[Dom Fontana]

Hello.

Background:

I have the Svchost.exe Trojan, and try as I might, I can't get rid of it. I'm using Windows 7 Ultimate 32-bit and have MS Security Essentials and SuperAntiSpyware. Security Essentials doesn't detect it, but SuperAntiSpyware does. The problem is I have the free version and it doesn't offer real time protection. So it seems to get rid of it, but then the Trojan returns.

Details:

A few days ago I noticed a slowdown with my computer and constant hard drive activity in the background. It sounded as if the computer was straining. Security Essentials didn't find anything, but SuperAntiSpyware did. It found 2 instance of the Svchost.exe Trojan. They are both located in the Windows/system folder. I had it remove them and then rebooted. A short time later, I had the same computer problems. I did another scan and SuperAntiSpyware found the same 2 Trojans. The bottom line is that I have gone through this over and over and apparently SuperAntiSpyware finds the problem, removes it, but then it replicates itself every time I reboot.

I read up on it and the manual removal procedure involved looking for and deleting about 25 files. I imagine I could have done it, but I figured it was better to come here, especially since you have Essexboy. hahah

One other point. I tried to do a System Restore and upon completion, I got a message that said System Restore couldn't restore successfully because of an "Unexpected Error." I never heard of System Restore not working before, so I figured it was best to come here.

I would like to know how I can permanently remove the 2 instances of the Svchost.exe Trojan from the Windows/system directory.

Any help would be appreciated.

Thank you very much.

[Advertisements]

Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
• Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
• Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
• Please reply within 3 days to be fair to other people asking for help.
• Please tell me if you have your original Windows CD/DVD available
• When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Step 1

• Please download aswMBR.exe to your desktop.
• Double click the aswMBR.exe to run it.
  
  
  
• When asked if you want to download Avast's virus definitions please select Yes.
• Click the Scan button to start scan.
  
  
  
• On completion of the scan click Save log, save it to your desktop and post in your next reply.
• Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here

Step 2

OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Under the Extra Registry section, check Use SafeList
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT

• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:

• aswMBR log
• OTL scan log
• Extras log
  

[Render]

Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
• Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
• Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
• Please reply within 3 days to be fair to other people asking for help.
• Please tell me if you have your original Windows CD/DVD available
• When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Step 1

• Please download aswMBR.exe to your desktop.
• Double click the aswMBR.exe to run it.
  
  
  
• When asked if you want to download Avast's virus definitions please select Yes.
• Click the Scan button to start scan.
  
  
  
• On completion of the scan click Save log, save it to your desktop and post in your next reply.
• Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here

Step 2

OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Under the Extra Registry section, check Use SafeList
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT

• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:

• aswMBR log
• OTL scan log
• Extras log
  

[Dom Fontana]

Hi, Render.

Thank you for the prompt response. I have to go somewhere now, but will follow your instructions as soon as I return.

Thanks again.

[Render]

OK.

[Dom Fontana]

Hi, Render.

Let me go over a few points. First, I want to answer a question in your preliminary instructions. Yes, I have the Windows 7 Ultimate disc available.

Next, there was a problem, so I figured I would tell you here and then follow the rest of your instructions. In Step 1, I couldn't download aswMBR.exe from your link. It didn't work, so I searched for it and found it on the Avast site. As a side note, I saw that essexboy was also a moderator there. That's funny because he's helped me here before. When I ran aswMBR.exe, I downloaded the definitions and did the Scan. However, during the scan, the computer crashed, I got the blue screen, it did a Crash Dump, and rebooted. I tried again and the exact same thing happened. This time I rebooted into Safe Mode and the Scan lasted longer, but crashed again. So I couldn't get the log file for you. However, during the Safe Mode scan, I did notice 2 infected entries in red. They were both in the c:\windows\system32 directory and they were both Root Kit viruses. Unfortunately, I don't have the names of the files. I tried the scan a 4th time and the computer hung and I had to manually reboot. So I figured I would alert you to this before I proceeded to Step 2.

[Dom Fontana]

Hi, Render.

Okay, here are the logs you requested. Thanks for your help.

1) aswMBR log: Couldn't post. Please see above.

2) OTL scan log follows:

OTL logfile created on: 9/23/2011 8:11:35 AM - Run 3
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Dominick J. Fontana\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.44 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 69.72% Memory free
13.74 Gb Paging File | 12.63 Gb Available in Paging File | 91.92% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 45.20 Gb Total Space | 12.09 Gb Free Space | 26.75% Space Free | Partition Type: NTFS
Drive D: | 243.87 Gb Total Space | 32.78 Gb Free Space | 13.44% Space Free | Partition Type: NTFS
Drive E: | 176.69 Gb Total Space | 53.56 Gb Free Space | 30.31% Space Free | Partition Type: NTFS

Computer Name: FONTANA | User Name: Dominick J. Fontana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/23 08:09:25 | 000,007,680 | ---- | M] () -- C:\Windows\system\svchost.exe
PRC - [2011/09/04 05:31:29 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Dominick J. Fontana\Desktop\OTL.exe
PRC - [2011/08/12 17:37:06 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com) -- D:\Programs\SuperAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- D:\Programs\SuperAntiSpyware\SASCore.exe
PRC - [2011/06/23 19:44:22 | 001,386,776 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/06/17 03:35:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- D:\Programs\Advanced SystemCare 4\ASCService.exe
PRC - [2011/05/20 14:00:34 | 000,671,552 | ---- | M] (TuneUp Software) -- D:\Programs\TuneUp Utilities 2009\TuneUpUtilitiesApp32.exe
PRC - [2011/05/20 13:58:28 | 001,523,008 | ---- | M] (TuneUp Software) -- D:\Programs\TuneUp Utilities 2009\TuneUpUtilitiesService32.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- D:\Programs\Seagate Manager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- D:\Programs\Seagate Manager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/09/16 21:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009/08/28 01:40:50 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/11/02 04:38:58 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- D:\Programs\PowerISO\PWRISOVM.EXE
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/23 08:06:39 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/09/23 08:06:39 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/08/29 10:01:29 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/29 10:01:29 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/06/23 19:44:34 | 000,877,848 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2009/08/28 01:40:50 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Updater Service for StartNow Toolbar)
SRV - [2011/09/04 04:20:03 | 000,218,624 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Windows\System32\itnetw32.dll -- (itlperf)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- D:\Programs\SuperAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/29 07:28:32 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/17 03:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- D:\Programs\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/05/20 13:58:28 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Running] -- D:\Programs\TuneUp Utilities 2009\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/05/20 13:55:28 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- D:\Programs\Seagate Manager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/09/23 08:06:10 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{58FDFEF4-7EB3-409A-803E-B887376A351E}\MpKsld7c3f305.sys -- (MpKsld7c3f305)
DRV - [2011/09/23 07:34:48 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{58FDFEF4-7EB3-409A-803E-B887376A351E}\MpKsla4b22a4c.sys -- (MpKsla4b22a4c)
DRV - [2011/09/17 09:47:00 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/28 10:39:24 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Programs\SuperAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Programs\SuperAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/30 08:00:20 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/04/30 08:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 08:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/26 15:30:20 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- D:\Programs\TuneUp Utilities 2009\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/11 12:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 12:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 12:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 12:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/04/22 14:32:20 | 000,042,552 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2009/02/25 20:22:12 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/02/25 20:22:12 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/11/02 04:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/03/19 08:10:54 | 000,310,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW24B.sys -- (MRV6X32U) Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x)
DRV - [2007/08/12 22:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4097588345-1287629508-3253405396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc28.mail.....jsrand=5992681
IE - HKU\S-1-5-21-4097588345-1287629508-3253405396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4097588345-1287629508-3253405396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4097588345-1287629508-3253405396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 35 21 12 73 4C CC 01 [binary data]
IE - HKU\S-1-5-21-4097588345-1287629508-3253405396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://us.mc12.mail....rand=1133327982
IE - HKU\S-1-5-21-4097588345-1287629508-3253405396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?..._date=20110828"
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: {766fca73-0742-b02b-8971-c78fe158c4ba}:4.6.7.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1390
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20110828&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\ [2011/08/19 09:03:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: D:\Programs\Firefox\components [2011/07/28 09:44:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: D:\Programs\Firefox\plugins [2011/09/16 08:23:48 | 000,000,000 | ---D | M]

