20.0745 6112 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/09/05 20:53:20.0762 6112 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/09/05 20:53:20.0786 6112 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/05 20:53:20.0809 6112 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/09/05 20:53:20.0835 6112 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/09/05 20:53:20.0924 6112 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/05 20:53:20.0946 6112 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/09/05 20:53:20.0995 6112 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/05 20:53:21.0041 6112 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/05 20:53:21.0071 6112 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/05 20:53:21.0093 6112 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/05 20:53:21.0147 6112 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/05 20:53:21.0189 6112 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/05 20:53:21.0216 6112 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/05 20:53:21.0245 6112 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/05 20:53:21.0274 6112 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/05 20:53:21.0311 6112 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/05 20:53:21.0336 6112 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/05 20:53:21.0373 6112 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/05 20:53:21.0413 6112 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/09/05 20:53:21.0450 6112 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/05 20:53:21.0476 6112 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/05 20:53:21.0545 6112 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/09/05 20:53:21.0580 6112 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/09/05 20:53:21.0603 6112 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/09/05 20:53:21.0652 6112 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/05 20:53:21.0694 6112 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/09/05 20:53:21.0743 6112 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/09/05 20:53:21.0790 6112 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/09/05 20:53:21.0840 6112 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/05 20:53:21.0883 6112 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/05 20:53:21.0922 6112 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/05 20:53:21.0946 6112 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/09/05 20:53:21.0983 6112 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/05 20:53:22.0025 6112 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/09/05 20:53:22.0054 6112 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/05 20:53:22.0072 6112 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/05 20:53:22.0102 6112 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/05 20:53:22.0151 6112 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/09/05 20:53:22.0174 6112 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/05 20:53:22.0201 6112 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/05 20:53:22.0276 6112 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/09/05 20:53:22.0326 6112 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/09/05 20:53:22.0376 6112 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/09/05 20:53:22.0407 6112 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/05 20:53:22.0434 6112 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/05 20:53:22.0498 6112 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/05 20:53:22.0534 6112 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/09/05 20:53:22.0566 6112 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/09/05 20:53:22.0602 6112 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/09/05 20:53:22.0739 6112 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
2011/09/05 20:53:22.0776 6112 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/05 20:53:22.0824 6112 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/05 20:53:22.0858 6112 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/09/05 20:53:22.0899 6112 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/09/05 20:53:22.0941 6112 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/05 20:53:22.0968 6112 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/09/05 20:53:23.0020 6112 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/05 20:53:23.0044 6112 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/09/05 20:53:23.0103 6112 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/05 20:53:23.0151 6112 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/05 20:53:23.0184 6112 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/05 20:53:23.0237 6112 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/05 20:53:23.0280 6112 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/05 20:53:23.0313 6112 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/05 20:53:23.0378 6112 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/05 20:53:23.0420 6112 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/05 20:53:23.0444 6112 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/09/05 20:53:23.0472 6112 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/05 20:53:23.0495 6112 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/05 20:53:23.0519 6112 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
2011/09/05 20:53:23.0558 6112 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/05 20:53:23.0598 6112 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/05 20:53:23.0625 6112 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/05 20:53:23.0649 6112 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/05 20:53:23.0693 6112 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/09/05 20:53:23.0726 6112 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/05 20:53:23.0747 6112 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/09/05 20:53:23.0796 6112 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/09/05 20:53:23.0822 6112 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/09/05 20:53:23.0846 6112 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/09/05 20:53:23.0869 6112 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/09/05 20:53:23.0884 6112 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/09/05 20:53:23.0910 6112 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/09/05 20:53:23.0949 6112 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/09/05 20:53:23.0977 6112 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/09/05 20:53:24.0009 6112 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/09/05 20:53:24.0050 6112 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/05 20:53:24.0079 6112 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/09/05 20:53:24.0112 6112 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/05 20:53:24.0153 6112 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/05 20:53:24.0164 6112 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/05 20:53:24.0223 6112 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/09/05 20:53:24.0252 6112 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/05 20:53:24.0317 6112 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/05 20:53:24.0346 6112 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/09/05 20:53:24.0399 6112 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/09/05 20:53:24.0447 6112 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/05 20:53:24.0495 6112 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/05 20:53:24.0542 6112 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/09/05 20:53:24.0569 6112 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/05 20:53:24.0608 6112 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/09/05 20:53:24.0620 6112 Boot (0x1200) (8df0d5c295570eb8c3c0cd5e54295f21) \Device\Harddisk0\DR0\Partition0
2011/09/05 20:53:24.0640 6112 Boot (0x1200) (a748ee8bec39ee082ef039769217bbed) \Device\Harddisk0\DR0\Partition1
2011/09/05 20:53:24.0660 6112 Boot (0x1200) (f772451e5beef54289bd28374baf335b) \Device\Harddisk0\DR0\Partition2
2011/09/05 20:53:24.0664 6112 ================================================================================
2011/09/05 20:53:24.0664 6112 Scan finished
2011/09/05 20:53:24.0664 6112 ================================================================================
2011/09/05 20:53:24.0675 6024 Detected object count: 0
2011/09/05 20:53:24.0675 6024 Actual detected object count: 0
2011/09/05 20:53:47.0403 2392 Deinitialize success



OTL Logs:
1st
========== PROCESSES ==========
All processes killed
========== SERVICES/DRIVERS ==========
Service svdysfjs stopped successfully!
Service svdysfjs deleted successfully!
========== OTL ==========
Error: No service named svdysfjs was found to stop!
Service\Driver key svdysfjs not found.
C:\Windows\System32\drivers\svdysfjs.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b63be87-b374-11e0-9d00-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b63be87-b374-11e0-9d00-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b63be87-b374-11e0-9d00-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b63be87-b374-11e0-9d00-806e6f6e6963}\ not found.
File E:\barmaster.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bac99b7-b47c-11e0-a326-f860597b746e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bac99b7-b47c-11e0-a326-f860597b746e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bac99b7-b47c-11e0-a326-f860597b746e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bac99b7-b47c-11e0-a326-f860597b746e}\ not found.
File H:\Autorun.exe not found.
File C:\Windows\System32\drivers\svdysfjs.exe not found.
C:\Windows\System32\xkgoglmr.dat moved successfully.
C:\Windows\System32\euqsjiof.dat moved successfully.
C:\Windows\System32\xutfujrj.dat moved successfully.
C:\Windows\System32\knyijkqe.dat moved successfully.
C:\Windows\System32\umbltqaa.dat moved successfully.
C:\Windows\System32\gesjguxa.dat moved successfully.
C:\Windows\System32\egghnixi.dat moved successfully.
C:\Windows\System32\zvkmoxna.dat moved successfully.
File C:\Windows\Tasks\At1.job not found.
File C:\Windows\Tasks\At2.job not found.
File C:\Windows\Tasks\At3.job not found.
File C:\Windows\Tasks\At5.job not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\David\Downloads\cmd.bat deleted successfully.
C:\Users\David\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\David\Downloads\cmd.bat deleted successfully.
C:\Users\David\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\David\Downloads\cmd.bat deleted successfully.
C:\Users\David\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\David\Downloads\cmd.bat deleted successfully.
C:\Users\David\Downloads\cmd.txt deleted successfully.
File\Folder C:\Windows\Tasks\At*.job not found.
< sc config svdysfjs start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\David\Downloads\cmd.bat deleted successfully.
C:\Users\David\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.27.0 log created on 09052011_205532

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

2nd

OTL logfile created on: 9/5/2011 9:10:06 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\David\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 57.29% Memory free
6.00 Gb Paging File | 4.50 Gb Available in Paging File | 75.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.78 Gb Total Space | 39.99 Gb Free Space | 37.81% Space Free | Partition Type: NTFS
Drive D: | 359.88 Gb Total Space | 181.77 Gb Free Space | 50.51% Space Free | Partition Type: NTFS
Drive E: | 2.27 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/05 21:00:32 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\David\Downloads\aswMBR.exe
PRC - [2011/09/05 18:08:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\David\Downloads\OTL.exe
PRC - [2011/09/03 19:19:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/07 18:06:15 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/08/03 17:46:33 | 000,411,432 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2011/08/02 14:24:26 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\Steam.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/25 10:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/05/25 10:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/20 12:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/20 12:20:04 | 000,313,152 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/21 20:21:18 | 000,890,368 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe
PRC - [2008/12/24 16:52:08 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/03 19:19:29 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/15 03:11:24 | 001,879,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\864c2fd53f879fcd5f9b335cf49a66b4\System.Deployment.ni.dll
MOD - [2011/08/15 03:11:04 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\dfsvc\e335cdfdb3e46fb0f75cb2ce83dabf48\dfsvc.ni.exe
MOD - [2011/08/15 03:04:12 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0e3eea502999efc06079a0f40a795731\System.Windows.Forms.ni.dll
MOD - [2011/08/15 03:04:04 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6c4a0cae96fe506534d1ed4b8e905d04\WindowsBase.ni.dll
MOD - [2011/08/15 03:04:03 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\6cf9069b4b5feb38824a79009ed9c7b4\System.Xml.ni.dll
MOD - [2011/08/15 03:04:03 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ea0f339fb15935f1878e115be1c04f8f\System.Drawing.ni.dll
MOD - [2011/08/15 03:04:01 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\68dd8aa8c376dd3c44f8e56c3767ac1d\System.Security.ni.dll
MOD - [2011/08/15 03:04:00 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\786df9adb3752f8f67b90dedb60dc2a1\System.Configuration.ni.dll
MOD - [2011/08/15 03:03:59 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ffc825af968e2afbdd0d894b475331f3\System.ni.dll
MOD - [2011/08/15 03:03:54 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\93e7df09dacd5fef442cc22d28efec83\mscorlib.ni.dll
MOD - [2011/08/12 04:37:02 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/07 18:06:15 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/08/03 17:46:32 | 014,401,832 | ---- | M] () -- D:\Program Files\Steam\bin\libcef.dll
MOD - [2011/08/03 17:46:32 | 000,914,216 | ---- | M] () -- D:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2011/08/03 17:46:32 | 000,190,248 | ---- | M] () -- D:\Program Files\Steam\bin\chromehtml.dll
MOD - [2011/08/03 17:46:32 | 000,155,432 | ---- | M] () -- D:\Program Files\Steam\bin\avformat-52.dll
MOD - [2011/08/03 17:46:32 | 000,091,432 | ---- | M] () -- D:\Program Files\Steam\bin\avutil-50.dll
MOD - [2011/05/26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/05/20 22:35:00 | 000,247,400 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/05/21 20:21:18 | 000,140,288 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\libexpatw.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/03 17:46:33 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/21 17:06:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 10:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/12/24 16:52:08 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)


========== Driver Services (SafeList) ==========

DRV - [2011/09/05 20:57:03 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/07/23 01:09:35 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/25 10:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 97 F3 92 81 69 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/25 17:18:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/03 19:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/25 17:18:00 | 000,000,000 | ---D | M]