[2011/07/28 09:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Extensions
[2011/08/27 06:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\8ixxrqmh.default\extensions
[2011/08/27 06:52:24 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\8ixxrqmh.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/07/28 09:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\8ixxrqmh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/27 06:52:20 | 000,001,945 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\8ixxrqmh.default\searchplugins\bing-zugo.xml
[2011/07/28 09:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/28 09:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/07 06:14:34 | 000,000,000 | ---D | M] (No name found) -- D:\PROGRAMS\AVG10\FIREFOX
[2011/07/28 09:44:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
File not found (No name found) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{766FCA73-0742-B02B-8971-C78FE158C4BA}
File not found (No name found) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/08 12:05:24 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMS\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/09/04 05:46:19 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Windows Live ID Sign-in Helper) - {07B0072D-738F-5709-0AB6-3DB75BBA3B64} - Reg Error: Value error. File not found
O2 - BHO: (Groove GFS Browser Helper) - {50476A70-23CE-61D4-4AF9-651A3FB40F04} - C:\Windows\System32\PeerrDistSvc.dll (VMware, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {5D677C6A-5DF8-1A13-778F-6D1862067DB6} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-4097588345-1287629508-3253405396-1000\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] D:\Programs\Seagate Manager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Programs\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartNowToolbarHelper] File not found
O4 - HKLM..\Run: [Windows Mobile Device Center] File not found
O4 - HKU\S-1-5-21-4097588345-1287629508-3253405396-1000..\Run: [SUPERAntiSpyware] D:\Programs\SuperAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4097588345-1287629508-3253405396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Programs\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16967369-DB80-4671-8F51-D460B287BA48}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-4097588345-1287629508-3253405396-1000 Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\Programs\SuperAntiSpyware\SASWINLO.DLL - D:\Programs\SuperAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Programs\SuperAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/05/03 09:38:31 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 21:32:16 | 000,200,524 | ---- | M] () - D:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 21:32:16 | 000,019,488 | ---- | M] () - D:\AUTO.pst -- [ NTFS ]
O32 - AutoRun File - [2009/04/25 08:05:20 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/23 09:54:29 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/23 08:09:26 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Dominick J. Fontana\Desktop\OTL.exe
[2011/09/21 06:01:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\3056
[2011/09/20 10:40:33 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SMIGames
[2011/09/20 07:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wedding Dash - Ready Aim Love
[2011/09/20 07:22:08 | 000,000,000 | ---D | C] -- C:\Windows\Wedding Dash - Ready Aim Love
[2011/09/17 09:47:00 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/16 08:46:32 | 000,000,000 | ---D | C] -- C:\Windows\Wedding Dash 2 - Rings Around the World
[2011/09/14 23:06:43 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Local\Apple Computer
[2011/09/14 06:01:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\1037
[2011/09/13 12:30:11 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wedding Dash
[2011/09/07 07:57:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\1032
[2011/09/07 06:37:26 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\Documents\Green Gamer
[2011/09/04 05:40:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/04 04:20:03 | 000,218,624 | ---- | C] (Intel Corporation ) -- C:\Windows\System32\itnetw32.dll
[2011/09/04 04:13:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2011/09/03 23:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\casualArts
[2011/09/03 23:50:42 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\casualArts
[2011/09/02 12:57:39 | 000,000,000 | ---D | C] -- C:\Windows\Time Mysteries - Inheritance [UPDATED]
[2011/09/01 08:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Fenomen Games
[2011/08/29 10:01:24 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SUPERAntiSpyware.com
[2011/08/29 10:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/08/29 10:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/08/27 23:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/27 22:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/27 22:52:25 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/08/27 22:52:25 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/08/27 22:52:25 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/08/27 22:49:23 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
[2011/08/27 22:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/08/27 22:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/08/27 22:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/27 22:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/08/27 07:45:59 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Malwarebytes
[2011/08/27 07:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/27 05:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/08/27 05:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HitPoint Studios
[2011/08/26 14:01:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/26 13:54:56 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Remote
[2011/08/26 11:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/26 06:54:59 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\FrostWire
[2011/08/26 06:54:40 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\.frostwire5
[2011/08/25 08:38:32 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Casual Box

========== Files - Modified Within 30 Days ==========

[2011/09/23 08:13:53 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/23 08:13:53 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/23 08:09:25 | 000,007,680 | ---- | M] () -- C:\Windows\System\svchost.exe
[2011/09/23 08:06:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/23 08:06:00 | 2767,052,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/21 07:31:40 | 000,628,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/21 07:31:40 | 000,108,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/21 06:01:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/09/20 07:22:13 | 000,000,845 | ---- | M] () -- C:\Users\Public\Desktop\Wedding Dash - Ready Aim Love.lnk
[2011/09/17 09:47:00 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/13 06:40:48 | 000,013,312 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/04 05:46:19 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/09/04 05:31:29 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Dominick J. Fontana\Desktop\OTL.exe
[2011/09/04 04:20:03 | 000,218,624 | ---- | M] (Intel Corporation ) -- C:\Windows\System32\itnetw32.dll
[2011/08/28 23:45:21 | 003,932,160 | -HS- | M] () -- C:\Users\Dominick J. Fontana\ntuser.bak
[2011/08/27 22:51:03 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2011/08/27 22:51:03 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/08/27 22:51:03 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/08/27 22:51:03 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/08/27 22:49:23 | 000,000,911 | ---- | M] () -- C:\Users\Dominick J. Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.1.4.lnk
[2011/08/27 22:46:47 | 000,001,109 | -H-- | M] () -- C:\IPH.PH
[2011/08/27 22:45:26 | 000,001,890 | ---- | M] () -- C:\Users\Dominick J. Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk

========== Files Created - No Company Name ==========

[2011/09/23 08:09:25 | 000,007,680 | ---- | C] () -- C:\Windows\System\svchost.exe
[2011/09/20 07:22:13 | 000,000,845 | ---- | C] () -- C:\Users\Public\Desktop\Wedding Dash - Ready Aim Love.lnk
[2011/09/07 07:57:47 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/08/27 22:49:23 | 000,000,911 | ---- | C] () -- C:\Users\Dominick J. Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.1.4.lnk
[2011/08/27 22:43:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/27 22:36:07 | 000,000,765 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2011/08/20 10:06:49 | 000,017,408 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\WebpageIcons.db
[2011/08/08 08:13:17 | 000,001,152 | ---- | C] () -- C:\Windows\System32\windrv.sys
[2011/08/07 07:32:43 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/08/07 07:32:43 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/08/07 07:24:41 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2011/07/29 09:52:57 | 000,013,312 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/29 07:56:46 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/07/29 07:24:11 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/29 07:22:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/07/28 09:42:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/28 09:38:21 | 001,907,712 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/07/28 09:38:21 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/07/28 09:38:21 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/07/28 09:38:21 | 000,009,728 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/07/28 09:38:21 | 000,003,072 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/07/27 13:13:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/27 12:11:43 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/07/27 12:10:15 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2011/07/27 11:31:50 | 000,001,044 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,356,504 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,628,944 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,108,160 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:11 | 000,040,960 | ---- | C] () -- C:\Windows\System32\HOSTNAMEE.EXE
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/08/06 06:38:08 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\2monkeys
[2011/07/28 12:28:01 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2011/07/28 11:57:44 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\acccore
[2011/07/28 12:28:01 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Alawar
[2011/08/03 06:13:13 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Alawar Entertainment
[2011/08/20 10:58:56 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Alawar Stargaze
[2011/07/27 13:34:31 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AnvSoft
[2011/09/07 07:59:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Artifex Mundi
[2011/07/28 12:28:30 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Artogon
[2011/07/27 14:53:34 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AVG10
[2011/07/28 12:28:29 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Awem
[2011/07/28 12:29:49 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Az-Art
[2011/07/28 12:29:53 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Big Fish Games
[2011/09/21 03:14:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\BitTorrent
[2011/08/01 13:29:17 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Blue Tea Games
[2011/07/28 12:29:53 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Boolat Games
[2011/08/27 12:32:59 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Boomzap
[2011/07/31 11:57:41 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\BrablGames
[2011/07/28 12:30:34 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Camel101
[2011/08/25 08:38:32 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Casual Box
[2011/09/03 23:50:43 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\casualArts
[2011/07/28 12:30:34 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\CattaleGames
[2011/07/28 12:30:34 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\CursedOnboard
[2011/07/28 10:53:13 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DAEMON Tools Pro
[2011/07/28 12:31:12 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DailyMagic
[2011/07/28 12:31:12 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DarkParablesBriarRose_BFG
[2011/08/06 06:15:24 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Die Saeule der Maya
[2011/07/28 12:31:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DivoGames
[2011/07/28 12:32:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dragon Altar Games
[2011/07/28 12:32:39 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DragonsEye Studios
[2011/08/03 05:21:36 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DriverCure
[2011/07/28 12:32:39 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dying for Daylight
[2011/07/28 12:32:39 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dying for Daylight Shared
[2011/07/28 12:32:13 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\EleFun Games
[2011/08/10 06:54:47 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Elephant Games
[2011/07/28 12:32:15 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Enki Games
[2011/07/28 12:32:15 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Enlightenus2_BFG
[2011/07/28 12:32:37 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ERS G-Studio
[2011/09/11 11:56:44 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ERS Game Studios
[2011/07/28 12:32:37 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\fallenShadowsStrategyGuide
[2011/07/28 12:32:37 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Flood Light Games
[2011/08/15 13:49:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Floodlight Games
[2011/07/28 12:32:37 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FloodLightGames
[2011/07/28 12:32:37 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FlyWheelGames
[2011/07/28 12:32:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ForgottenRiddles
[2011/07/28 12:33:27 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Fugazo
[2011/07/28 12:33:28 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\funkitron
[2011/07/28 12:33:28 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Funswitch
[2011/07/28 12:33:27 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Fuzzy Bug Interactive
[2011/07/28 12:34:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GameInvest
[2011/09/11 09:40:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GameMill Entertainment
[2011/07/28 12:34:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gamers Digital
[2011/07/28 12:34:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Games
[2011/07/28 12:34:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GarageGames
[2011/07/28 12:34:40 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gestalt Games
[2011/08/08 08:12:32 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GetRightToGo
[2011/07/28 12:34:41 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ghost Ship Studios
[2011/07/28 12:34:41 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gogii
[2011/07/28 12:34:41 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Happy Muffin Top
[2011/09/03 23:31:10 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\HdO Adventure
[2011/08/27 05:36:18 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\HitPoint Studios
[2011/07/28 12:34:58 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\IntrigueIncRavensFlightStrategyGuide
[2011/08/26 13:50:57 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\IObit
[2011/07/28 12:35:32 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Islands
[2011/07/28 12:35:32 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\iWin
[2011/07/30 23:51:30 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Jetdogs Studios
[2011/07/28 12:37:16 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\JoyBits
[2011/07/28 12:37:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Lazy Turtle Games
[2011/08/05 06:53:53 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Leadertech
[2011/07/28 12:37:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\LegacyInteractive
[2011/07/28 12:37:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\LestaStudio
[2011/07/28 12:37:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Lionhead Studios
[2011/07/28 12:37:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\LittleGamesCompany
[2011/08/06 09:13:56 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MagicIndie
[2011/07/28 12:38:31 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\margrave3_full
[2011/07/28 12:38:31 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Maximize Games
[2011/07/28 12:39:02 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Millennium Secrets - Roxannes Necklace Strategy Guide
[2011/07/28 12:39:30 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Monkey Barrel Games
[2011/07/28 12:39:30 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MumboJumbo
[2011/07/28 12:40:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\My Games
[2011/07/28 12:40:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mystery of Mortlake Mansion
[2011/07/28 12:40:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Namco
[2011/07/28 11:46:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PandoraRecovery
[2011/08/03 05:21:36 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ParetoLogic
[2011/07/28 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Phantasmat_bf_ce1
[2011/09/20 07:22:33 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PlayFirst
[2011/07/28 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PlayPond
[2011/07/28 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Princess Isabella
[2011/08/18 11:28:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ReelDealSlotQuest_Alice
[2011/08/18 12:08:02 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ReelDealSlotQuest_TheMuseumEscape
[2011/08/27 11:34:41 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Remote
[2011/07/28 12:42:27 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SerpentOfIsis
[2011/07/28 12:42:45 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Silverback Productions
[2011/07/28 12:42:45 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Skunk Studios
[2011/09/21 03:23:48 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SMIGames
[2011/08/22 23:38:48 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Specialbit
[2011/07/28 12:43:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SpinTop Games
[2011/07/28 12:44:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SulusGames
[2011/07/28 12:44:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ten Heavens
[2011/07/28 12:44:14 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI2.THE GATES OF FATE
[2011/07/28 12:44:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI3
[2011/07/28 12:44:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Top Evidence
[2011/08/17 12:36:50 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Total Eclipse
[2011/07/28 12:44:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TrickySoftware
[2011/07/28 10:24:00 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TuneUp Software
[2011/08/21 23:28:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Twilight Games
[2011/07/28 12:45:48 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ValuSoft
[2011/07/28 12:45:48 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\VampireSagaHL
[2011/09/16 11:03:59 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Vast Studios
[2011/07/28 12:45:48 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\VendelGAMES
[2011/08/06 07:11:50 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Vogat Interactive
[2011/07/28 12:45:48 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\WhiteBirdsProductions
[2011/09/21 06:01:01 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/09/23 07:16:20 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/04/25 07:59:16 | 000,132,597 | ---- | M] () -- C:\Flash_Disinfector (1).exe
[2009/04/25 07:59:16 | 000,132,597 | ---- | M] () -- C:\Flash_Disinfector.exe


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\win7windows\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\win7windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2011/09/14 16:15:28 | 000,007,680 | ---- | M] () MD5=50C48BBAC68F1A1AAEC93FC11F218403 -- C:\System Volume Information\SystemRestore\FRStaging\Windows\system\svchost.exe
[2011/09/23 08:09:25 | 000,007,680 | ---- | M] () MD5=50C48BBAC68F1A1AAEC93FC11F218403 -- C:\Windows\system\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\win7windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\win7windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\win7windows\System32\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\win7windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\win7windows\System32\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\win7windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Programs\Firefox\uninstall\helper.exe" /HideShortcuts [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Programs\Firefox\uninstall\helper.exe" /ShowShortcuts [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Programs\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Programs\Firefox\firefox.exe [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Programs\Firefox\firefox.exe" -preferences [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Programs\Firefox\firefox.exe" -safe-mode [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Programs\Firefox\uninstall\helper.exe" /HideShortcuts [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Programs\Firefox\uninstall\helper.exe" /ShowShortcuts [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Programs\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Programs\Firefox\firefox.exe [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Programs\Firefox\firefox.exe" -preferences [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Programs\Firefox\firefox.exe" -safe-mode [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:DE875C30
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:EE198B1F
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:87A3A233
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:9195103F
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:8075370B
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:6EE8565A
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:E0888117
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AE8FDB48
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2C86E2AD
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E5496666
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:012BC84F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DBC3D477
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:16F4BC64
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ED0B32CA
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4C3D5A8B
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D999FFD5
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F89F2593
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:E6708F08
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:48D3CC24
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:774C075A
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:13FB6DB8

< End of report >


3) OTL Extras log follows:

OTL Extras logfile created on: 9/23/2011 8:11:35 AM - Run 3
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Dominick J. Fontana\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.44 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 69.72% Memory free
13.74 Gb Paging File | 12.63 Gb Available in Paging File | 91.92% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 45.20 Gb Total Space | 12.09 Gb Free Space | 26.75% Space Free | Partition Type: NTFS
Drive D: | 243.87 Gb Total Space | 32.78 Gb Free Space | 13.44% Space Free | Partition Type: NTFS
Drive E: | 176.69 Gb Total Space | 53.56 Gb Free Space | 30.31% Space Free | Partition Type: NTFS

Computer Name: FONTANA | User Name: Dominick J. Fontana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Programs\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programs\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1a61e85f-83db-4986-b42f-4b4eb1942643}" = Nero 9
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 27
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C5F82A1-F792-48F9-99BE-8AFE123A23D5}" = DISC TITLE PRINTER
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB445D0-CD91-47CC-B1A9-A654B4B261E4}" = AMD CPUInfo
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DCD3471D-4DDA-4DC2-8B9F-A662D0C362AC}" = Linksys Wireless-N USB Network Adapter Driver - WUSB300N
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"AIM_7" = AIM 7
"Any Audio Converter_is1" = Any Audio Converter 3.1.7
"Any Video Converter_is1" = Any Video Converter 3.1.8
"Audacity_is1" = Audacity 1.2.6
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"DAEMON Tools Pro" = DAEMON Tools Pro
"Disk Heal" = Disk Heal
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 3.5 Home Edition
"ERUNT_is1" = ERUNT 1.1j
"FileHippo.com" = FileHippo.com Update Checker
"FrostWire 5" = FrostWire 5.1.4
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"NST" = Norton Safe Web Lite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PowerISO" = PowerISO
"Recuva" = Recuva
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"sp6" = Logitech SetPoint 6.30
"StartNow Toolbar" = StartNow Toolbar
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Wedding Dash - Ready Aim Love1.0.94" = Wedding Dash - Ready Aim Love
"WinRAR archiver" = WinRAR archiver
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4097588345-1287629508-3253405396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/18/2011 7:58:08 AM | Computer Name = Fontana | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 9/18/2011 11:54:30 PM | Computer Name = Fontana | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x80072745) failure (see data for failure code).