[2011/07/21 01:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2011/09/01 15:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\3ehjyyk2.default\extensions
[2011/07/27 16:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/27 16:37:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3EHJYYK2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3EHJYYK2.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3EHJYYK2.DEFAULT\EXTENSIONS\[email protected]
[2011/09/03 19:19:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 11:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/05 20:18:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdm2.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all with Free Download Manager - D:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - D:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - D:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - D:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1968709D-1509-4F6F-AB2A-513FF7D148AB}: NameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/13 15:55:00 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/05 20:55:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/05 20:26:04 | 001,401,136 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\tdsskiller.exe
[2011/09/05 20:21:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/05 20:21:16 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\temp
[2011/09/05 20:11:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/05 20:11:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/05 20:11:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/05 20:11:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/05 20:11:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/05 20:05:23 | 004,195,009 | R--- | C] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2011/09/05 17:47:37 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Malwarebytes
[2011/09/05 17:47:27 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/05 17:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/05 17:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/05 17:47:23 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/05 17:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/05 15:41:22 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{379D29EB-6BAC-45F7-8EDB-57D4C279BED0}
[2011/09/05 15:41:03 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{926AC026-FC3B-4D8F-853F-74EC1B798548}
[2011/09/05 15:22:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{E03DA6B0-845C-403C-8CCB-2C925020F4EF}
[2011/09/05 15:22:29 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{BD8543C4-81E0-490D-A7A1-8D04D854D4E9}
[2011/09/05 15:16:18 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{29093643-4A18-4E02-9B69-A679621E9D12}
[2011/09/05 15:15:58 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{D34FDA5D-3C71-423D-8A3C-7D2CA740A05A}
[2011/09/05 10:33:08 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F0E9E021-2BD3-4CF5-8EBE-08EF25871BE7}
[2011/09/05 10:32:44 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{E25B6946-062C-47DA-9DC3-298012622FE9}
[2011/09/05 10:27:14 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{5BF901C1-C714-4701-8A58-ED08E88776EC}
[2011/09/05 10:26:57 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B32CA0EF-87EE-431D-B11C-6D38E5663407}
[2011/09/05 10:21:26 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{44F15D01-A7BF-4486-9CD0-B532F7B91CA7}
[2011/09/05 10:21:09 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{5C43B8B8-4115-4669-AB84-D992CA0CE3D9}
[2011/09/05 10:15:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{AB0027FB-6723-4A8B-B7B7-E738826B1323}
[2011/09/05 10:15:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2135A67D-67DF-451F-8D94-2C9A0FD0040C}
[2011/09/05 10:09:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{1257722B-2177-4FAA-B949-92373914FC18}
[2011/09/05 10:09:39 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{AA0E125A-D021-4021-8218-BA1765964099}
[2011/09/05 10:04:09 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{BFAFF6F0-DAB7-4A17-96AF-5EA95C0A2EF8}
[2011/09/05 10:03:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F6D170BC-3E25-4764-A91A-296B6226C15A}
[2011/09/05 09:58:20 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{65BB5D1B-BD74-4B6A-BA6D-110F1B892C33}
[2011/09/05 09:58:06 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A6456984-307F-4F5B-9425-232EC6727096}
[2011/09/05 09:52:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F2A319D1-9664-4B9F-ABF2-30FD51ED3DE4}
[2011/09/05 09:52:22 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{70EFB74E-040A-4C9E-9C3A-3364CD25D50D}
[2011/09/05 09:46:54 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{72B3C531-A3B8-434B-91AF-2042B7F2C1A8}
[2011/09/05 09:46:36 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{5702D4C7-DD11-4BA0-B647-B74587826820}
[2011/09/05 09:41:12 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{7E08B04C-5AAA-47B6-8510-1AD9B9A54E98}
[2011/09/05 09:40:54 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{438FD29E-B8AA-4805-BAFE-98E4768310FC}
[2011/09/05 09:35:30 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{FE885909-66B7-4C33-803C-9B4E156524C5}
[2011/09/05 09:35:11 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{799834E6-0F0C-4B82-AE31-1BE0AEC4E571}
[2011/09/05 09:29:41 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{7633120E-58C5-482A-AF89-B1E6980D2DB8}
[2011/09/05 09:29:25 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{1F568D83-941A-4292-AF3F-7F4377644E07}
[2011/09/05 09:24:04 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{9DA1A338-9B1E-4F76-9491-BAB738D7E31E}
[2011/09/05 09:23:41 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3E2D309D-37D0-4658-9495-B1AA65075016}
[2011/09/05 09:18:12 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{48A1A5C4-C38E-4F75-A2FC-F80E62C59260}
[2011/09/05 09:17:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{92AE68F5-495D-4F5F-8F02-CB6F51EF618D}
[2011/09/05 09:12:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{0A5C97C9-2B15-4AE2-8770-19513446DC46}
[2011/09/05 09:12:13 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{07A20E79-068E-4D86-AA16-450A3DE5314C}
[2011/09/05 09:06:38 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2BFEC3A4-AE72-4126-9595-FA8823DCEC17}
[2011/09/05 09:06:12 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{884F5C3F-7748-4B7C-BAB3-12D050140B71}
[2011/09/05 09:00:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{5C21E34E-7261-485A-BDCC-3185F4B782B5}
[2011/09/05 09:00:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{DA73F1A4-126D-48D4-86B5-137C938B9F36}
[2011/09/05 08:54:59 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{BE18CC9E-506C-4D26-AF06-04EAEDCDB1C1}
[2011/09/05 08:54:44 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{59A3C491-F4E2-4ED2-939C-61DE28DC717D}
[2011/09/05 08:49:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{5CFF915C-BED6-4F38-BB8F-64A582812937}
[2011/09/05 08:48:59 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{70F12720-EAB6-471E-B0F9-9D85D5980839}
[2011/09/05 08:43:20 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B40F9D1C-3433-4FC4-AEBA-AD6AEC2B7C3D}
[2011/09/05 08:42:55 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{03DED73B-2B1E-4FD9-A3B8-03259722E25A}
[2011/09/05 08:37:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{7C24D5E3-EC76-40DA-B621-36395C4D5A61}
[2011/09/05 08:37:14 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F20F2E1A-F2F6-4B0F-9E17-3F1237B5A0D4}
[2011/09/05 08:31:30 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B9D1423B-D0A6-4C9A-9E24-7EA3E462F1B0}
[2011/09/05 08:31:10 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{E135DC3D-8BFE-46B7-A910-3C40ED18CEC7}
[2011/09/05 08:25:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{CC0DB4D0-6C5D-409B-AC5B-4B9499D9CB97}
[2011/09/05 08:25:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{6A675E3E-5698-4D3E-BEBC-71DB41ED8659}
[2011/09/05 08:20:03 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3CB39732-4FCF-411C-8F39-3AD132D26FA4}
[2011/09/05 08:19:42 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{63728338-3FE9-49D5-B4B7-0AE7E861917F}
[2011/09/05 08:14:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{7E389DB1-2244-43E5-A63F-0513AA6179E7}
[2011/09/05 08:13:45 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A3DE3573-108A-488D-B5F6-4D0834C896F2}
[2011/09/05 08:08:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{6429A608-ABF2-45B0-AEC6-64FCB3275EA8}
[2011/09/05 08:08:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{49C985B2-D7A8-43DE-AAD7-A06CA58B1BCA}
[2011/09/05 08:02:29 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{476783B4-6EC8-4C1F-9B31-296C5D349569}
[2011/09/05 08:02:12 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{AE24ACD2-DD6E-4F3E-A29B-72B314ECCF0A}
[2011/09/05 07:56:44 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{4799C9CF-B894-4CFF-9EBE-EB7283386078}
[2011/09/05 07:56:27 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{5EF42479-6C4E-4109-BAE1-78C066465BF8}
[2011/09/05 07:51:00 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{76CBD2ED-E08A-4624-B300-C767FF7D38FB}
[2011/09/05 07:50:43 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C30C98DB-617D-439F-A52D-F8B9462568C2}
[2011/09/05 07:45:18 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A9201A78-A6FD-409C-9EC7-2BBAC956E558}
[2011/09/05 07:44:59 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{6669AF14-53C3-4521-BA1D-6B22F46F1EDF}
[2011/09/05 07:39:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F621011F-2674-495F-8091-04A02E1C2DAD}
[2011/09/05 07:39:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{939A36E9-A9E3-4533-90C0-D4B281CDF958}
[2011/09/05 07:33:38 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{0FCC9963-D903-4AED-9308-5E4F420C151C}
[2011/09/05 07:33:15 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A2C4AA1B-E644-48FB-862A-1126CC320BD3}
[2011/09/05 07:27:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{11F892C4-6BCD-4C6E-9733-78B3AC317FC8}
[2011/09/05 07:27:31 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A3C68CF6-6D88-4537-85E4-1D36A1E1E781}
[2011/09/05 07:22:10 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{5FC1BC0C-D030-4D86-B59E-D046D50C4A81}
[2011/09/05 07:21:51 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{6993D300-1E85-4A4B-9BFD-A1BD22ECEC01}
[2011/09/05 07:16:20 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{62D1DB0D-7FF3-40AD-B463-09623CAE90FD}
[2011/09/05 07:16:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{971319A0-E948-4261-80C4-C686812FD231}
[2011/09/05 07:10:35 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F9CE95FB-580F-4FDD-82DF-443D10D9E12F}
[2011/09/05 07:10:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B8927BA3-16D8-4E34-9307-3EC580171A41}
[2011/09/05 07:04:51 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{97AC9929-ACB9-4E52-B5AC-80EF8BA035FA}
[2011/09/05 07:04:35 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A095DF2B-323B-45CC-978A-C1D73E7F8ADC}
[2011/09/05 06:59:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{132F4DED-71C1-4D01-98C9-3E9F15021C32}
[2011/09/05 06:58:45 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{7B22696B-4FCC-42C1-A424-DE25B1CEBCCA}
[2011/09/05 06:53:14 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{03A606DC-ED20-42B6-95A1-6D96737D7BA3}
[2011/09/05 06:52:58 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{61C728AF-FF8E-4D7B-BDD9-F91BAEABD531}
[2011/09/05 06:47:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{9072AD36-5F9F-4F75-950D-6017B78419A3}
[2011/09/05 06:47:06 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{0B263E5C-4377-4467-93C0-1A21F3A5753A}
[2011/09/05 06:41:39 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2CAC025C-A750-4580-8764-E125E495AA68}
[2011/09/05 06:41:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{4D725630-B0E2-4696-B947-598481D9C92A}
[2011/09/05 06:35:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{9693DC9A-9E76-4F94-9C18-ACCE40D47E3C}
[2011/09/05 06:35:35 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{9DC20B76-36BC-4E15-AE9D-97953AD8BFF3}
[2011/09/05 06:29:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{52D3C5E8-49DA-4E10-A2F4-18D13B2A24C2}
[2011/09/05 06:29:26 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B65B569C-A1DA-40A7-AE2D-CD8F81B222D9}
[2011/09/05 06:23:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{74C47C88-742D-438A-B806-B770C70DB31F}
[2011/09/05 06:23:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{93053FF5-C02E-491D-B79C-9D086B535B47}
[2011/09/05 06:18:11 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{1B551059-0A37-446E-B7AA-63F7DCC5398B}
[2011/09/05 06:17:54 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3F135408-1543-4723-8D4E-86255CCCD6F5}
[2011/09/05 06:12:20 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{FB5BE545-D8DF-48E7-80E3-E5638509199A}
[2011/09/05 06:12:02 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{E110F97E-0B66-4E4E-9789-BA57BF9B9AC8}
[2011/09/05 06:06:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{D726E7B1-1B24-48C1-862A-BB0AF22B9280}
[2011/09/05 06:05:58 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{90FB4E93-0868-4C96-930B-78DE1CD5758B}