Error - 9/20/2011 7:30:00 AM | Computer Name = Fontana | Source = Application Error | ID = 1000
Description = Faulting application name: wedding-dash-ready-aim-love.exe, version:
1.0.0.94, time stamp: 0x4a1719e7 Faulting module name: unknown, version: 0.0.0.0,
time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0xffff02ab Faulting
process id: 0xe9c Faulting application start time: 0x01cc778797bc4490 Faulting application
path: D:\Games\Wedding Dash 3\wedding-dash-ready-aim-love.exe Faulting module path:
unknown Report Id: df9918f0-e37b-11e0-9546-001e4f484350

Error - 9/20/2011 7:50:10 AM | Computer Name = Fontana | Source = Application Error | ID = 1000
Description = Faulting application name: wedding-dash-ready-aim-love.exe, version:
1.0.0.94, time stamp: 0x4a1719e7 Faulting module name: unknown, version: 0.0.0.0,
time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0xffff04dd Faulting
process id: 0xd54 Faulting application start time: 0x01cc778b48560c20 Faulting application
path: D:\Games\Wedding Dash 3\wedding-dash-ready-aim-love.exe Faulting module path:
unknown Report Id: b0d1f890-e37e-11e0-9546-001e4f484350

Error - 9/20/2011 7:50:25 AM | Computer Name = Fontana | Source = Application Error | ID = 1000
Description = Faulting application name: wedding-dash-ready-aim-love.exe, version:
1.0.0.94, time stamp: 0x4a1719e7 Faulting module name: unknown, version: 0.0.0.0,
time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0xffff0453 Faulting
process id: 0x13a4 Faulting application start time: 0x01cc778b78f16ff0 Faulting application
path: D:\Games\Wedding Dash 3\wedding-dash-ready-aim-love.exe Faulting module path:
unknown Report Id: ba1b4a50-e37e-11e0-9546-001e4f484350

Error - 9/20/2011 10:19:42 AM | Computer Name = Fontana | Source = Application Error | ID = 1000
Description = Faulting application name: wedding-dash-ready-aim-love.exe, version:
1.0.0.94, time stamp: 0x4a1719e7 Faulting module name: unknown, version: 0.0.0.0,
time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0xffff0385 Faulting
process id: 0x10a4 Faulting application start time: 0x01cc778b825db300 Faulting application
path: D:\Games\Wedding Dash 3\wedding-dash-ready-aim-love.exe Faulting module path:
unknown Report Id: 9485f6e0-e393-11e0-9546-001e4f484350

Error - 9/20/2011 10:34:49 AM | Computer Name = Fontana | Source = VSS | ID = 8194
Description =

Error - 9/21/2011 12:58:20 AM | Computer Name = Fontana | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 9/22/2011 5:28:31 AM | Computer Name = Fontana | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 9/22/2011 1:01:24 PM | Computer Name = Fontana | Source = Application Error | ID = 1000
Description = Faulting application name: wedding-dash-ready-aim-love.exe, version:
1.0.0.94, time stamp: 0x4a1719e7 Faulting module name: unknown, version: 0.0.0.0,
time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0xffff01e9 Faulting
process id: 0x1794 Faulting application start time: 0x01cc79459adf3f00 Faulting application
path: D:\Games\Wedding Dash 3\wedding-dash-ready-aim-love.exe Faulting module path:
unknown Report Id: 8037b5c0-e53c-11e0-a84c-001e4f484350

[ System Events ]
Error - 9/10/2011 7:53:30 AM | Computer Name = Fontana | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 9/10/2011 7:53:33 AM | Computer Name = Fontana | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 9/10/2011 7:53:41 AM | Computer Name = Fontana | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 9/10/2011 7:53:44 AM | Computer Name = Fontana | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 9/10/2011 7:53:48 AM | Computer Name = Fontana | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 9/10/2011 7:53:51 AM | Computer Name = Fontana | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 9/10/2011 7:54:00 AM | Computer Name = Fontana | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 9/10/2011 7:54:03 AM | Computer Name = Fontana | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 9/10/2011 3:57:21 PM | Computer Name = Fontana | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 9/10/2011 3:57:27 PM | Computer Name = Fontana | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Null


< End of report >

[Render]

Yes, Essexboy is our wunderkind.

Please do the following now:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

[Dom Fontana]

Hi, Render.

I did the scan and was surprised that it didn't find anything. Here's the Report.