[2011/09/05 06:00:29 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3A871E90-BCEA-41F0-9674-A4E895666F6A}
[2011/09/05 06:00:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3A67C0E2-5101-4E82-8E77-FFEFC99277DF}
[2011/09/05 05:54:22 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{92852D4A-4A46-4349-A8DE-27F84EB7B98D}
[2011/09/05 05:54:03 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{D77DC3B4-3257-453B-AFEE-178904E518F3}
[2011/09/05 05:48:42 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{615D0CC3-2819-4AA6-AC75-0E9E8754604C}
[2011/09/05 05:48:27 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C6380BDD-9BAC-4532-A2BE-722BDB0D0B8C}
[2011/09/05 05:42:51 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{59B36A17-03CA-4CFE-964B-A9D3311C2C93}
[2011/09/05 05:42:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{1E0186BD-B455-45D2-9D0B-AB0A60982B99}
[2011/09/05 05:36:48 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{E10BA133-CF78-4D5D-947F-2B7D35E048F6}
[2011/09/05 05:36:29 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{CD10435D-3590-40D2-A930-6EF169EC7BA4}
[2011/09/05 05:31:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F2A76A2B-BD77-4AC2-84DF-FCCE8CE932FB}
[2011/09/05 05:30:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C405CB06-25B9-45F7-A124-D01D2DFE24CF}
[2011/09/05 05:25:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{6FEB7B6E-0835-487F-8AB6-403D429DA224}
[2011/09/05 05:25:11 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B3824313-105E-448B-AEBE-92324308A2B4}
[2011/09/05 05:19:39 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{297F1668-4D8F-4A1A-9AB2-6E3185D40342}
[2011/09/05 05:19:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{5EDB7582-8D68-42AE-9C7B-59FFE54D9053}
[2011/09/05 05:14:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{CCAF462A-A3E9-4D06-82AC-404C6F43751A}
[2011/09/05 05:13:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{CF6A225E-9F28-41D2-A526-1C4E71623CBF}
[2011/09/05 05:08:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{8EFF0CD4-3325-4625-AF7F-6CCA51720989}
[2011/09/05 05:08:08 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B7D57E6B-1B75-41D2-9F97-15093F848C82}
[2011/09/05 05:02:36 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{25270127-747C-4669-9BE6-FAC919C07CEB}
[2011/09/05 05:02:21 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{932E9F06-3D23-4531-A01D-01B996B2315B}
[2011/09/05 04:56:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{873C9405-CF9C-44CD-B845-600EBC83F113}
[2011/09/05 04:56:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{4F4D6631-FFC9-4933-A353-1FAED5B33649}
[2011/09/05 04:50:58 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{ECB7A604-56DB-40A0-B2B9-C8A6330AFC52}
[2011/09/05 04:50:42 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{687DF26F-44EB-40E7-95D8-ABD55E39590B}
[2011/09/05 04:45:18 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A88B0743-0A53-4AFB-9E73-0E44DF1BE4EA}
[2011/09/05 04:45:01 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2428E836-F977-48D9-923B-499F8570A421}
[2011/09/05 04:39:27 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{EC5BABB6-CB0D-4A13-8DB1-41531FF91E76}
[2011/09/05 04:39:10 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A4C02028-D0C2-4A84-AB44-4AB5FF25753F}
[2011/09/05 04:33:43 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{4F6D169C-6FE1-4180-9FAE-A50DA0B175BC}
[2011/09/05 04:33:25 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2D38AFF1-F7F4-4B6F-9ADD-A509D51D8250}
[2011/09/05 04:27:53 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{BB016359-5B40-481F-ADCE-65056FDCBFE8}
[2011/09/05 04:27:38 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{CA6B61FB-6453-4515-9C1A-18F4CBFA03B4}
[2011/09/05 04:22:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{866C2909-7559-47D8-861A-4AC63AC7E20A}
[2011/09/05 04:22:04 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{00551274-C53D-4F7A-A27E-AA7054AE0BE8}
[2011/09/05 04:16:34 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{CC85A244-AE0C-4645-B0B1-357976110955}
[2011/09/05 04:16:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{66FFF392-2CB2-4DA2-A2A8-F145E090E2B6}
[2011/09/05 04:10:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{53BBD678-7BD7-4CA2-AA5A-9D929EA1F72D}
[2011/09/05 04:10:26 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F110F8A0-6ABF-45C4-94B8-71B15F2AFCE7}
[2011/09/05 04:04:54 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{4379550E-4CA8-416F-B65C-B33CE1BE803F}
[2011/09/05 04:04:33 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{23DAFEB5-5BA5-47A0-A6DA-F42E8B355B42}
[2011/09/05 03:59:13 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{FE775030-46EA-4159-9EF9-D57C1042C502}
[2011/09/05 03:58:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B4CC113D-5962-4E04-A74C-DE57B289F428}
[2011/09/05 03:53:11 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{D18235A4-B5FB-4150-A295-4D1682D9E629}
[2011/09/05 03:52:53 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2A3C9B70-3989-4CA9-940C-B88650F9140B}
[2011/09/05 03:47:41 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{18F18045-8E57-4C21-A7F9-2E32BC9DBBCE}
[2011/09/05 03:47:26 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C025DEC4-F447-4747-B192-97CCF9EB82D6}
[2011/09/05 03:41:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{EDE79CD0-5585-48F9-B96C-1548E529D5C2}
[2011/09/05 03:41:30 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{88716963-E685-4FD8-8AA7-16EC209CE57E}
[2011/09/05 03:35:58 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{9BC03B26-7398-4163-A65E-D517C97BC9FD}
[2011/09/05 03:35:41 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B0B25810-DCAC-45DE-AAF5-316017A3C905}
[2011/09/05 03:30:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{46BFE67B-517E-44FE-9AC6-2252D2C00DF6}
[2011/09/05 03:30:01 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{569598F4-3AF0-43BA-BD8D-6E342747B45F}
[2011/09/05 03:24:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{91F765AD-A24E-4B93-A117-C0AC6747B38A}
[2011/09/05 03:24:02 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{9C2C8186-A517-46EB-81F6-ABA01425E055}
[2011/09/05 03:18:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{7B9B68C7-54E5-4B3E-9477-42A100CBBF68}
[2011/09/05 03:18:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{E5CD0DBF-53C3-4804-A840-76208F4EB2E6}
[2011/09/05 03:13:16 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2188D6CD-2807-463F-9CA5-AFD81D78D870}
[2011/09/05 03:12:58 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{29D94930-5ADB-47EE-B24C-5A3CB34FEFEC}
[2011/09/05 03:07:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{81E74B4C-54B1-4D8C-861B-3BC3AEA7AB23}
[2011/09/05 03:07:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2D29D4D7-2FD5-4BC2-8952-3DF04E842B6A}
[2011/09/05 03:01:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{851A4AA9-8C01-4F88-9FE7-20CFD0DAB991}
[2011/09/05 03:01:30 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{CAA60E57-F5F0-45D2-BA7F-033D0B77DA7B}
[2011/09/05 02:56:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B0410E18-6D4F-4958-B6B3-21C8385BB7F1}
[2011/09/05 02:55:48 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B14BB8F8-A7CA-4252-91E0-E65A66D9B5C1}
[2011/09/05 02:50:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{87F51B22-EA2A-4295-91DD-C8A4ABC7DAE0}
[2011/09/05 02:50:09 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{921BFBF8-A407-4034-8F96-5490703C6109}
[2011/09/05 02:44:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{E53D0A80-51EC-48E5-9C50-A9D0F70781B8}
[2011/09/05 02:44:30 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{81E97B02-4D2B-4DD0-9B8D-182E78931939}
[2011/09/05 02:40:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C3EFACBE-D9DA-4802-8484-F14DB5EE0AC2}
[2011/09/04 16:00:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011/09/04 15:49:35 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\StarCraft II
[2011/09/04 15:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011/09/04 15:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/09/04 14:40:02 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{D6FF7F64-10BF-4194-A7D5-790A17C26FD1}
[2011/09/04 02:39:36 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{CB611F31-4738-465C-BAE8-A0CF7F89397C}
[2011/09/03 14:39:09 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2EFBA414-4E2A-44A6-BC22-3469F44C2AE8}
[2011/09/03 14:38:57 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C19F6088-C11E-430B-A66E-74A496F0EC07}
[2011/09/02 15:27:59 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{77770DBD-A2E1-43CB-9292-7DA6C77F27C1}
[2011/09/02 03:27:35 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{9058A9BD-3325-46EA-A243-EE4B96CDB713}
[2011/09/01 15:27:04 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{87E53EE2-513C-49DA-9A21-F6BDA1EC96CB}
[2011/09/01 15:26:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F0BFA99E-B1CE-4F2C-80C0-4288CE90B84D}
[2011/09/01 15:15:29 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C1E70F4B-9F33-4D4B-A21F-5422E0109C98}
[2011/09/01 15:15:16 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{6135B9D9-A103-44BC-ABFB-4C3F24CC721E}
[2011/09/01 15:10:31 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{58BE3F7C-1FC2-4589-B934-36B749414365}
[2011/09/01 15:10:18 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{51EECE91-4DF2-471C-82ED-F86189124036}
[2011/09/01 15:05:31 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{396DA97A-F34E-4819-8578-A45B8A4A05D8}
[2011/09/01 15:05:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{336A8548-688B-414F-B4E6-A659DF8C3E7E}
[2011/09/01 15:00:49 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{1532D231-202F-4BBE-835E-CAE822B61F79}
[2011/09/01 15:00:36 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{63931623-C801-400D-B264-FBEFAE0D819D}
[2011/08/31 03:34:36 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B945A8DD-FA0E-46CA-9148-E477C523193A}
[2011/08/30 15:33:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{0625A8EE-68F4-4995-9733-44C4E53E0F78}
[2011/08/30 15:33:16 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{963A87C0-ED0C-4817-A358-E64CB348BD68}
[2011/08/30 03:32:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{4D35A46A-391B-4645-BC12-7457CA83A351}
[2011/08/29 15:32:21 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{0C02FA83-DAAA-4472-9FA2-A3BBBE24BFB4}
[2011/08/29 15:32:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B377C15A-2AFF-4325-B23C-1B2040A025E8}
[2011/08/26 05:53:35 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{7487101F-1A6B-4C56-8E05-2F4F3D12AB6E}
[2011/08/26 03:00:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/25 17:53:10 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{4415A639-665E-4731-AA66-3C41358FD92A}
[2011/08/25 17:52:55 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{87D59B5B-FF5A-4F26-8B3B-A3DADFF008AC}
[2011/08/24 01:03:35 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{BCA16200-CEFA-49D0-AEA7-45E170C12359}
[2011/08/23 13:03:11 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{DB44552E-B32A-417C-9735-4A12F708913B}
[2011/08/23 01:02:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2E2C477E-3568-4EDB-B74C-50C6E80FFD41}
[2011/08/22 13:01:45 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{8DC00E5E-1E9C-475E-95D2-39E667B616D3}
[2011/08/22 13:01:33 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{D1CA5E36-4CFE-47F3-B0BC-BECB19B9E20A}
[2011/08/22 01:01:06 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3E0843A5-887D-4E0A-BD76-501C2C4BDFA1}
[2011/08/21 13:00:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{14432A07-50AD-4ADB-9FE5-B49D6FBE7C5A}
[2011/08/21 01:00:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B4C71B2F-DF2C-44B8-9E48-CAF3617CE4B3}
[2011/08/20 12:58:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{33152CA3-9104-45AE-9E35-6F4E63276022}
[2011/08/20 12:19:59 | 000,487,316 | ---- | C] (Blizzard Entertainment) -- C:\Users\David\Desktop\FTkey.exe
[2011/08/20 12:19:58 | 000,419,961 | ---- | C] (Blizzard Entertainment) -- C:\Users\David\Desktop\cdkey.exe
[2011/08/20 12:18:37 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2011/08/20 00:57:43 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{25FA35CE-B47C-4692-9DF6-41497BDA2EB2}
[2011/08/19 12:57:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{AD7474AF-278A-4515-81EA-A908E7B21FB8}
[2011/08/19 00:56:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{E3AED8AE-891C-4ECD-AC4E-EB451FB38C77}
[2011/08/18 12:54:43 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C7C87975-DA44-49D6-BE71-6E58116E3430}
[2011/08/18 00:54:18 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{DA6A9B45-EBB5-4775-96E8-10F5B22B3D29}
[2011/08/17 12:52:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3A434ACF-6486-425C-BE6C-DFC35BAF4B55}
[2011/08/17 00:52:16 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{ABA3E089-3932-46CC-83BC-5C7F89DF54EC}
[2011/08/16 12:51:38 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{172D0774-F8C8-47AD-945A-758453A11EBD}
[2011/08/16 00:51:13 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{BBDCB324-098B-4241-B274-F2A3D82C4418}
[2011/08/15 20:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5
[2011/08/15 12:50:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{801FCDFC-45A1-49D1-9BA9-E14041E55D83}