10:14:24.0923 3724 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
10:14:25.0186 3724 ============================================================
10:14:25.0186 3724 Current date / time: 2011/09/23 10:14:25.0186
10:14:25.0186 3724 SystemInfo:
10:14:25.0186 3724
10:14:25.0186 3724 OS Version: 6.1.7601 ServicePack: 1.0
10:14:25.0186 3724 Product type: Workstation
10:14:25.0186 3724 ComputerName: FONTANA
10:14:25.0186 3724 UserName: Dominick J. Fontana
10:14:25.0186 3724 Windows directory: C:\Windows
10:14:25.0186 3724 System windows directory: C:\Windows
10:14:25.0186 3724 Processor architecture: Intel x86
10:14:25.0186 3724 Number of processors: 2
10:14:25.0186 3724 Page size: 0x1000
10:14:25.0186 3724 Boot type: Normal boot
10:14:25.0186 3724 ============================================================
10:14:26.0708 3724 Initialize success
10:14:44.0723 1952 ============================================================
10:14:44.0723 1952 Scan started
10:14:44.0723 1952 Mode: Manual;
10:14:44.0723 1952 ============================================================
10:14:45.0021 1952 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:14:45.0028 1952 1394ohci - ok
10:14:45.0057 1952 86609300 - ok
10:14:45.0064 1952 967f5800 - ok
10:14:45.0119 1952 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:14:45.0121 1952 ACPI - ok
10:14:45.0146 1952 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:14:45.0148 1952 AcpiPmi - ok
10:14:45.0184 1952 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:14:45.0191 1952 adp94xx - ok
10:14:45.0209 1952 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:14:45.0213 1952 adpahci - ok
10:14:45.0229 1952 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:14:45.0233 1952 adpu320 - ok
10:14:45.0290 1952 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:14:45.0293 1952 AFD - ok
10:14:45.0318 1952 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:14:45.0319 1952 agp440 - ok
10:14:45.0349 1952 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:14:45.0362 1952 aic78xx - ok
10:14:45.0394 1952 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:14:45.0396 1952 aliide - ok
10:14:45.0430 1952 amacpi (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\DRIVERS\null.sys
10:14:45.0430 1952 amacpi - ok
10:14:45.0459 1952 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:14:45.0460 1952 amdagp - ok
10:14:45.0483 1952 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:14:45.0484 1952 amdide - ok
10:14:45.0508 1952 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:14:45.0509 1952 AmdK8 - ok
10:14:45.0537 1952 AmdLLD (10224efdadfab5abd2d9177bf14428d2) C:\Windows\system32\DRIVERS\AmdLLD.sys
10:14:45.0538 1952 AmdLLD - ok
10:14:45.0553 1952 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:14:45.0554 1952 AmdPPM - ok
10:14:45.0582 1952 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:14:45.0589 1952 amdsata - ok
10:14:45.0600 1952 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:14:45.0603 1952 amdsbs - ok
10:14:45.0626 1952 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:14:45.0628 1952 amdxata - ok
10:14:45.0654 1952 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:14:45.0655 1952 AppID - ok
10:14:45.0674 1952 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:14:45.0678 1952 arc - ok
10:14:45.0698 1952 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:14:45.0699 1952 arcsas - ok
10:14:45.0712 1952 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:14:45.0714 1952 AsyncMac - ok
10:14:45.0737 1952 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:14:45.0738 1952 atapi - ok
10:14:45.0780 1952 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:14:45.0785 1952 b06bdrv - ok
10:14:45.0796 1952 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:14:45.0800 1952 b57nd60x - ok
10:14:45.0820 1952 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:14:45.0821 1952 Beep - ok
10:14:45.0842 1952 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:14:45.0843 1952 blbdrive - ok
10:14:45.0866 1952 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:14:45.0868 1952 bowser - ok
10:14:45.0877 1952 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:14:45.0878 1952 BrFiltLo - ok
10:14:45.0896 1952 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:14:45.0897 1952 BrFiltUp - ok
10:14:45.0922 1952 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:14:45.0925 1952 Brserid - ok
10:14:45.0935 1952 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:14:45.0938 1952 BrSerWdm - ok
10:14:45.0947 1952 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:14:45.0948 1952 BrUsbMdm - ok
10:14:45.0959 1952 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:14:45.0961 1952 BrUsbSer - ok
10:14:45.0974 1952 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:14:45.0975 1952 BTHMODEM - ok
10:14:45.0992 1952 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:14:45.0996 1952 cdfs - ok
10:14:46.0018 1952 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
10:14:46.0021 1952 cdrom - ok
10:14:46.0032 1952 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:14:46.0034 1952 circlass - ok
10:14:46.0066 1952 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:14:46.0068 1952 CLFS - ok
10:14:46.0091 1952 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:14:46.0092 1952 CmBatt - ok
10:14:46.0109 1952 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:14:46.0110 1952 cmdide - ok
10:14:46.0138 1952 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
10:14:46.0143 1952 CNG - ok
10:14:46.0153 1952 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:14:46.0154 1952 Compbatt - ok
10:14:46.0185 1952 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
10:14:46.0186 1952 CompositeBus - ok
10:14:46.0198 1952 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:14:46.0199 1952 crcdisk - ok
10:14:46.0240 1952 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
10:14:46.0246 1952 CSC - ok
10:14:46.0276 1952 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:14:46.0278 1952 DfsC - ok
10:14:46.0286 1952 DgiVecp - ok
10:14:46.0319 1952 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:14:46.0320 1952 discache - ok
10:14:46.0339 1952 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:14:46.0340 1952 Disk - ok
10:14:46.0380 1952 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:14:46.0385 1952 drmkaud - ok
10:14:46.0410 1952 dtsoftbus01 (87b0f28c43b50bbb917f4400fa63cd31) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:14:46.0412 1952 dtsoftbus01 - ok
10:14:46.0459 1952 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:14:46.0470 1952 DXGKrnl - ok
10:14:46.0639 1952 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:14:46.0731 1952 ebdrv - ok
10:14:46.0775 1952 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:14:46.0782 1952 elxstor - ok
10:14:46.0806 1952 epmntdrv (6eceb0ce18d352af410dd50ee13eaa9a) C:\Windows\system32\epmntdrv.sys
10:14:46.0808 1952 epmntdrv - ok
10:14:46.0835 1952 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:14:46.0836 1952 ErrDev - ok
10:14:46.0864 1952 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) C:\Windows\system32\EuGdiDrv.sys
10:14:46.0865 1952 EuGdiDrv - ok
10:14:46.0882 1952 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:14:46.0886 1952 exfat - ok
10:14:46.0896 1952 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:14:46.0899 1952 fastfat - ok
10:14:46.0912 1952 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:14:46.0914 1952 fdc - ok
10:14:46.0942 1952 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:14:46.0942 1952 FileInfo - ok
10:14:46.0962 1952 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:14:46.0963 1952 Filetrace - ok
10:14:46.0973 1952 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:14:46.0974 1952 flpydisk - ok
10:14:46.0992 1952 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:14:46.0995 1952 FltMgr - ok
10:14:47.0021 1952 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:14:47.0022 1952 FsDepends - ok
10:14:47.0040 1952 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
10:14:47.0041 1952 Fs_Rec - ok
10:14:47.0070 1952 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:14:47.0071 1952 fvevol - ok
10:14:47.0083 1952 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:14:47.0085 1952 gagp30kx - ok
10:14:47.0101 1952 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:14:47.0103 1952 hcw85cir - ok
10:14:47.0139 1952 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
10:14:47.0143 1952 HdAudAddService - ok
10:14:47.0158 1952 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
10:14:47.0160 1952 HDAudBus - ok
10:14:47.0169 1952 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:14:47.0172 1952 HidBatt - ok
10:14:47.0184 1952 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:14:47.0186 1952 HidBth - ok
10:14:47.0195 1952 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:14:47.0197 1952 HidIr - ok
10:14:47.0219 1952 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
10:14:47.0220 1952 HidUsb - ok
10:14:47.0248 1952 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:14:47.0250 1952 HpSAMD - ok
10:14:47.0286 1952 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:14:47.0290 1952 HTTP - ok
10:14:47.0316 1952 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:14:47.0317 1952 hwpolicy - ok
10:14:47.0350 1952 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:14:47.0351 1952 i8042prt - ok
10:14:47.0383 1952 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:14:47.0388 1952 iaStorV - ok
10:14:47.0402 1952 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:14:47.0404 1952 iirsp - ok
10:14:47.0478 1952 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
10:14:47.0490 1952 IntcAzAudAddService - ok
10:14:47.0513 1952 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:14:47.0514 1952 intelide - ok
10:14:47.0525 1952 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:14:47.0528 1952 intelppm - ok
10:14:47.0549 1952 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:14:47.0552 1952 IpFilterDriver - ok
10:14:47.0571 1952 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:14:47.0573 1952 IPMIDRV - ok
10:14:47.0592 1952 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:14:47.0594 1952 IPNAT - ok
10:14:47.0612 1952 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:14:47.0613 1952 IRENUM - ok
10:14:47.0639 1952 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:14:47.0640 1952 isapnp - ok
10:14:47.0664 1952 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:14:47.0667 1952 iScsiPrt - ok
10:14:47.0711 1952 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:14:47.0712 1952 kbdclass - ok
10:14:47.0726 1952 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
10:14:47.0727 1952 kbdhid - ok
10:14:47.0758 1952 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
10:14:47.0760 1952 KSecDD - ok
10:14:47.0780 1952 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
10:14:47.0782 1952 KSecPkg - ok
10:14:47.0823 1952 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:14:47.0823 1952 LHidFilt - ok
10:14:47.0842 1952 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:14:47.0844 1952 lltdio - ok
10:14:47.0863 1952 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:14:47.0863 1952 LMouFilt - ok
10:14:47.0878 1952 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:14:47.0880 1952 LSI_FC - ok
10:14:47.0890 1952 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:14:47.0892 1952 LSI_SAS - ok
10:14:47.0902 1952 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:14:47.0904 1952 LSI_SAS2 - ok
10:14:47.0915 1952 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:14:47.0917 1952 LSI_SCSI - ok
10:14:47.0934 1952 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:14:47.0936 1952 luafv - ok
10:14:47.0968 1952 LUsbFilt (95dab70d56bbac7ddb7e6d0017d71369) C:\Windows\system32\Drivers\LUsbFilt.Sys
10:14:47.0969 1952 LUsbFilt - ok
10:14:48.0020 1952 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\Windows\system32\drivers\mbamswissarmy.sys
10:14:48.0021 1952 MBAMSwissArmy - ok
10:14:48.0037 1952 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:14:48.0038 1952 megasas - ok
10:14:48.0065 1952 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:14:48.0068 1952 MegaSR - ok
10:14:48.0090 1952 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:14:48.0091 1952 Modem - ok
10:14:48.0104 1952 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:14:48.0105 1952 monitor - ok
10:14:48.0140 1952 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
10:14:48.0141 1952 mouclass - ok
10:14:48.0154 1952 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:14:48.0155 1952 mouhid - ok
10:14:48.0170 1952 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:14:48.0171 1952 mountmgr - ok
10:14:48.0188 1952 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
10:14:48.0190 1952 MpFilter - ok
10:14:48.0219 1952 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:14:48.0221 1952 mpio - ok
10:14:48.0315 1952 MpKsl20750f32 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD143D54-4B07-40DA-BC47-26EFCE4A11C3}\MpKsl20750f32.sys
10:14:48.0316 1952 MpKsl20750f32 - ok
10:14:48.0329 1952 MpKsl23cd48fb - ok
10:14:48.0347 1952 MpKsl517f41c0 - ok
10:14:48.0390 1952 MpKsl5e4611be - ok
10:14:48.0397 1952 MpKsl83591d93 - ok
10:14:48.0413 1952 MpKsla4b22a4c - ok
10:14:48.0421 1952 MpKslce25963e - ok
10:14:48.0427 1952 MpKsldd8a1e0f - ok
10:14:48.0435 1952 MpKslf01c5627 - ok
10:14:48.0443 1952 MpKslf3843a20 - ok
10:14:48.0459 1952 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
10:14:48.0460 1952 MpNWMon - ok
10:14:48.0492 1952 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:14:48.0493 1952 mpsdrv - ok
10:14:48.0523 1952 MRV6X32U (88cb1d492608b44faefd1f349353c7ad) C:\Windows\system32\DRIVERS\MRVW24B.sys
10:14:48.0526 1952 MRV6X32U - ok
10:14:48.0555 1952 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:14:48.0557 1952 MRxDAV - ok
10:14:48.0588 1952 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:14:48.0590 1952 mrxsmb - ok
10:14:48.0622 1952 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:14:48.0626 1952 mrxsmb10 - ok
10:14:48.0642 1952 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:14:48.0644 1952 mrxsmb20 - ok
10:14:48.0669 1952 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:14:48.0671 1952 msahci - ok
10:14:48.0698 1952 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:14:48.0701 1952 msdsm - ok
10:14:48.0729 1952 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:14:48.0731 1952 Msfs - ok
10:14:48.0750 1952 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:14:48.0751 1952 mshidkmdf - ok
10:14:48.0772 1952 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:14:48.0773 1952 msisadrv - ok
10:14:48.0794 1952 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:14:48.0796 1952 MSKSSRV - ok
10:14:48.0808 1952 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:14:48.0810 1952 MSPCLOCK - ok
10:14:48.0821 1952 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:14:48.0823 1952 MSPQM - ok
10:14:48.0843 1952 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:14:48.0845 1952 MsRPC - ok
10:14:48.0862 1952 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
10:14:48.0862 1952 mssmbios - ok
10:14:48.0872 1952 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:14:48.0873 1952 MSTEE - ok
10:14:48.0886 1952 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:14:48.0887 1952 MTConfig - ok
10:14:48.0903 1952 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:14:48.0904 1952 Mup - ok
10:14:48.0927 1952 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:14:48.0931 1952 NativeWifiP - ok
10:14:48.0975 1952 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:14:48.0979 1952 NDIS - ok
10:14:48.0991 1952 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:14:48.0992 1952 NdisCap - ok
10:14:49.0010 1952 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:14:49.0011 1952 NdisTapi - ok
10:14:49.0036 1952 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:14:49.0037 1952 Ndisuio - ok
10:14:49.0064 1952 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:14:49.0066 1952 NdisWan - ok
10:14:49.0101 1952 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:14:49.0103 1952 NDProxy - ok
10:14:49.0118 1952 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:14:49.0120 1952 NetBIOS - ok
10:14:49.0153 1952 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:14:49.0155 1952 NetBT - ok
10:14:49.0182 1952 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:14:49.0186 1952 nfrd960 - ok
10:14:49.0220 1952 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:14:49.0221 1952 NisDrv - ok
10:14:49.0249 1952 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:14:49.0251 1952 Npfs - ok
10:14:49.0268 1952 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:14:49.0269 1952 nsiproxy - ok
10:14:49.0329 1952 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:14:49.0363 1952 Ntfs - ok
10:14:49.0388 1952 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:14:49.0390 1952 Null - ok
10:14:49.0432 1952 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
10:14:49.0440 1952 NVENETFD - ok
10:14:49.0706 1952 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:14:49.0780 1952 nvlddmkm - ok
10:14:49.0823 1952 NVNET (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys
10:14:49.0825 1952 NVNET - ok
10:14:49.0847 1952 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:14:49.0850 1952 nvraid - ok
10:14:49.0872 1952 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:14:49.0874 1952 nvstor - ok
10:14:49.0907 1952 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:14:49.0909 1952 nv_agp - ok
10:14:49.0938 1952 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:14:49.0940 1952 ohci1394 - ok
10:14:49.0975 1952 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:14:49.0977 1952 Parport - ok
10:14:50.0005 1952 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
10:14:50.0006 1952 partmgr - ok
10:14:50.0032 1952 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:14:50.0034 1952 Parvdm - ok
10:14:50.0076 1952 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:14:50.0078 1952 pci - ok
10:14:50.0117 1952 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:14:50.0117 1952 pciide - ok
10:14:50.0132 1952 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:14:50.0139 1952 pcmcia - ok
10:14:50.0159 1952 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:14:50.0160 1952 pcw - ok
10:14:50.0195 1952 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:14:50.0208 1952 PEAUTH - ok
10:14:50.0277 1952 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:14:50.0280 1952 PptpMiniport - ok
10:14:50.0292 1952 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:14:50.0296 1952 Processor - ok
10:14:50.0326 1952 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:14:50.0328 1952 Psched - ok
10:14:50.0439 1952 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:14:50.0498 1952 ql2300 - ok
10:14:50.0509 1952 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:14:50.0513 1952 ql40xx - ok
10:14:50.0552 1952 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:14:50.0553 1952 QWAVEdrv - ok
10:14:50.0569 1952 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:14:50.0578 1952 RasAcd - ok
10:14:50.0604 1952 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:14:50.0606 1952 RasAgileVpn - ok
10:14:50.0627 1952 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:14:50.0630 1952 Rasl2tp - ok
10:14:50.0664 1952 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:14:50.0665 1952 RasPppoe - ok
10:14:50.0682 1952 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:14:50.0685 1952 RasSstp - ok
10:14:50.0714 1952 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:14:50.0718 1952 rdbss - ok
10:14:50.0736 1952 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:14:50.0738 1952 rdpbus - ok
10:14:50.0765 1952 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:14:50.0767 1952 RDPCDD - ok
10:14:50.0801 1952 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
10:14:50.0804 1952 RDPDR - ok
10:14:50.0823 1952 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:14:50.0824 1952 RDPENCDD - ok
10:14:50.0844 1952 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:14:50.0845 1952 RDPREFMP - ok
10:14:50.0874 1952 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
10:14:50.0875 1952 RdpVideoMiniport - ok
10:14:50.0904 1952 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
10:14:50.0908 1952 RDPWD - ok
10:14:50.0935 1952 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:14:50.0938 1952 rdyboost - ok
10:14:50.0987 1952 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:14:50.0989 1952 rspndr - ok
10:14:51.0016 1952 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
10:14:51.0017 1952 s3cap - ok
10:14:51.0093 1952 SASDIFSV (39763504067962108505bff25f024345) D:\Programs\SuperAntiSpyware\SASDIFSV.SYS
10:14:51.0199 1952 SASDIFSV - ok
10:14:51.0226 1952 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) D:\Programs\SuperAntiSpyware\SASKUTIL.SYS
10:14:51.0248 1952 SASKUTIL - ok
10:14:51.0280 1952 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:14:51.0283 1952 sbp2port - ok
10:14:51.0319 1952 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\Windows\system32\drivers\SCDEmu.sys
10:14:51.0379 1952 SCDEmu - ok
10:14:51.0415 1952 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:14:51.0416 1952 scfilter - ok
10:14:51.0447 1952 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:14:51.0449 1952 secdrv - ok
10:14:51.0480 1952 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:14:51.0482 1952 Serenum - ok
10:14:51.0495 1952 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:14:51.0497 1952 Serial - ok
10:14:51.0521 1952 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:14:51.0522 1952 sermouse - ok
10:14:51.0572 1952 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:14:51.0573 1952 sffdisk - ok
10:14:51.0586 1952 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:14:51.0588 1952 sffp_mmc - ok
10:14:51.0615 1952 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:14:51.0616 1952 sffp_sd - ok
10:14:51.0626 1952 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:14:51.0627 1952 sfloppy - ok
10:14:51.0652 1952 shlfwoov - ok
10:14:51.0687 1952 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:14:51.0689 1952 sisagp - ok
10:14:51.0700 1952 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:14:51.0702 1952 SiSRaid2 - ok
10:14:51.0716 1952 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:14:51.0718 1952 SiSRaid4 - ok
10:14:51.0729 1952 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:14:51.0732 1952 Smb - ok
10:14:51.0767 1952 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:14:51.0768 1952 spldr - ok
10:14:51.0816 1952 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:14:51.0821 1952 srv - ok
10:14:51.0842 1952 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:14:51.0847 1952 srv2 - ok
10:14:51.0877 1952 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:14:51.0880 1952 srvnet - ok
10:14:51.0918 1952 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
10:14:51.0919 1952 SSPORT - ok
10:14:51.0934 1952 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:14:51.0936 1952 stexstor - ok
10:14:51.0959 1952 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
10:14:51.0960 1952 storflt - ok
10:14:51.0994 1952 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
10:14:51.0995 1952 storvsc - ok
10:14:52.0028 1952 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
10:14:52.0029 1952 swenum - ok
10:14:52.0049 1952 Synth3dVsc - ok
10:14:52.0140 1952 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
10:14:52.0167 1952 Tcpip - ok
10:14:52.0210 1952 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
10:14:52.0219 1952 TCPIP6 - ok
10:14:52.0258 1952 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:14:52.0260 1952 tcpipreg - ok
10:14:52.0287 1952 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:14:52.0289 1952 TDPIPE - ok
10:14:52.0313 1952 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
10:14:52.0314 1952 TDTCP - ok
10:14:52.0353 1952 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:14:52.0355 1952 tdx - ok
10:14:52.0379 1952 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
10:14:52.0382 1952 TermDD - ok
10:14:52.0455 1952 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:14:52.0457 1952 tssecsrv - ok
10:14:52.0486 1952 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:14:52.0488 1952 TsUsbFlt - ok
10:14:52.0497 1952 tsusbhub - ok
10:14:52.0561 1952 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) D:\Programs\TuneUp Utilities 2009\TuneUpUtilitiesDriver32.sys
10:14:52.0603 1952 TuneUpUtilitiesDrv - ok
10:14:52.0629 1952 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:14:52.0631 1952 tunnel - ok
10:14:52.0655 1952 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:14:52.0657 1952 uagp35 - ok
10:14:52.0689 1952 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:14:52.0693 1952 udfs - ok
10:14:52.0734 1952 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:14:52.0735 1952 uliagpkx - ok
10:14:52.0764 1952 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
10:14:52.0766 1952 umbus - ok
10:14:52.0780 1952 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:14:52.0781 1952 UmPass - ok
10:14:52.0828 1952 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
10:14:52.0829 1952 usbccgp - ok
10:14:52.0853 1952 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:14:52.0855 1952 usbcir - ok
10:14:52.0889 1952 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
10:14:52.0890 1952 usbehci - ok
10:14:52.0913 1952 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:14:52.0918 1952 usbhub - ok
10:14:52.0931 1952 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
10:14:52.0932 1952 usbohci - ok
10:14:52.0948 1952 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:14:52.0950 1952 usbprint - ok
10:14:52.0988 1952 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:14:52.0989 1952 USBSTOR - ok
10:14:53.0009 1952 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
10:14:53.0010 1952 usbuhci - ok
10:14:53.0039 1952 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
10:14:53.0040 1952 usb_rndisx - ok
10:14:53.0078 1952 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:14:53.0079 1952 vdrvroot - ok
10:14:53.0100 1952 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:14:53.0105 1952 vga - ok
10:14:53.0121 1952 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:14:53.0122 1952 VgaSave - ok
10:14:53.0132 1952 VGPU - ok
10:14:53.0155 1952 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:14:53.0159 1952 vhdmp - ok
10:14:53.0169 1952 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:14:53.0171 1952 viaagp - ok
10:14:53.0184 1952 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:14:53.0185 1952 ViaC7 - ok
10:14:53.0199 1952 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:14:53.0201 1952 viaide - ok
10:14:53.0225 1952 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
10:14:53.0228 1952 vmbus - ok
10:14:53.0245 1952 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
10:14:53.0246 1952 VMBusHID - ok
10:14:53.0275 1952 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:14:53.0276 1952 volmgr - ok
10:14:53.0299 1952 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:14:53.0301 1952 volmgrx - ok
10:14:53.0325 1952 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:14:53.0328 1952 volsnap - ok
10:14:53.0345 1952 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:14:53.0348 1952 vsmraid - ok
10:14:53.0384 1952 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
10:14:53.0389 1952 VSTHWBS2 - ok
10:14:53.0429 1952 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
10:14:53.0462 1952 VST_DPV - ok
10:14:53.0501 1952 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
10:14:53.0511 1952 vwifibus - ok
10:14:53.0548 1952 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:14:53.0549 1952 WacomPen - ok
10:14:53.0574 1952 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:14:53.0577 1952 WANARP - ok
10:14:53.0583 1952 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:14:53.0584 1952 Wanarpv6 - ok
10:14:53.0634 1952 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:14:53.0636 1952 Wd - ok
10:14:53.0663 1952 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:14:53.0669 1952 Wdf01000 - ok
10:14:53.0712 1952 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:14:53.0713 1952 WfpLwf - ok
10:14:53.0732 1952 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:14:53.0734 1952 WIMMount - ok
10:14:53.0764 1952 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
10:14:53.0780 1952 winachsf - ok
10:14:53.0843 1952 WmBEnum (84a90f13eebf4380345ef9474d30f10e) C:\Windows\system32\drivers\WmBEnum.sys
10:14:53.0844 1952 WmBEnum - ok
10:14:53.0868 1952 WmFilter (eb0034ac02a44dc784a3174d2b81e764) C:\Windows\system32\drivers\WmFilter.sys
10:14:53.0869 1952 WmFilter - ok
10:14:53.0899 1952 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:14:53.0900 1952 WmiAcpi - ok
10:14:53.0924 1952 WmVirHid (72c4f5a748c74d8d4016ccfa7367210f) C:\Windows\system32\drivers\WmVirHid.sys
10:14:53.0926 1952 WmVirHid - ok
10:14:53.0941 1952 WmXlCore (eacdcced934a185e61ce0684f71c2dec) C:\Windows\system32\drivers\WmXlCore.sys
10:14:53.0943 1952 WmXlCore - ok
10:14:53.0971 1952 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:14:53.0972 1952 ws2ifsl - ok
10:14:54.0030 1952 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:14:54.0032 1952 WudfPf - ok
10:14:54.0077 1952 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:14:54.0084 1952 \Device\Harddisk0\DR0 - ok
10:14:54.0090 1952 Boot (0x1200) (1fb00eb92f0066e2953f06693957ed5d) \Device\Harddisk0\DR0\Partition0
10:14:54.0091 1952 \Device\Harddisk0\DR0\Partition0 - ok
10:14:54.0116 1952 Boot (0x1200) (f2ede564467fa26cea84d19ca5e54430) \Device\Harddisk0\DR0\Partition1
10:14:54.0117 1952 \Device\Harddisk0\DR0\Partition1 - ok
10:14:54.0132 1952 Boot (0x1200) (307a80a13422bb3313e54224b31bbf4d) \Device\Harddisk0\DR0\Partition2
10:14:54.0133 1952 \Device\Harddisk0\DR0\Partition2 - ok
10:14:54.0133 1952 ============================================================
10:14:54.0133 1952 Scan finished
10:14:54.0133 1952 ============================================================
10:14:54.0153 4124 Detected object count: 0
10:14:54.0153 4124 Actual detected object count: 0

[Render]

OK. That's good. Please temporary disable your AV - Microsoft Security Essentials and uninstall SuperAntiSpyware. You can install it back later.

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
• Double click on combo-Fix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.

[Dom Fontana]

Okay, Render, I'll do it right now. Thanks for helping me.

[Render]

OK.

[Dom Fontana]

Hi, Render.

The instructions were great and everything worked perfectly. You just had to insert the hyphen in Combo-Fix.

Just a quick note. I don't know if the problem is on my end, but again I couldn't download ComboFix from the link in the message. It just goes to a blank page. So I downloaded it right from the site. I think it was Creeping Computers or something like that.

Here's the log:

ComboFix 11-09-23.03 - Dominick J. Fontana 09/23/2011 10:44:09.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3518.2450 [GMT -4:00]
Running from: c:\users\Dominick J. Fontana\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dominick J. Fontana\AppData\Roaming\Remote
c:\users\Dominick J. Fontana\AppData\Roaming\Remote\cfu
c:\windows\7Loader.TAG
c:\windows\system\svchost.exe
c:\windows\system32\c_8755.nls
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_itlperf
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2011-08-23 to 2011-09-23 )))))))))))))))))))))))))))))))
.
.
2011-09-23 14:49 . 2011-09-23 14:52 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Local\temp
2011-09-23 14:49 . 2011-09-23 14:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-23 12:20 . 2011-09-23 12:20 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD143D54-4B07-40DA-BC47-26EFCE4A11C3}\MpKsl20750f32.sys
2011-09-23 12:20 . 2011-09-23 14:51 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD143D54-4B07-40DA-BC47-26EFCE4A11C3}\offreg.dll
2011-09-23 12:20 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD143D54-4B07-40DA-BC47-26EFCE4A11C3}\mpengine.dll
2011-09-21 10:01 . 2011-09-21 10:01 -------- d-----w- c:\windows\system32\3056
2011-09-20 14:40 . 2011-09-21 07:23 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\SMIGames
2011-09-20 11:22 . 2011-09-20 11:22 -------- d-----w- c:\windows\Wedding Dash - Ready Aim Love
2011-09-17 13:47 . 2011-09-17 13:47 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-16 12:46 . 2011-09-16 12:46 -------- d-----w- c:\windows\Wedding Dash 2 - Rings Around the World
2011-09-15 03:06 . 2011-09-15 03:06 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Local\Apple Computer
2011-09-14 10:01 . 2011-09-21 10:01 -------- d-----w- c:\windows\system32\1037
2011-09-09 03:04 . 2011-08-21 14:56 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-09-09 03:04 . 2011-08-21 14:56 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A6BFBB9-813D-48E7-B879-4FD452F10648}\gapaengine.dll
2011-09-07 11:57 . 2011-09-14 10:01 -------- d-----w- c:\windows\system32\1032
2011-09-04 09:40 . 2011-09-04 09:40 -------- d-----w- C:\_OTL
2011-09-04 08:20 . 2011-09-04 08:20 218624 ----a-w- c:\windows\system32\itnetw32.dll
2011-09-04 08:13 . 2011-09-04 08:18 -------- d-----w- c:\windows\system32\Adobe
2011-09-04 03:50 . 2011-09-04 03:50 -------- d-----w- c:\programdata\casualArts
2011-09-04 03:50 . 2011-09-04 03:50 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\casualArts
2011-09-02 16:57 . 2011-09-02 16:57 -------- d-----w- c:\windows\Time Mysteries - Inheritance [UPDATED]
2011-09-01 12:04 . 2011-09-01 12:04 -------- d-----w- c:\programdata\Fenomen Games
2011-08-28 02:53 . 2011-08-28 02:53 -------- d-----w- c:\program files\Common Files\Java
2011-08-28 02:45 . 2011-08-28 02:45 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-08-28 02:42 . 2011-08-28 02:43 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-27 11:45 . 2011-08-27 11:45 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\Malwarebytes
2011-08-27 11:45 . 2011-08-27 11:45 -------- d-----w- c:\programdata\Malwarebytes
2011-08-27 09:39 . 2011-08-27 11:35 -------- d-----w- c:\programdata\Avira
2011-08-27 09:36 . 2011-08-27 09:36 -------- d-----w- c:\programdata\HitPoint Studios
2011-08-26 18:01 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-26 15:50 . 2011-08-26 17:06 -------- d-----w- c:\programdata\AVAST Software
2011-08-26 10:54 . 2011-08-26 10:56 -------- d-----w- c:\users\Dominick J. Fontana\FrostWire
2011-08-26 10:54 . 2011-08-26 17:55 -------- d-----w- c:\users\Dominick J. Fontana\.frostwire5
2011-08-25 12:38 . 2011-08-25 12:38 -------- d-----w- c:\users\Dominick J. Fontana\AppData\Roaming\Casual Box
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 23:14 . 2011-08-23 03:02 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-28 02:51 . 2011-07-27 18:40 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-13 09:04 . 2011-07-28 11:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 02:44 . 2011-08-20 14:46 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63C79D10-5DD5-4117-8748-03DDAE88A67C}\mpengine.dll
2011-08-08 12:13 . 2011-08-08 12:13 1152 ----a-w- c:\windows\system32\windrv.sys
2011-08-07 11:31 . 2011-08-07 11:31 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-05 10:53 . 2011-08-05 10:53 53248 ----a-r- c:\users\Dominick J. Fontana\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-08-05 10:53 . 2011-08-05 10:53 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-07-29 12:06 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-28 14:39 . 2011-01-28 10:22 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-22 04:54 . 2011-08-11 11:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27 . 2011-08-11 11:56 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-11 11:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 11:56 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 11:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 11:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 11:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:30 . 2011-08-11 11:56 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50476A70-23CE-61D4-4AF9-651A3FB40F04}]
2009-07-14 01:16 65536 ----a-w- c:\windows\System32\PeerrDistSvc.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-28 606208]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"MaxMenuMgr"="d:\programs\Seagate Manager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"PWRISOVM.EXE"="d:\programs\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1313672]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R1 MpKsl23cd48fb;MpKsl23cd48fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72E28A9E-6343-4440-B439-422225D6EA56}\MpKsl23cd48fb.sys [x]
R1 MpKsl517f41c0;MpKsl517f41c0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EC6ED00-9463-4D1F-87AE-AE651E11511A}\MpKsl517f41c0.sys [x]
R1 MpKsl5e4611be;MpKsl5e4611be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CC8828D-A330-4811-9A82-6370EA2F4CE2}\MpKsl5e4611be.sys [x]
R1 MpKsl83591d93;MpKsl83591d93;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3F70CE2-8CE0-48C8-9CC4-D6F46CED286D}\MpKsl83591d93.sys [x]
R1 MpKsla4b22a4c;MpKsla4b22a4c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58FDFEF4-7EB3-409A-803E-B887376A351E}\MpKsla4b22a4c.sys [x]
R1 MpKslce25963e;MpKslce25963e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{868ABC79-1C45-4A1C-B7F2-4D24DDC12343}\MpKslce25963e.sys [x]
R1 MpKsldd8a1e0f;MpKsldd8a1e0f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EDAEF55-24F3-4C5A-9D9C-771A6334EC82}\MpKsldd8a1e0f.sys [x]
R1 MpKslf01c5627;MpKslf01c5627;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB8652A4-05FF-44A8-957F-D3C6D9341628}\MpKslf01c5627.sys [x]
R1 MpKslf3843a20;MpKslf3843a20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB8652A4-05FF-44A8-957F-D3C6D9341628}\MpKslf3843a20.sys [x]
R1 shlfwoov;shlfwoov;c:\windows\system32\drivers\shlfwoov.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-02-26 9728]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-02-26 3072]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-09-17 41272]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-29 1343400]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-28 218688]
S1 MpKsl20750f32;MpKsl20750f32;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD143D54-4B07-40DA-BC47-26EFCE4A11C3}\MpKsl20750f32.sys [2011-09-23 28752]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService;Advanced SystemCare Service;d:\programs\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 FreeAgentGoNext Service;Seagate Service;d:\programs\Seagate Manager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2010-11-24 130000]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\programs\TuneUp Utilities 2009\TuneUpUtilitiesService32.exe [2011-05-20 1523008]
S3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\DRIVERS\MRVW24B.sys [2008-03-19 310016]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\programs\TuneUp Utilities 2009\TuneUpUtilitiesDriver32.sys [2011-04-26 10064]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
itnetsvc REG_MULTI_SZ itlperf
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-21 c:\windows\Tasks\At1.job
- c:\windows\system32\HOSTNAMEE.EXE [2009-07-13 01:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc28.mail.yahoo.com/mc/welcome?&.rand=331798557#_pg=showFolder;_ylc=X3oDMTBvamJjMmxoBF9TAzM5ODMwMTAyNwRhYwNtdkZsZE1zZw--&mid=1_26962_AL5TimIAARbYTloXXAZm2EMo8qU&fid=Inbox&sort=date&order=up&startMid=10&filterBy=&.rand=379203569&hash=dcc56b0d2767d37a65bbc2d24656cab1&.jsrand=5992681
IE: E&xport to Microsoft Excel - d:\programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\8ixxrqmh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20110828
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20110828&q=
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - d:\programs\Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programs\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - d:\programs\Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{07B0072D-738F-5709-0AB6-3DB75BBA3B64} - (no file)
BHO-{5D677C6A-5DF8-1A13-778F-6D1862067DB6} - (no file)
HKLM-Run-StartNowToolbarHelper - c:\program files\StartNow Toolbar\ToolbarHelper.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - d:\programs\SuperAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - d:\programs\SuperAntiSpyware\SASWINLO.DLL
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\86609300]
"imagepath"="\??\c:\windows\TEMP\3370.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\967f5800]
"imagepath"="\??\c:\windows\TEMP\15A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
d:\programs\TuneUp Utilities 2009\TuneUpUtilitiesApp32.exe
c:\windows\System32\rundll32.exe
c:\windows\RtHDVCpl.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2011-09-23 10:54:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-23 14:54
.
Pre-Run: 12,823,289,856 bytes free
Post-Run: 12,676,231,168 bytes free
.
- - End Of File - - D818DB6F3EC0BD032B02855E52B9D8ED

[Render]

Hi,

Please proceed with these steps:

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

AtJob::

File::
c:\windows\system32\HOSTNAMEE.EXE

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware.
• Select the Update tab.
• Click on Check for Updates button.
• Click on OK.
• Select the Scanner tab.
• Select Perform quick scan, then click on Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

OTL Custom Scan

• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT

• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open OTL.Txt in Notepad window.
• Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:

• New Combofix log
• MBAM log
• Fresh OTL scan log
  

[Dom Fontana]

Doing it right now. On the ball.

[Render]

Okie Dokie.