[2011/08/15 12:49:53 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3D0AB0CD-059D-4F84-A93C-45F465AB1E80}
[2011/08/15 00:49:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A0D5B2F8-963D-48B8-9BA7-A15BFA14EE07}
[2011/08/15 00:49:16 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{C3D58F03-A314-4041-986A-D9D86E689D6D}
[2011/08/14 12:48:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F8514F4F-12A5-4D25-B3AC-AE67D229F615}
[2011/08/14 12:48:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{19C42D3F-9500-4F0B-A6E5-EFED27AF9097}
[2011/08/13 15:27:01 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{012E5A7A-B57B-44E6-84BB-3FBF9346C336}
[2011/08/13 15:26:49 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{DF6D2840-D106-44B5-B9C4-9CE6445402BE}
[2011/08/13 03:26:36 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3EB632CF-F673-4D4F-A30C-6E6C9BCFD4FB}
[2011/08/12 15:25:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B5938EB8-7FAF-4B07-8653-FAEC259FC753}
[2011/08/12 15:25:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{83EFDBC5-0A9C-404A-83D8-4631ED5426C2}
[2011/08/12 03:24:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{82B1D83D-8957-45B9-B792-C514569B3EEF}
[2011/08/12 03:24:21 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{7ECFBAFF-103C-4DF3-BCDA-241D2832EF09}
[2011/08/12 03:06:02 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/12 03:06:01 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/12 03:05:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/12 03:05:11 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/12 03:05:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/12 03:05:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/12 03:05:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/12 03:04:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/12 03:04:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/12 03:04:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/12 03:04:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/12 03:04:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/12 03:04:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/12 03:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/12 03:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/12 03:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/12 03:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/12 03:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/12 03:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/12 03:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/12 03:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/12 03:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/12 03:04:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/12 03:04:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/12 03:04:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/12 03:04:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/12 03:04:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/12 03:04:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/12 03:04:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/12 03:04:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/12 03:04:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/12 03:04:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/12 03:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/12 03:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/12 03:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/12 03:04:49 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/08/12 03:04:49 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/12 03:03:01 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/08/12 03:03:01 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/08/12 03:03:01 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/08/12 03:03:00 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/08/12 03:03:00 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/08/12 02:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex Workshop v6.6
[2011/08/11 15:22:45 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{76DAF466-26EC-4698-A15E-0AEE0409C89B}
[2011/08/11 15:22:33 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{218B56CD-D53B-494E-B2DE-7307C11BE370}
[2011/08/11 03:22:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{9F8CA2B6-8190-473E-A11C-AEEEFC0FB8AF}
[2011/08/11 01:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2011/08/11 01:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS
[2011/08/11 01:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server
[2011/08/10 23:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\FlashFXP 4
[2011/08/10 23:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\FlashFXP
[2011/08/10 15:21:43 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{8D21CA34-E62B-46DB-9B31-E51D98E7B502}
[2011/08/10 10:25:01 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Free Download Manager
[2011/08/10 10:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[2011/08/10 03:21:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{6EAD848D-D9C0-43A9-A555-6DEEB6CAC9E3}
[2011/08/09 15:20:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{9758E71E-5FF9-4045-B34C-BEFC0FBA21CF}
[2011/08/09 15:20:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{05393595-9C01-4CE9-A127-49B255083B36}
[2011/08/08 16:52:39 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F8112221-4E7B-4206-B909-2B6294A6FB9E}
[2011/08/08 16:52:20 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{02535687-3D23-4F27-B6B6-D763C4835D09}
[2011/08/07 22:50:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/08/07 21:15:51 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011/08/07 21:15:50 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011/08/07 21:15:50 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011/08/07 21:15:50 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011/08/07 21:15:50 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011/08/07 21:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/08/07 19:26:06 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\RIFT
[2011/08/07 19:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
[2011/08/07 18:06:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\PMB Files
[2011/08/07 18:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/08/07 18:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/08/07 15:56:45 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{41C057E1-C960-41FE-9BEF-A580903407CA}
[2011/08/07 15:56:33 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{713EFC10-057B-4736-9DB6-1E6E43C65119}

========== Files - Modified Within 30 Days ==========

[2011/09/05 21:05:35 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2011/09/05 20:57:03 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\gdrv.sys
[2011/09/05 20:56:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/05 20:56:42 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/05 20:55:41 | 000,014,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/05 20:55:41 | 000,014,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/05 20:27:13 | 001,401,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\tdsskiller.exe
[2011/09/05 20:18:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/05 20:05:37 | 004,195,009 | R--- | M] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2011/09/05 17:47:27 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/05 15:38:21 | 236,317,710 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/04 15:59:48 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/09/03 17:39:42 | 002,032,054 | ---- | M] () -- C:\Users\David\Desktop\IMG_0674.JPG
[2011/09/02 19:46:35 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/02 19:46:35 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/29 20:42:08 | 000,000,326 | ---- | M] () -- C:\Users\David\Desktop\HP Printer Diagnostic Tools.url
[2011/08/26 14:53:31 | 000,000,955 | ---- | M] () -- C:\Users\David\Desktop\Zygor Guides Updater.lnk
[2011/08/22 05:45:03 | 003,764,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/20 12:18:43 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2011/08/20 12:18:43 | 000,000,842 | ---- | M] () -- C:\Windows\War3Unin.dat
[2011/08/15 20:42:23 | 000,000,621 | ---- | M] () -- C:\Users\David\Desktop\Guitar Pro 5.lnk
[2011/08/14 16:43:16 | 000,090,420 | ---- | M] () -- C:\Users\David\Documents\com.kairosoft.gm08E.plist
[2011/08/12 04:37:03 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/12 02:31:32 | 000,090,420 | ---- | M] () -- C:\Users\David\Documents\com.kairosoft.gm08E.BAK
[2011/08/12 02:25:21 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Hex Workshop Hex Editor (32 bit).lnk
[2011/08/11 01:42:53 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2011/08/10 23:57:21 | 000,000,717 | ---- | M] () -- C:\Users\David\Documents\configureMe.js
[2011/08/10 23:42:25 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2011/08/07 21:15:51 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/08/07 19:33:46 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Play RIFT.lnk
[2011/08/06 21:53:59 | 004,417,977 | ---- | M] () -- C:\Users\David\Desktop\gdf.jpg

========== Files Created - No Company Name ==========

[2011/09/05 21:05:35 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2011/09/05 20:11:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/05 20:11:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/05 20:11:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/05 20:11:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/05 20:11:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/05 17:47:27 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/04 15:49:35 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/09/03 18:21:25 | 002,032,054 | ---- | C] () -- C:\Users\David\Desktop\IMG_0674.JPG
[2011/08/29 20:42:08 | 000,000,326 | ---- | C] () -- C:\Users\David\Desktop\HP Printer Diagnostic Tools.url
[2011/08/20 12:18:37 | 000,000,842 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/08/15 20:42:23 | 000,000,621 | ---- | C] () -- C:\Users\David\Desktop\Guitar Pro 5.lnk
[2011/08/14 16:43:16 | 000,090,420 | ---- | C] () -- C:\Users\David\Documents\com.kairosoft.gm08E.plist
[2011/08/12 02:37:37 | 000,090,420 | ---- | C] () -- C:\Users\David\Documents\com.kairosoft.gm08E.BAK
[2011/08/12 02:25:21 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\Hex Workshop Hex Editor (32 bit).lnk
[2011/08/11 01:42:53 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2011/08/10 23:42:25 | 000,000,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashFXP.lnk
[2011/08/10 23:42:25 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2011/08/07 21:15:51 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/08/07 19:33:46 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Play RIFT.lnk
[2011/08/06 21:53:53 | 004,417,977 | ---- | C] () -- C:\Users\David\Desktop\gdf.jpg
[2011/07/25 17:11:33 | 000,221,308 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/07/25 17:11:33 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/07/23 00:33:41 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/07/22 17:50:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/07/22 17:50:38 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/21 15:58:00 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2009/07/14 07:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 07:33:53 | 003,764,360 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 05:05:48 | 000,626,040 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 05:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 05:05:48 | 000,107,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 05:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 05:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 05:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 02:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 02:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/06/22 01:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe

< End of report >



MBAM Log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7658

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

9/5/2011 9:04:11 PM
mbam-log-2011-09-05 (21-04-11).txt

Scan type: Quick scan
Objects scanned: 183171
Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

aswMBR Log:



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-05 21:00:43
-----------------------------
21:00:43.495 OS Version: Windows 6.1.7601 Service Pack 1
21:00:43.495 Number of processors: 4 586 0x170A
21:00:43.497 ComputerName: DAVID-PC UserName: David
21:01:01.158 Initialize success
21:04:47.412 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:04:47.415 Disk 0 Vendor: SAMSUNG_HD502HI 1AG01118 Size: 476938MB BusType: 3
21:04:49.425 Disk 0 MBR read successfully
21:04:49.428 Disk 0 MBR scan
21:04:49.430 Disk 0 Windows 7 default MBR code
21:04:49.434 Disk 0 scanning sectors +976766976
21:04:49.504 Disk 0 scanning C:\Windows\system32\drivers
21:04:54.597 Service scanning
21:04:55.874 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:04:56.477 Modules scanning
21:05:03.176 Scan finished successfully
21:05:35.215 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
21:05:35.216 The log file has been saved successfully to "C:\aswMBR.txt"

and the Fix button wasn't enabled : )
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\svdysfjs.exe

Driver::
svdysfjs



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Your Microsoft Security Essentials appears to be broken.

Download and Save the free Avast installer.
http://www.avast.com...ivirus-download

Uninstall Microsoft Security Essentials

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
(I think the text version of the results is at: C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt if you want to copy and paste it)







Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP