Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

CPU consumed by PING.exe, no virus detected


  • Please log in to reply

#1
[email protected]@L

[email protected]@L

    Member

  • Member
  • PipPip
  • 14 posts
Here is my OTL log
Thanks for your help


OTL logfile created on: 11/3/2011 11:16:16 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\[email protected]@L\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 54.32% Memory free
8.00 Gb Paging File | 5.49 Gb Available in Paging File | 68.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.48 Gb Total Space | 89.22 Gb Free Space | 31.92% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 356.51 Gb Free Space | 38.27% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 78.73 Gb Free Space | 8.45% Space Free | Partition Type: NTFS

Computer Name: WEZEL | User Name: [email protected]@L | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/03 23:15:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\[email protected]@L\Desktop\OTL.exe
PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/03 16:12:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/29 21:19:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 14:51:08 | 000,683,352 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
PRC - [2011/04/28 22:40:20 | 000,095,656 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
PRC - [2011/02/15 06:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2010/12/07 14:41:58 | 000,365,704 | ---- | M] (NovaStor) -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
PRC - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2010/03/14 22:56:12 | 001,540,352 | ---- | M] (SmartPCTools) -- C:\Program Files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe
PRC - [2007/09/02 15:58:52 | 000,495,616 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/23 14:04:37 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 21:18:59 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/06/13 14:21:52 | 000,511,384 | ---- | M] () -- C:\Program Files (x86)\IObit\Game Booster\sqlite3.dll
MOD - [2011/02/15 06:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011/02/15 06:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011/02/15 06:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011/02/15 06:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011/02/15 06:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011/02/15 06:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/07/26 23:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2010/07/04 16:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2007/09/02 15:58:52 | 000,495,616 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe
MOD - [2007/09/02 15:57:36 | 000,069,632 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/24 15:03:32 | 000,341,312 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe -- (NitroDriverReadSpool)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/08/19 17:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/03 16:12:45 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/24 15:03:42 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/04 13:39:14 | 000,584,488 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/12/07 14:41:58 | 000,365,704 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)
SRV - [2010/11/22 19:09:14 | 000,179,200 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe -- (Backup Client Agent Service)
SRV - [2010/11/16 08:25:29 | 002,249,000 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/06/23 01:43:04 | 001,071,032 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\wcmvcam64.sys -- (WCMVCAM)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/04/12 03:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/02/03 12:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/02/03 12:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2010/05/26 19:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15434
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 2E EC CC 9E 75 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\[email protected]@L\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/09/25 00:39:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 23:18:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/27 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/27 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 23:18:59 | 000,000,000 | ---D | M]

[2011/09/17 20:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Extensions
[2011/11/03 21:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions
[2011/09/27 18:26:16 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/09/23 20:29:58 | 000,000,000 | ---D | M] (LightShot (screenshot tool)) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2011/10/25 19:01:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/17 20:21:20 | 000,000,000 | ---D | M] (WOT) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/03 21:37:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/10/22 16:45:43 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011/10/12 03:06:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/09/17 20:21:19 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\[email protected]
[2011/10/02 17:38:25 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\[email protected]
[2011/09/17 20:21:19 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\[email protected]
[2011/09/17 20:21:19 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\[email protected]
[2011/10/04 16:00:25 | 000,002,572 | ---- | M] () -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\searchplugins\askcom.xml
[2011/10/21 17:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/17 22:38:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/10/21 16:57:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/17 20:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011/09/17 20:05:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
() (No name found) -- C:\USERS\[email protected]@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
() (No name found) -- C:\USERS\[email protected]@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\[email protected]@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
() (No name found) -- C:\USERS\[email protected]@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
() (No name found) -- C:\USERS\[email protected]@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.XPI
() (No name found) -- C:\USERS\[email protected]@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\[email protected]@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\[email protected]@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\[email protected]@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\[email protected]
[2011/09/29 21:19:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/29 21:18:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2:64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O4:64bit: - HKLM..\Run: [combofix] C:\ComboFix\CF15633.3XE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [Registry Repair Wizard Scheduler] C:\Program Files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe (SmartPCTools)
O4 - HKCU..\Run: [RocketDock] C:\Users\[email protected]@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Upload to Facebook - C:\Program Files (x86)\WebcamMax\share\iecontext.htm File not found
O8 - Extra context menu item: Upload to Facebook - C:\Program Files (x86)\WebcamMax\share\iecontext.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C467AA4-DC81-41E6-A854-E08F21501115}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes3\deskscapes.dll (Stardock Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/03 23:15:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\[email protected]@L\Desktop\OTL.exe
[2011/11/03 22:29:25 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Malwarebytes
[2011/11/03 22:29:21 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/03 22:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/03 22:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/03 22:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/03 22:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/03 22:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/03 22:28:52 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/03 22:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/03 22:27:21 | 013,022,976 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\[email protected]@L\Desktop\SUPERAntiSpyware.exe
[2011/11/03 22:27:05 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\[email protected]@L\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/03 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Enki Games
[2011/11/03 21:37:03 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincarnations 3- Back to Reality Collectors Edition
[2011/11/03 21:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reincarnations 3- Back to Reality Collectors Edition
[2011/11/03 21:19:47 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/11/03 20:05:04 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\TeamViewer
[2011/11/03 07:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/11/02 06:47:38 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\Orcs Must Die
[2011/11/02 06:45:04 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orcs Must Die!
[2011/11/02 06:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orcs Must Die!
[2011/11/02 06:36:46 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Desktop\Orcs.Must.Die.v1.0r8.update.cracked.READ.NFO-THETA [ALEX]
[2011/11/02 06:36:45 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Desktop\Orcs.Must.Die.v1.0r7.update.cracked.fixed.READ.NFO-THETA [ALEX]
[2011/11/02 06:34:46 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Desktop\Orcs.Must.Die.v1.0r6.multi9.cracked.READ.NFO-THETA
[2011/10/29 23:25:08 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\HP
[2011/10/29 23:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/10/29 23:21:26 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\HP
[2011/10/29 23:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/10/29 23:16:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011/10/29 23:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011/10/29 23:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/10/29 23:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/10/29 23:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/10/29 20:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\restore
[2011/10/29 19:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/10/29 19:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/10/29 19:52:56 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/10/29 19:52:56 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/10/29 16:55:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/29 16:52:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/29 16:44:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/29 16:44:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/29 16:44:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/29 16:44:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/29 16:44:21 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/29 16:43:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/29 08:59:24 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\SmartPCTools
[2011/10/29 08:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair Wizard
[2011/10/29 08:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartPCTools
[2011/10/27 20:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/27 20:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/10/26 23:50:11 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\Facebook
[2011/10/26 18:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/10/26 18:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/25 09:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2011/10/25 09:02:03 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\PAYDAY
[2011/10/24 12:35:46 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\My Games
[2011/10/24 09:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2011/10/24 08:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2011/10/23 04:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Payday The Heist
[2011/10/22 19:36:48 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Sahmon Games
[2011/10/22 18:15:02 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Island - Castaway 2
[2011/10/22 18:14:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Island - Castaway 2
[2011/10/21 17:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/10/21 14:58:56 | 000,000,000 | ---D | C] -- C:\Windows\FltMgr
[2011/10/21 08:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SwagHack_Galaxy_Edition_3
[2011/10/21 08:03:28 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\Panda Security
[2011/10/21 07:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2012
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\PAV
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Panda Security
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011/10/21 07:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panda Security
[2011/10/21 05:46:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2011/10/21 05:40:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trendy Entertainment
[2011/10/20 19:44:51 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\My Cheat Tables
[2011/10/20 13:59:29 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Trillian
[2011/10/20 13:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian
[2011/10/19 21:07:52 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\201280
[2011/10/19 02:28:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/10/19 00:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster
[2011/10/19 00:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/10/19 00:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/10/18 22:11:25 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\The Adventures of Tintin
[2011/10/18 17:28:03 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Realtime Soft
[2011/10/18 16:42:33 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\David_Rudie
[2011/10/18 15:50:31 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\SoftTH
[2011/10/17 22:15:56 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\DeskSoft
[2011/10/17 22:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Almeza
[2011/10/17 22:12:23 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\Almeza
[2011/10/17 18:49:44 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\Ubisoft Game Launcher
[2011/10/17 18:43:45 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\Ubisoft
[2011/10/17 18:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011/10/17 18:36:31 | 000,000,000 | -H-D | C] -- C:\Users\[email protected]@L\InstallAnywhere
[2011/10/16 16:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Computer Artworks
[2011/10/16 16:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Thing
[2011/10/16 16:14:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Computer Artworks
[2011/10/16 15:38:48 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\Eidos
[2011/10/16 15:21:28 | 000,000,000 | ---D | C] -- C:\Games
[2011/10/13 22:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/13 22:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/13 22:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/13 22:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/13 22:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/13 22:53:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/12 14:03:56 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Nitro PDF
[2011/10/12 13:53:27 | 000,028,992 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon.dll
[2011/10/12 13:53:27 | 000,017,216 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui.dll
[2011/10/12 13:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2011/10/12 13:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2011/10/12 13:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2011/10/12 13:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2011/10/12 13:52:19 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Downloaded Installations
[2011/10/07 06:35:21 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\SKIDROW
[2011/10/07 06:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2011/10/07 06:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2011/10/06 08:11:13 | 000,000,000 | --SD | C] -- C:\Users\[email protected]@L\Documents\Passwords Database
[2011/10/05 14:42:46 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\dvdcss
[2011/10/05 14:42:26 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\:) Studio
[2011/10/05 14:42:26 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\:yes: Studio
[2011/10/05 14:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\:)
[2011/10/05 14:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\:) Studio
[2011/10/05 14:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\:) Studio
[2011/10/05 12:21:25 | 000,085,048 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2011/10/05 12:21:25 | 000,066,104 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2011/10/05 12:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/05 09:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2011/10/05 09:48:47 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Apple Computer
[2011/10/05 09:48:47 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\Apple Computer
[2011/10/05 09:48:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/10/05 09:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/10/05 09:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/10/05 09:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/10/05 08:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/10/05 02:06:13 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\CyberLink
[2011/10/05 02:04:50 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Cyberlink
[2011/10/05 02:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/10/05 01:44:57 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor
[2011/10/05 01:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2011/10/05 01:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software
[2011/10/05 01:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2011/10/05 01:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/10/05 01:41:56 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\Apple
[2011/10/05 01:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/10/05 01:41:35 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector
[2011/10/05 01:41:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2011/10/05 01:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2011/10/05 01:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSK
[2011/10/05 01:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/03 23:15:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\[email protected]@L\Desktop\OTL.exe
[2011/11/03 22:56:19 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/03 22:56:19 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/03 22:48:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/03 22:48:30 | 3220,074,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/03 22:29:53 | 000,007,605 | ---- | M] () -- C:\Users\[email protected]@L\AppData\Local\Resmon.ResmonCfg
[2011/11/03 22:29:09 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/03 22:28:59 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/03 22:27:44 | 013,022,976 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\[email protected]@L\Desktop\SUPERAntiSpyware.exe
[2011/11/03 22:27:33 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\[email protected]@L\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/03 21:37:03 | 000,002,425 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\Reincarnations 3- Back to Reality Collectors Edition.lnk
[2011/11/03 20:19:48 | 366,962,000 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\Charlies.Angels.2011.S01E06.HDTV.XviD-ASAP.avi
[2011/11/03 20:08:38 | 182,962,176 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\ridiculousness.0109-yestv.avi
[2011/11/03 19:10:57 | 183,859,200 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\CelebriDate.S01E04.Dean.Cain.HDTV.XviD-PREMiER.avi
[2011/11/03 17:54:09 | 367,128,576 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\Kitchen.Nightmares.US.S05E07.WS.XviD-err0001.avi
[2011/11/03 17:45:21 | 183,562,240 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\long.island.medium.s01e08.theresa.explains.it.all.hdtv.xvid-crimson.avi
[2011/11/03 09:05:51 | 182,640,872 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\Auction.Kings.S02E21.Wacky.Taxi.HDTV.XviD-MOMENTUM.avi
[2011/11/02 21:34:07 | 576,767,162 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\james.mays.man.lab.s01e03.ws.pdtv.xvid-ftp.avi
[2011/11/02 21:08:11 | 576,755,712 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\James.Mays.Man.Lab.S01E02.WS.PDTV.XviD-BARGE.avi
[2011/11/02 21:01:33 | 575,969,280 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\James.Mays.Man.Lab.S01E01.WS.PDTV.XviD-FTP.avi
[2011/11/01 12:28:46 | 000,001,057 | ---- | M] () -- C:\Users\[email protected]@L\AppData\Roaming\vso_ts_preview.xml
[2011/11/01 11:36:00 | 000,782,702 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/01 11:36:00 | 000,662,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/01 11:36:00 | 000,122,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/31 19:38:27 | 419,433,678 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/30 09:36:59 | 004,841,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/29 23:21:17 | 000,164,734 | ---- | M] () -- C:\Windows\hpoins29.dat
[2011/10/29 23:18:22 | 000,002,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/10/29 07:33:56 | 183,485,720 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\X-Men.2011.S01E02.HDTV.XviD-LMAO.avi
[2011/10/26 23:50:13 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3491092077-2592809933-3551427508-1000Core.job
[2011/10/26 18:34:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/26 18:31:17 | 000,796,360 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/15 03:53:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/10/15 03:53:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/10/15 03:53:00 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011/10/13 22:58:41 | 000,002,515 | ---- | M] () -- C:\Users\[email protected]@L\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/11 09:25:39 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/10 12:27:45 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/10/08 16:39:53 | 000,000,117 | ---- | M] () -- C:\Users\[email protected]@L\Documents\Rage.cht
[2011/10/08 14:26:28 | 000,001,806 | ---- | M] () -- C:\Windows\TSearch.INI
[2011/10/05 14:41:58 | 000,002,223 | ---- | M] () -- C:\Users\[email protected]@L\Application Data\Microsoft\Internet Explorer\Quick Launch\:) DVD Ripper.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/03 22:29:09 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/03 22:28:59 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/03 21:37:03 | 000,002,425 | ---- | C] () -- C:\Users\[email protected]@L\Desktop\Reincarnations 3- Back to Reality Collectors Edition.lnk
[2011/11/03 20:12:14 | 366,962,000 | ---- | C] () -- C:\Users\[email protected]@L\Desktop\Charlies.Angels.2011.S01E06.HDTV.XviD-ASAP.avi
[2011/11/03 20:03:05 | 182,962,176 | ---- | C] () -- C:\Users\[email protected]@L\Desktop\ridiculousness.0109-yestv.avi
[2011/11/03 19:08:21 | 183,859,200 | ---- | C] () -- C:\Users\[email protected]@L\Desktop\CelebriDate.S01E04.Dean.Cain.HDTV.XviD-PREMiER.avi
[2011/11/03 17:45:38 | 367,128,576 | ---- | C] () -- C:\Users\[email protected]@L\Desktop\Kitchen.Nightmares.US.S05E07.WS.XviD-err0001.avi
[2011/11/03 17:45:20 | 183,562,240 | ---- | C] () -- C:\Users\[email protected]@L\Desktop\long.island.medium.s01e08.theresa.explains.it.all.hdtv.xvid-crimson.avi
[2011/11/03 09:02:45 | 182,640,872 | ---- | C] () -- C:\Users\[email protected]@L\Desktop\Auction.Kings.S02E21.Wacky.Taxi.HDTV.XviD-MOMENTUM.avi
[2011/11/02 21:12:11 | 576,767,162 | ---- | C] () -- C:\Users\[email protected]@L\Desktop\james.mays.man.lab.s01e03.ws.pdtv.xvid-ftp.avi
[2011/11/02 21:02:42 | 576,755,712 | ---- | C] () -- C:\Users\[email protected]@L\Desktop\James.Mays.Man.Lab.S01E02.WS.PDTV.XviD-BARGE.avi
[2011/11/02 20:49:36 | 575,969,280 | ---- | C] () -- C:\Users\[email protected]@L\Desktop\James.Mays.Man.Lab.S01E01.WS.PDTV.XviD-FTP.avi
[2011/11/01 11:03:21 | 000,001,057 | ---- | C] () -- C:\Users\[email protected]@L\AppData\Roaming\vso_ts_preview.xml
[2011/10/29 23:18:44 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/10/29 23:18:22 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/10/29 23:15:18 | 000,164,734 | ---- | C] () -- C:\Windows\hpoins29.dat
[2011/10/29 23:15:17 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2011/10/29 19:52:56 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011/10/29 16:44:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/29 16:44:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/29 16:44:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/29 16:44:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/29 16:44:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/29 07:30:42 | 183,485,720 | ---- | C] () -- C:\Users\[email protected]@L\Desktop\X-Men.2011.S01E02.HDTV.XviD-LMAO.avi
[2011/10/26 23:50:13 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3491092077-2592809933-3551427508-1000Core.job
[2011/10/26 18:34:56 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/26 18:31:09 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/23 04:49:38 | 000,000,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Payday The Heist.lnk
[2011/10/12 13:53:19 | 000,002,553 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Professional.lnk
[2011/10/07 18:07:38 | 000,000,117 | ---- | C] () -- C:\Users\[email protected]@L\Documents\Rage.cht
[2011/10/07 07:29:04 | 000,001,806 | ---- | C] () -- C:\Windows\TSearch.INI
[2011/10/05 14:41:58 | 000,002,223 | ---- | C] () -- C:\Users\[email protected]@L\Application Data\Microsoft\Internet Explorer\Quick Launch\:) DVD Ripper.lnk
[2011/10/05 09:49:25 | 000,002,515 | ---- | C] () -- C:\Users\[email protected]@L\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/05 09:49:25 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/10/05 01:41:54 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/10/03 15:58:22 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2011/10/02 07:33:12 | 000,000,126 | ---- | C] () -- C:\Users\[email protected]@L\AppData\Roaming\Earthquakes Meter_Settings.ini
[2011/09/28 01:59:34 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/28 01:59:29 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/25 06:24:42 | 000,007,605 | ---- | C] () -- C:\Users\[email protected]@L\AppData\Local\Resmon.ResmonCfg
[2011/09/21 14:26:25 | 000,796,360 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/21 01:41:53 | 000,000,097 | RHS- | C] () -- C:\ProgramData\1.12.0.lic
[2011/09/18 02:51:50 | 000,050,536 | ---- | C] () -- C:\Windows\UTP.exe
[2011/09/17 23:25:50 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/09/25 06:55:42 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\AnvSoft
[2011/09/18 15:13:26 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\Ashampoo
[2011/10/02 17:38:19 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\Babylon
[2011/09/25 05:09:56 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\com.adobe.dmp.contentviewer
[2011/09/25 00:45:30 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2011/10/19 02:26:13 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\DeskSoft
[2011/10/04 16:35:27 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\DisneyInteractiveStudios
[2011/10/05 10:41:07 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\DisplayFusion
[2011/10/12 13:52:19 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\Downloaded Installations
[2011/11/03 21:46:29 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\Enki Games
[2011/09/22 05:04:38 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\HdO Adventure
[2011/09/18 00:30:47 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\LolClient
[2011/10/12 14:03:56 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\Nitro PDF
[2011/09/28 01:08:55 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\Origin
[2011/10/21 07:58:46 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\Panda Security
[2011/09/28 07:39:31 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\Reviversoft
[2011/09/17 20:51:52 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\RocketDock Backup
[2011/10/22 19:36:48 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\Sahmon Games
[2011/10/29 08:59:24 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\SmartPCTools
[2011/11/03 20:05:04 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\TeamViewer
[2011/09/28 07:29:04 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\Thinstall
[2011/10/20 14:05:26 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\Trillian
[2011/11/03 22:50:34 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\uTorrent
[2011/11/01 12:28:47 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\Vso
[2011/10/04 12:33:07 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\WCMShare
[2011/10/04 08:00:02 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\WebcamMax
[2011/09/17 20:35:13 | 000,000,000 | ---D | M] -- C:\Users\[email protected]@L\AppData\Roaming\Windows SideBar
[2011/10/26 23:50:13 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3491092077-2592809933-3551427508-1000Core.job
[2009/07/14 00:08:49 | 000,026,260 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:ECF54A0E

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
You have the ZeroAccess rootkit.


Let's see what happens with Combofix:

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Right click on ComboFix and Run as Admin. to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and Run As Admin.
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click the aswMBR.exe and Run as Admin.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply.

Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.


Ron
  • 0

#3
[email protected]@L

[email protected]@L

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thank you for your extremely fast response!!

Here's the log

ComboFix 11-11-03.05 - [email protected]@L 11/04/2011 0:03.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1968 [GMT -5:00]
Running from: c:\users\[email protected]@L\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\[email protected]@L\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\consrv.dll
c:\windows\System64
.
---- Previous Run -------
.
c:\program files (x86)\TSearch\DBGHELP.DLL
c:\program files (x86)\TSearch\English.Slg
c:\program files (x86)\TSearch\French.Slg
c:\program files (x86)\TSearch\imagehlp.dll
c:\program files (x86)\TSearch\programme test.exe
c:\program files (x86)\TSearch\README.TXT
c:\program files (x86)\TSearch\THotkeys.dll
c:\program files (x86)\TSearch\TSearch.chm
c:\program files (x86)\TSearch\TSearch.exe
c:\program files (x86)\TSearch\TSearchDll.dll
c:\program files (x86)\TSearch\TSpeech.dll
c:\users\[email protected]@L\AppData\Roaming\vso_ts_preview.xml
c:\windows\iun6002.exe
c:\windows\system32\consrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-04 05:12 . 2011-11-04 05:12 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29C324BD-C453-4129-88EC-2E47C8332FE3}\offreg.dll
2011-11-04 05:10 . 2011-11-04 05:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Malwarebytes
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\SUPERAntiSpyware.com
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-04 03:28 . 2011-11-04 03:28 -------- d-----w- c:\programdata\Malwarebytes
2011-11-04 03:28 . 2011-11-04 03:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-04 03:28 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-04 02:46 . 2011-11-04 02:46 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Enki Games
2011-11-04 02:36 . 2011-11-04 02:36 -------- d-----w- c:\program files (x86)\Reincarnations 3- Back to Reality Collectors Edition
2011-11-04 01:05 . 2011-11-04 01:05 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\TeamViewer
2011-11-03 12:05 . 2011-10-07 02:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29C324BD-C453-4129-88EC-2E47C8332FE3}\mpengine.dll
2011-11-03 12:01 . 2011-11-03 12:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-11-02 11:37 . 2011-11-02 11:47 -------- d-----w- c:\program files (x86)\Orcs Must Die!
2011-10-30 04:25 . 2011-10-30 04:25 -------- d-----w- c:\users\[email protected]@L\AppData\Local\HP
2011-10-30 04:21 . 2011-10-30 04:25 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\HP
2011-10-30 04:21 . 2011-10-30 04:21 -------- d-----w- c:\programdata\WEBREG
2011-10-30 04:17 . 2011-10-30 04:17 -------- d-----w- c:\programdata\HP Product Assistant
2011-10-30 04:16 . 2011-10-30 04:16 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-10-30 04:16 . 2011-10-30 04:16 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2011-10-30 04:14 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll
2011-10-30 04:06 . 2011-10-30 04:19 -------- d-----w- c:\program files (x86)\HP
2011-10-30 04:05 . 2011-10-30 04:21 -------- d-----w- c:\programdata\HP
2011-10-30 04:05 . 2009-07-08 10:51 938496 ----a-w- c:\windows\system32\hpowiax8.dll
2011-10-30 04:05 . 2009-07-08 10:51 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2011-10-30 04:05 . 2009-07-08 10:51 505344 ----a-w- c:\windows\system32\hpovst14.dll
2011-10-30 04:05 . 2009-07-08 10:51 1406464 ----a-w- c:\windows\system32\hpotiop6.dll
2011-10-30 01:10 . 2011-10-30 01:10 -------- d-----w- c:\programdata\restore
2011-10-30 00:54 . 2011-11-03 00:49 -------- d-----w- c:\users\UpdatusUser
2011-10-30 00:54 . 2011-10-30 00:55 -------- d-----w- c:\programdata\NVIDIA
2011-10-30 00:54 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-30 00:54 . 2011-10-15 08:53 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-30 00:54 . 2011-10-15 08:53 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-30 00:54 . 2011-10-15 08:53 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-30 00:54 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-30 00:54 . 2011-10-15 08:53 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-30 00:53 . 2011-10-30 00:53 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-10-29 13:59 . 2011-10-29 13:59 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\SmartPCTools
2011-10-29 13:58 . 2011-10-29 13:58 -------- d-----w- c:\program files (x86)\SmartPCTools
2011-10-29 06:04 . 2005-04-04 04:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-10-29 06:04 . 2011-10-29 06:04 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-10-29 06:04 . 2011-10-29 06:04 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-10-29 06:04 . 2005-04-04 04:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-10-29 06:04 . 2005-04-04 04:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-10-29 06:04 . 2005-04-04 04:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-10-29 06:04 . 2005-04-04 04:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-10-29 06:04 . 2005-04-04 03:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-10-27 04:50 . 2011-10-27 04:50 -------- d-----w- c:\users\[email protected]@L\AppData\Local\Facebook
2011-10-26 23:37 . 2011-10-07 02:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-26 23:35 . 2011-10-04 22:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0702DB1-7B2F-4608-9AAE-7796B1198D0E}\gapaengine.dll
2011-10-26 23:31 . 2011-10-26 23:31 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-10-26 23:31 . 2011-10-26 23:31 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-25 14:02 . 2011-10-25 14:02 -------- d-----w- c:\users\[email protected]@L\AppData\Local\PAYDAY
2011-10-25 14:02 . 2011-10-25 14:02 -------- d-----w- c:\programdata\RELOADED
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-24 13:57 . 2011-10-24 13:57 -------- d-----w- c:\program files (x86)\THQ
2011-10-23 09:47 . 2011-10-23 10:02 -------- d-----w- c:\program files (x86)\Payday The Heist
2011-10-23 00:36 . 2011-10-23 00:36 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Sahmon Games
2011-10-22 23:14 . 2011-10-22 23:15 -------- d-----w- c:\program files (x86)\The Island - Castaway 2
2011-10-21 22:14 . 2011-10-07 04:16 8570192 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03A46292-3676-44E9-A82D-221DF9D71B59}\mpengine.dll
2011-10-21 19:58 . 2011-10-21 20:49 -------- d-----w- c:\windows\FltMgr
2011-10-21 13:08 . 2011-10-21 13:08 -------- d-----w- c:\programdata\SwagHack_Galaxy_Edition_3
2011-10-21 13:03 . 2011-10-21 13:03 -------- d-----w- c:\users\[email protected]@L\AppData\Local\Panda Security
2011-10-21 12:58 . 2011-10-21 20:49 -------- d-----w- c:\program files (x86)\Panda Security
2011-10-21 12:58 . 2011-10-21 12:59 -------- d-----w- c:\programdata\Panda Security
2011-10-21 12:58 . 2011-10-21 12:58 -------- d-----w- c:\windows\SysWow64\PAV
2011-10-21 12:58 . 2011-10-21 12:58 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Panda Security
2011-10-21 12:58 . 2011-10-21 12:58 -------- d-----w- c:\program files (x86)\Common Files\Panda Security
2011-10-21 10:46 . 2011-10-21 20:49 -------- d-----w- c:\program files (x86)\Steam
2011-10-21 10:40 . 2011-10-21 10:40 -------- d-----w- c:\program files (x86)\Trendy Entertainment
2011-10-20 18:59 . 2011-10-20 19:05 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Trillian
2011-10-20 18:58 . 2011-10-21 20:49 -------- d-----w- c:\program files (x86)\Trillian
2011-10-20 02:07 . 2011-10-20 02:07 -------- d-----w- c:\users\[email protected]@L\AppData\Local\201280
2011-10-19 05:59 . 2011-10-19 05:59 -------- d-----w- c:\programdata\IObit
2011-10-19 05:59 . 2011-10-19 05:59 -------- d-----w- c:\program files (x86)\IObit
2011-10-18 22:28 . 2011-10-18 22:28 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Realtime Soft
2011-10-18 21:42 . 2011-10-18 21:42 -------- d-----w- c:\users\[email protected]@L\AppData\Local\David_Rudie
2011-10-18 03:15 . 2011-10-19 07:26 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\DeskSoft
2011-10-17 23:49 . 2011-10-18 00:18 -------- d-----w- c:\users\[email protected]@L\AppData\Local\Ubisoft Game Launcher
2011-10-17 23:37 . 2011-10-18 22:37 -------- d-----w- c:\program files (x86)\Ubisoft
2011-10-17 23:36 . 2011-10-17 23:36 -------- d--h--w- c:\users\[email protected]@L\InstallAnywhere
2011-10-16 21:15 . 2011-10-16 21:15 -------- d-----w- c:\program files\Computer Artworks
2011-10-16 21:14 . 2011-10-16 21:14 -------- d-----w- c:\program files (x86)\Computer Artworks
2011-10-16 20:35 . 2011-10-16 20:35 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-10-16 20:21 . 2011-10-16 20:39 -------- d-----w- C:\Games
2011-10-14 03:55 . 2011-10-14 03:55 -------- d-----w- c:\program files\iPod
2011-10-14 03:55 . 2011-10-14 03:56 -------- d-----w- c:\program files\iTunes
2011-10-14 03:55 . 2011-10-14 03:56 -------- d-----w- c:\program files (x86)\iTunes
2011-10-14 03:53 . 2011-10-14 03:53 -------- d-----w- c:\program files\Bonjour
2011-10-14 03:53 . 2011-10-14 03:53 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-12 19:03 . 2011-10-12 19:03 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Nitro PDF
2011-10-12 18:53 . 2011-09-24 20:02 17216 ----a-w- c:\windows\system32\nitrolocalui.dll
2011-10-12 18:53 . 2011-09-24 20:02 28992 ----a-w- c:\windows\system32\nitrolocalmon.dll
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\programdata\Nitro PDF
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\program files\Common Files\Nitro PDF
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\program files (x86)\Nitro PDF
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\program files (x86)\Common Files\Nitro PDF
2011-10-12 18:52 . 2011-10-12 18:52 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Downloaded Installations
2011-10-12 16:14 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 16:14 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 16:14 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 16:14 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-07 11:35 . 2011-10-21 20:49 -------- d-----w- c:\users\[email protected]@L\AppData\Local\SKIDROW
2011-10-07 11:21 . 2011-10-29 06:05 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2011-10-05 19:42 . 2011-10-05 19:42 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\dvdcss
2011-10-05 19:42 . 2011-10-05 19:42 -------- d-----w- c:\users\[email protected]@L\AppData\Local\:) Studio
2011-10-05 19:41 . 2011-10-05 19:41 -------- d-----w- c:\programdata\:yes: Studio
2011-10-05 19:41 . 2011-10-05 19:41 -------- d-----w- c:\program files (x86)\:) Studio
2011-10-05 17:21 . 2009-12-14 17:44 85048 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-10-05 17:21 . 2009-12-14 17:44 66104 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-10-05 17:20 . 2011-10-08 14:38 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-05 14:49 . 2011-10-14 03:58 -------- d-----w- c:\program files (x86)\Safari
2011-10-05 14:48 . 2011-10-14 03:18 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Apple Computer
2011-10-05 14:48 . 2011-10-05 14:48 -------- d-----w- c:\users\[email protected]@L\AppData\Local\Apple Computer
2011-10-05 14:48 . 2011-10-06 13:11 -------- dc----w- c:\windows\system32\DRVSTORE
2011-10-05 14:48 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-05 14:48 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-10-05 14:48 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-10-05 14:47 . 2011-10-05 14:48 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-10-05 14:47 . 2011-10-05 14:47 -------- d-----w- c:\program files\Common Files\Apple
2011-10-05 14:20 . 2011-10-14 03:55 -------- d-----w- c:\programdata\Apple Computer
2011-10-05 13:56 . 2011-10-05 13:56 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-10-05 07:06 . 2011-10-05 07:06 -------- d-----w- c:\users\Public\CyberLink
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 19:04 . 2011-09-18 01:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 14:25 . 2011-09-28 06:59 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-10 17:27 . 2011-09-28 06:59 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-04 02:35 . 2011-10-04 02:13 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-03 21:12 . 2011-09-28 06:59 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-03 10:06 . 2011-09-18 03:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-24 20:03 . 2011-09-24 20:03 68928 ----a-w- c:\windows\SysWow64\NLSSRV32.EXE
2011-09-24 17:08 . 2010-11-21 03:24 699904 ----a-w- c:\windows\system32\taskmgr.exe
2011-09-18 07:51 . 2010-11-21 03:24 3029504 ----a-w- c:\windows\SysWow64\themeui.dll
2011-09-18 07:51 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2011-09-18 07:51 . 2011-09-18 07:51 50536 ----a-w- c:\windows\UTP.exe
2011-09-18 01:45 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2011-09-18 01:45 . 2010-11-21 03:23 3126272 ----a-w- c:\windows\system32\themeui.dll
2011-09-18 01:44 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2011-09-06 20:45 . 2011-09-21 20:48 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-01 02:12 . 2011-09-18 03:55 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-31 04:05 . 2011-08-31 04:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 04:05 . 2011-08-31 04:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 04:05 . 2011-08-31 04:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 04:05 . 2011-08-31 04:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 04:05 . 2011-08-31 04:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[-] 2011-02-25 . C9A561405FC9A8019772A81D8A85E962 . 3090944 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
.
((((((((((((((((((((((((((((( [email protected]_21.55.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-30 00:52 . 2011-10-15 08:53 61248 c:\windows\SysWOW64\OpenCL.dll
+ 2009-05-14 11:22 . 2009-05-14 11:22 82432 c:\windows\SysWOW64\msxml4r.dll
+ 2008-12-04 01:05 . 2008-12-04 01:05 33792 c:\windows\SysWOW64\HPZipr12.dll
+ 2008-12-04 01:05 . 2008-12-04 01:05 49152 c:\windows\SysWOW64\HPZidr12.dll
- 2011-10-29 09:54 . 2011-10-29 21:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-10-29 09:54 . 2011-11-04 04:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-11-04 05:01 . 2011-11-04 04:59 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011110420111105\index.dat
+ 2011-11-04 02:32 . 2011-11-04 02:54 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011110320111104\index.dat
+ 2011-11-04 02:32 . 2011-11-04 02:30 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011102420111031\index.dat
+ 2011-10-29 09:54 . 2011-11-04 04:59 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2011-10-29 09:54 . 2011-10-29 21:43 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2011-11-04 03:51 47828 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-04 03:51 35362 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-18 01:03 . 2011-11-04 03:51 10646 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3491092077-2592809933-3551427508-1000_UserData.bin
+ 2011-10-30 00:52 . 2011-10-15 08:53 68928 c:\windows\system32\OpenCL.dll
+ 2011-10-30 00:52 . 2011-07-07 23:21 29288 c:\windows\system32\nvhdap64.dll
- 2011-10-21 21:05 . 2011-05-10 09:41 29288 c:\windows\system32\nvhdap64.dll
+ 2008-12-04 01:05 . 2008-12-04 01:05 30720 c:\windows\system32\hpzisn12.dll
+ 2008-12-04 01:05 . 2008-12-04 01:05 45056 c:\windows\system32\hpzipt12.dll
+ 2008-12-04 01:05 . 2008-12-04 01:05 53760 c:\windows\system32\HPZipr12.dll
+ 2008-12-04 01:05 . 2008-12-04 01:05 89600 c:\windows\system32\HPZipm12.dll
+ 2008-12-04 01:05 . 2008-12-04 01:05 71680 c:\windows\system32\HPZinw12.dll
+ 2008-12-04 01:05 . 2008-12-04 01:05 78848 c:\windows\system32\HPZidr12.dll
+ 2008-03-05 02:45 . 2008-03-05 02:45 54784 c:\windows\system32\hpbpro.dll
+ 2008-03-05 02:45 . 2008-03-05 02:45 33280 c:\windows\system32\hpboid.dll
+ 2008-03-05 02:45 . 2008-03-05 02:45 32768 c:\windows\system32\hpbmiapi.dll
- 2009-07-14 05:30 . 2011-10-21 21:07 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-10-30 04:20 86016 c:\windows\system32\DriverStore\infpub.dat
- 2011-10-04 02:16 . 2011-07-07 23:21 29288 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvhdap64.dll
+ 2011-10-30 00:52 . 2011-07-07 23:21 29288 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvhdap64.dll
- 2011-10-04 02:16 . 2011-07-07 23:21 70760 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvapo64v.dll
+ 2011-10-30 00:52 . 2011-07-07 23:21 70760 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvapo64v.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 68928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\OpenCL64.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 61248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\OpenCL.dll
+ 2009-07-14 00:00 . 2009-07-14 00:00 43008 c:\windows\system32\drivers\Dot4usb.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23 19968 c:\windows\system32\drivers\Dot4Prt.sys
- 2011-09-18 00:53 . 2011-10-29 20:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-18 00:53 . 2011-11-04 03:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-18 00:53 . 2011-11-04 03:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-18 00:53 . 2011-10-29 20:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-04 03:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-29 20:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:46 . 2011-10-29 20:45 89040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-11-04 03:47 89040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-09-18 01:00 . 2011-11-04 05:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-18 01:00 . 2011-10-29 21:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-18 01:00 . 2011-10-29 21:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-18 01:00 . 2011-11-04 05:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-04 02:40 . 2011-11-04 02:40 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut9.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut8.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut7.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut6.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut5.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut28.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut27.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut26.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut25.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut24.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut23.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut22.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut21.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut20.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut2_1.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut19.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut18.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut17.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut16.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut15.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut14.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut13.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut12.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut11.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut10.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2011-10-30 04:19 . 2011-10-30 04:19 25214 c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\ARPPRODUCTICON.exe
+ 2011-11-03 12:01 . 2011-11-03 12:01 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2011-10-30 04:18 . 2011-10-30 04:18 65536 c:\windows\Installer\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
- 2011-09-19 22:36 . 2011-10-29 21:53 3168 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-09-19 22:36 . 2011-11-04 05:11 3168 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2008-03-05 02:45 . 2008-03-05 02:45 9728 c:\windows\system32\hpbprops.dll
+ 2008-03-05 02:45 . 2008-03-05 02:45 9216 c:\windows\system32\hpboidps.dll
- 2011-10-29 21:54 . 2011-10-29 21:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-04 05:12 . 2011-11-04 05:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-04 05:12 . 2011-11-04 05:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-29 21:54 . 2011-10-29 21:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-22 01:21 . 2009-05-22 01:21 499712 c:\windows\SysWOW64\msvcp71.dll
+ 2009-07-14 04:54 . 2011-11-04 04:59 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-22 23:33 . 2008-07-22 23:33 287256 c:\windows\SysWOW64\AbaleZip.dll
+ 2009-07-14 02:36 . 2011-11-01 16:36 662408 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-28 09:00 662408 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-01 16:36 122236 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-10-28 09:00 122236 c:\windows\system32\perfc009.dat
+ 2007-04-24 15:32 . 2007-04-24 15:32 131072 c:\windows\system32\hplbdchn.dll
+ 2009-07-14 05:30 . 2011-10-30 04:20 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-10-21 21:07 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-10-21 21:07 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-10-30 04:16 143360 c:\windows\system32\DriverStore\infstor.dat
- 2011-10-04 02:16 . 2011-07-07 23:21 174184 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvhda64v.sys
+ 2011-10-30 00:52 . 2011-07-07 23:21 174184 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvhda64v.sys
- 2011-10-04 02:16 . 2011-07-07 23:21 150120 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvhda64.sys
+ 2011-10-30 00:52 . 2011-07-07 23:21 150120 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvhda64.sys
+ 2011-10-30 00:52 . 2011-10-15 08:53 283456 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvml.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 200512 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvidia-smi.exe
+ 2011-10-30 00:52 . 2011-10-15 08:53 316496 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvdrsdb.bin
+ 2011-10-30 00:52 . 2011-10-15 08:53 224064 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\dbInstaller.exe
+ 2011-10-30 04:14 . 2009-07-08 10:51 642360 c:\windows\system32\DriverStore\FileRepository\hprdv_vp.inf_amd64_neutral_6687304f39bc230b\hpzids40.dll
+ 2011-10-30 04:14 . 2009-07-08 10:51 938496 c:\windows\system32\DriverStore\FileRepository\hpoc4400_sc.inf_amd64_neutral_be662d5c0185944b\drivers\scanner\x64\hpowiax8.dll
+ 2011-10-30 04:14 . 2009-07-08 10:51 505344 c:\windows\system32\DriverStore\FileRepository\hpoc4400_sc.inf_amd64_neutral_be662d5c0185944b\drivers\scanner\x64\hpovst14.dll
+ 2011-10-30 04:14 . 2009-07-08 10:51 551424 c:\windows\system32\DriverStore\FileRepository\hpoc4400_sc.inf_amd64_neutral_be662d5c0185944b\drivers\dot4\amd64\winxp\hppldcoi.dll
+ 2011-10-30 04:14 . 2009-07-08 10:51 508928 c:\windows\system32\DriverStore\FileRepository\hpoc4400_sc.inf_amd64_neutral_be662d5c0185944b\drivers\dot4\amd64\winxp\difxapi.dll
- 2011-10-21 21:05 . 2011-05-10 09:41 174184 c:\windows\system32\drivers\nvhda64v.sys
+ 2011-10-30 00:52 . 2011-07-07 23:21 174184 c:\windows\system32\drivers\nvhda64v.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 145920 c:\windows\system32\drivers\Dot4.sys
- 2009-07-14 05:12 . 2011-10-29 20:42 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-11-04 03:48 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2011-11-04 05:11 322300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2008-08-01 21:00 . 2008-08-01 21:00 224256 c:\windows\Installer\47a82.msi
+ 2009-05-22 03:46 . 2009-05-22 03:46 477696 c:\windows\Installer\47a73.msi
+ 2009-09-20 19:15 . 2009-09-20 19:15 857600 c:\windows\Installer\47a6b.msi
+ 2009-05-14 15:41 . 2009-05-14 15:41 340480 c:\windows\Installer\47a64.msi
+ 2009-09-20 15:56 . 2009-09-20 15:56 613376 c:\windows\Installer\47a56.msi
+ 2009-09-20 19:07 . 2009-09-20 19:07 678912 c:\windows\Installer\47a48.msi
+ 2009-09-20 19:36 . 2009-09-20 19:36 692736 c:\windows\Installer\47a41.msi
+ 2009-05-14 15:15 . 2009-05-14 15:15 459264 c:\windows\Installer\47a39.msi
+ 2009-09-20 19:24 . 2009-09-20 19:24 585216 c:\windows\Installer\47a32.msi
+ 2009-05-22 01:58 . 2009-05-22 01:58 765440 c:\windows\Installer\47a2b.msi
+ 2009-05-22 03:05 . 2009-05-22 03:05 470016 c:\windows\Installer\47a24.msi
+ 2009-05-22 03:21 . 2009-05-22 03:21 822272 c:\windows\Installer\47a1d.msi
+ 2009-05-22 03:49 . 2009-05-22 03:49 609280 c:\windows\Installer\47a13.msi
+ 2008-10-17 17:29 . 2008-10-17 17:29 519680 c:\windows\Installer\47a0c.msi
+ 2009-05-22 04:28 . 2009-05-22 04:28 496640 c:\windows\Installer\47a05.msi
+ 2009-05-14 15:50 . 2009-05-14 15:50 859648 c:\windows\Installer\479fa.msi
+ 2009-05-22 03:40 . 2009-05-22 03:40 935424 c:\windows\Installer\479f3.msi
+ 2009-05-22 02:05 . 2009-05-22 02:05 390144 c:\windows\Installer\479ec.msi
+ 2009-09-20 18:18 . 2009-09-20 18:18 384000 c:\windows\Installer\479e5.msi
+ 2009-09-20 17:01 . 2009-09-20 17:01 780288 c:\windows\Installer\479de.msi
+ 2009-07-08 10:51 . 2009-07-08 10:51 423936 c:\windows\Installer\479d6.msi
+ 2011-10-30 04:19 . 2011-10-30 04:19 689456 c:\windows\Installer\{7059BDA7-E1DB-442C-B7A1-6144596720A4}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
+ 2011-10-30 04:15 . 2011-10-30 04:21 164734 c:\windows\hpoins29.dat
+ 2011-10-29 09:44 . 2011-11-04 03:48 208896 c:\windows\assembly\temp\kwrd.dll
- 2011-10-29 09:44 . 2011-10-29 20:42 208896 c:\windows\assembly\temp\kwrd.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 7041856 c:\windows\SysWOW64\nvwgf2um.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 2401088 c:\windows\SysWOW64\nvcuvid.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 2099520 c:\windows\SysWOW64\nvcuvenc.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 5578560 c:\windows\SysWOW64\nvcuda.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 2458432 c:\windows\SysWOW64\nvapi.dll
+ 2009-07-21 05:05 . 2009-07-21 05:05 1348432 c:\windows\SysWOW64\msxml4.dll
+ 2009-05-14 11:22 . 2009-05-14 11:22 1645320 c:\windows\SysWOW64\gdiplus.dll
+ 2009-07-14 04:54 . 2011-11-04 04:59 5505024 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-04 04:59 2457600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-30 00:52 . 2011-10-15 08:53 8791360 c:\windows\system32\nvwgf2umx.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 1454400 c:\windows\system32\nvgenco64.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 1533248 c:\windows\system32\nvdispco64.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 2542912 c:\windows\system32\nvcuvid.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 2232128 c:\windows\system32\nvcuvenc.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 7581504 c:\windows\system32\nvcuda.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 2808128 c:\windows\system32\nvapi64.dll
+ 2009-07-14 04:45 . 2011-10-30 14:36 4841888 c:\windows\system32\FNTCACHE.DAT
- 2011-10-04 02:16 . 2011-07-07 23:21 1452648 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvgenco64.dll
+ 2011-10-30 00:52 . 2011-07-07 23:21 1452648 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvgenco64.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 8791360 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvwgf2umx.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 7041856 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvwgf2um.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 1454400 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvgenco64.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 1533248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvdispco64.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 2401088 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvcuvid32.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 2542912 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvcuvid.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 2232128 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvcuvenc64.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 2099520 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvcuvenc.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 5578560 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvcuda32.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 7581504 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvcuda.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 2808128 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvapi64.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 2458432 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvapi.dll
+ 2011-10-30 04:14 . 2009-07-08 10:51 1406464 c:\windows\system32\DriverStore\FileRepository\hpoc4400_sc.inf_amd64_neutral_be662d5c0185944b\drivers\scanner\x64\hpotiop6.dll
+ 2009-07-14 04:45 . 2011-11-04 02:46 7087352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-10-29 13:57 7087352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-21 05:29 . 2009-07-21 05:29 6057984 c:\windows\Installer\e0e63f.msi
+ 2008-08-01 21:00 . 2008-08-01 21:00 3064320 c:\windows\Installer\47a8c.msi
+ 2009-01-06 00:42 . 2009-01-06 00:42 1891840 c:\windows\Installer\47a7b.msi
+ 2009-05-22 03:09 . 2009-05-22 03:09 1054720 c:\windows\Installer\47a5d.msi
+ 2008-10-01 02:07 . 2008-10-01 02:07 6042112 c:\windows\Installer\2699c0f.msi
+ 2011-11-03 12:03 . 2011-08-30 04:21 12872704 c:\windows\SysWOW64\shell32.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 18871616 c:\windows\SysWOW64\nvoglv32.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 13205312 c:\windows\SysWOW64\nvd3dum.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 17248576 c:\windows\SysWOW64\nvcompiler.dll
+ 2009-07-14 02:34 . 2011-11-03 15:54 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-11-03 12:03 . 2011-08-30 05:25 14173184 c:\windows\system32\shell32.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 24742720 c:\windows\system32\nvoglv64.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 15693120 c:\windows\system32\nvd3dumx.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 24796992 c:\windows\system32\nvcompiler.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 24742720 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvoglv64.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 18871616 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvoglv32.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 12971840 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvlddmkm.sys
+ 2011-10-30 00:52 . 2011-10-15 08:53 15693120 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvd3dumx.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 13205312 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvd3dum.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 17248576 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvcompiler32.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 24796992 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvcompiler.dll
+ 2011-10-30 00:52 . 2011-10-15 08:53 12971840 c:\windows\system32\drivers\nvlddmkm.sys
+ 2011-09-18 01:14 . 2011-11-04 05:11 15863688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3491092077-2592809933-3551427508-1000-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"RocketDock"="c:\users\[email protected]@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe" [2007-09-02 495616]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-07 641400]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2011-05-20 1949088]
"Registry Repair Wizard Scheduler"="c:\program files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe" [2010-03-15 1540352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 5500800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LmpcService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Backup Client Agent Service;Backup Client Agent Service;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [2010-11-23 179200]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-04 584488]
R4 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-09-24 68928]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-16 2249000]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-09-24 341312]
S2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [2010-12-07 365704]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys [x]
S3 ALSysIO;ALSysIO;c:\users\[email protected]@L\AppData\Local\Temp\ALSysIO64.sys [x]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RTCORE64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 19:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3491092077-2592809933-3551427508-1000Core.job
- c:\users\[email protected]@L\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-27 04:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"combofix"="c:\combofix\CF5047.3XE" [2010-11-21 745984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com/?l=dis&o=15434
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Upload to Facebook - c:\program files (x86)\WebcamMax\share\iecontext.htm
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_่\00\00่\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~่\00\00่\00\00\00\00]\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\IObit\Game Booster\gbtray.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\SysWOW64\DllHost.exe
.
**************************************************************************
.
Completion time: 2011-11-04 00:17:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-04 05:17
.
Pre-Run: 95,701,245,952 bytes free
Post-Run: 97,105,162,240 bytes free
.
- - End Of File - - 8E06CF6584450215CBBD44A5284E2A41
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Attached is a file fix.txt. Download and Save it to your desktop. Do not try to open it as it is really explorer.exe. (Yours is infected)

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

FCopy::
C:\Users\[email protected]@L\Desktop\fix.txt | C:\windows\explorer.exe

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron
  • 0

#5
[email protected]@L

[email protected]@L

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 11-11-03.05 - [email protected]@L 11/04/2011 1:12.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2582 [GMT -5:00]
Running from: c:\users\[email protected]@L\Desktop\ComboFix.exe
Command switches used :: c:\users\[email protected]@L\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-04 06:19 . 2011-11-04 06:19 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29C324BD-C453-4129-88EC-2E47C8332FE3}\offreg.dll
2011-11-04 06:18 . 2011-11-04 06:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Malwarebytes
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\SUPERAntiSpyware.com
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-04 03:28 . 2011-11-04 03:28 -------- d-----w- c:\programdata\Malwarebytes
2011-11-04 03:28 . 2011-11-04 03:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-04 03:28 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-04 02:46 . 2011-11-04 02:46 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Enki Games
2011-11-04 02:36 . 2011-11-04 02:36 -------- d-----w- c:\program files (x86)\Reincarnations 3- Back to Reality Collectors Edition
2011-11-04 01:05 . 2011-11-04 01:05 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\TeamViewer
2011-11-03 12:05 . 2011-10-07 02:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29C324BD-C453-4129-88EC-2E47C8332FE3}\mpengine.dll
2011-11-03 12:01 . 2011-11-03 12:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-11-02 11:37 . 2011-11-02 11:47 -------- d-----w- c:\program files (x86)\Orcs Must Die!
2011-10-30 04:25 . 2011-10-30 04:25 -------- d-----w- c:\users\[email protected]@L\AppData\Local\HP
2011-10-30 04:21 . 2011-10-30 04:25 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\HP
2011-10-30 04:21 . 2011-10-30 04:21 -------- d-----w- c:\programdata\WEBREG
2011-10-30 04:17 . 2011-10-30 04:17 -------- d-----w- c:\programdata\HP Product Assistant
2011-10-30 04:16 . 2011-10-30 04:16 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-10-30 04:16 . 2011-10-30 04:16 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2011-10-30 04:14 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll
2011-10-30 04:06 . 2011-10-30 04:19 -------- d-----w- c:\program files (x86)\HP
2011-10-30 04:05 . 2011-10-30 04:21 -------- d-----w- c:\programdata\HP
2011-10-30 04:05 . 2009-07-08 10:51 938496 ----a-w- c:\windows\system32\hpowiax8.dll
2011-10-30 04:05 . 2009-07-08 10:51 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2011-10-30 04:05 . 2009-07-08 10:51 505344 ----a-w- c:\windows\system32\hpovst14.dll
2011-10-30 04:05 . 2009-07-08 10:51 1406464 ----a-w- c:\windows\system32\hpotiop6.dll
2011-10-30 01:10 . 2011-10-30 01:10 -------- d-----w- c:\programdata\restore
2011-10-30 00:54 . 2011-11-03 00:49 -------- d-----w- c:\users\UpdatusUser
2011-10-30 00:54 . 2011-10-30 00:55 -------- d-----w- c:\programdata\NVIDIA
2011-10-30 00:54 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-30 00:54 . 2011-10-15 08:53 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-30 00:54 . 2011-10-15 08:53 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-30 00:54 . 2011-10-15 08:53 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-30 00:54 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-30 00:54 . 2011-10-15 08:53 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-30 00:53 . 2011-10-30 00:53 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-10-29 13:59 . 2011-10-29 13:59 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\SmartPCTools
2011-10-29 13:58 . 2011-10-29 13:58 -------- d-----w- c:\program files (x86)\SmartPCTools
2011-10-29 06:04 . 2005-04-04 04:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-10-29 06:04 . 2011-10-29 06:04 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-10-29 06:04 . 2011-10-29 06:04 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-10-29 06:04 . 2005-04-04 04:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-10-29 06:04 . 2005-04-04 04:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-10-29 06:04 . 2005-04-04 04:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-10-29 06:04 . 2005-04-04 04:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-10-29 06:04 . 2005-04-04 03:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-10-27 04:50 . 2011-10-27 04:50 -------- d-----w- c:\users\[email protected]@L\AppData\Local\Facebook
2011-10-26 23:37 . 2011-10-07 02:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-26 23:35 . 2011-10-04 22:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0702DB1-7B2F-4608-9AAE-7796B1198D0E}\gapaengine.dll
2011-10-26 23:31 . 2011-10-26 23:31 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-10-26 23:31 . 2011-10-26 23:31 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-25 14:02 . 2011-10-25 14:02 -------- d-----w- c:\users\[email protected]@L\AppData\Local\PAYDAY
2011-10-25 14:02 . 2011-10-25 14:02 -------- d-----w- c:\programdata\RELOADED
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-24 13:57 . 2011-10-24 13:57 -------- d-----w- c:\program files (x86)\THQ
2011-10-23 09:47 . 2011-10-23 10:02 -------- d-----w- c:\program files (x86)\Payday The Heist
2011-10-23 00:36 . 2011-10-23 00:36 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Sahmon Games
2011-10-22 23:14 . 2011-10-22 23:15 -------- d-----w- c:\program files (x86)\The Island - Castaway 2
2011-10-21 22:14 . 2011-10-07 04:16 8570192 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03A46292-3676-44E9-A82D-221DF9D71B59}\mpengine.dll
2011-10-21 19:58 . 2011-10-21 20:49 -------- d-----w- c:\windows\FltMgr
2011-10-21 13:08 . 2011-10-21 13:08 -------- d-----w- c:\programdata\SwagHack_Galaxy_Edition_3
2011-10-21 13:03 . 2011-10-21 13:03 -------- d-----w- c:\users\[email protected]@L\AppData\Local\Panda Security
2011-10-21 12:58 . 2011-10-21 20:49 -------- d-----w- c:\program files (x86)\Panda Security
2011-10-21 12:58 . 2011-10-21 12:59 -------- d-----w- c:\programdata\Panda Security
2011-10-21 12:58 . 2011-10-21 12:58 -------- d-----w- c:\windows\SysWow64\PAV
2011-10-21 12:58 . 2011-10-21 12:58 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Panda Security
2011-10-21 12:58 . 2011-10-21 12:58 -------- d-----w- c:\program files (x86)\Common Files\Panda Security
2011-10-21 10:46 . 2011-10-21 20:49 -------- d-----w- c:\program files (x86)\Steam
2011-10-21 10:40 . 2011-10-21 10:40 -------- d-----w- c:\program files (x86)\Trendy Entertainment
2011-10-20 18:59 . 2011-10-20 19:05 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Trillian
2011-10-20 18:58 . 2011-10-21 20:49 -------- d-----w- c:\program files (x86)\Trillian
2011-10-20 02:07 . 2011-10-20 02:07 -------- d-----w- c:\users\[email protected]@L\AppData\Local\201280
2011-10-19 05:59 . 2011-10-19 05:59 -------- d-----w- c:\programdata\IObit
2011-10-19 05:59 . 2011-10-19 05:59 -------- d-----w- c:\program files (x86)\IObit
2011-10-18 22:28 . 2011-10-18 22:28 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Realtime Soft
2011-10-18 21:42 . 2011-10-18 21:42 -------- d-----w- c:\users\[email protected]@L\AppData\Local\David_Rudie
2011-10-18 03:15 . 2011-10-19 07:26 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\DeskSoft
2011-10-17 23:49 . 2011-10-18 00:18 -------- d-----w- c:\users\[email protected]@L\AppData\Local\Ubisoft Game Launcher
2011-10-17 23:37 . 2011-10-18 22:37 -------- d-----w- c:\program files (x86)\Ubisoft
2011-10-17 23:36 . 2011-10-17 23:36 -------- d--h--w- c:\users\[email protected]@L\InstallAnywhere
2011-10-16 21:15 . 2011-10-16 21:15 -------- d-----w- c:\program files\Computer Artworks
2011-10-16 21:14 . 2011-10-16 21:14 -------- d-----w- c:\program files (x86)\Computer Artworks
2011-10-16 20:35 . 2011-10-16 20:35 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-10-16 20:21 . 2011-10-16 20:39 -------- d-----w- C:\Games
2011-10-14 03:55 . 2011-10-14 03:55 -------- d-----w- c:\program files\iPod
2011-10-14 03:55 . 2011-10-14 03:56 -------- d-----w- c:\program files\iTunes
2011-10-14 03:55 . 2011-10-14 03:56 -------- d-----w- c:\program files (x86)\iTunes
2011-10-14 03:53 . 2011-10-14 03:53 -------- d-----w- c:\program files\Bonjour
2011-10-14 03:53 . 2011-10-14 03:53 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-12 19:03 . 2011-10-12 19:03 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Nitro PDF
2011-10-12 18:53 . 2011-09-24 20:02 17216 ----a-w- c:\windows\system32\nitrolocalui.dll
2011-10-12 18:53 . 2011-09-24 20:02 28992 ----a-w- c:\windows\system32\nitrolocalmon.dll
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\programdata\Nitro PDF
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\program files\Common Files\Nitro PDF
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\program files (x86)\Nitro PDF
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\program files (x86)\Common Files\Nitro PDF
2011-10-12 18:52 . 2011-10-12 18:52 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Downloaded Installations
2011-10-12 16:14 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 16:14 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 16:14 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 16:14 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-07 11:35 . 2011-10-21 20:49 -------- d-----w- c:\users\[email protected]@L\AppData\Local\SKIDROW
2011-10-07 11:21 . 2011-10-29 06:05 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2011-10-05 19:42 . 2011-10-05 19:42 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\dvdcss
2011-10-05 19:42 . 2011-10-05 19:42 -------- d-----w- c:\users\[email protected]@L\AppData\Local\:) Studio
2011-10-05 19:41 . 2011-10-05 19:41 -------- d-----w- c:\programdata\:yes: Studio
2011-10-05 19:41 . 2011-10-05 19:41 -------- d-----w- c:\program files (x86)\:) Studio
2011-10-05 17:21 . 2009-12-14 17:44 85048 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-10-05 17:21 . 2009-12-14 17:44 66104 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-10-05 17:20 . 2011-10-08 14:38 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-05 14:49 . 2011-10-14 03:58 -------- d-----w- c:\program files (x86)\Safari
2011-10-05 14:48 . 2011-10-14 03:18 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Apple Computer
2011-10-05 14:48 . 2011-10-05 14:48 -------- d-----w- c:\users\[email protected]@L\AppData\Local\Apple Computer
2011-10-05 14:48 . 2011-10-06 13:11 -------- dc----w- c:\windows\system32\DRVSTORE
2011-10-05 14:48 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-05 14:48 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-10-05 14:48 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-10-05 14:47 . 2011-10-05 14:48 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-10-05 14:47 . 2011-10-05 14:47 -------- d-----w- c:\program files\Common Files\Apple
2011-10-05 14:20 . 2011-10-14 03:55 -------- d-----w- c:\programdata\Apple Computer
2011-10-05 13:56 . 2011-10-05 13:56 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-10-05 07:06 . 2011-10-05 07:06 -------- d-----w- c:\users\Public\CyberLink
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 19:04 . 2011-09-18 01:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 14:25 . 2011-09-28 06:59 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-10 17:27 . 2011-09-28 06:59 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-04 02:35 . 2011-10-04 02:13 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-03 21:12 . 2011-09-28 06:59 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-03 10:06 . 2011-09-18 03:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-24 20:03 . 2011-09-24 20:03 68928 ----a-w- c:\windows\SysWow64\NLSSRV32.EXE
2011-09-24 17:08 . 2010-11-21 03:24 699904 ----a-w- c:\windows\system32\taskmgr.exe
2011-09-18 07:51 . 2010-11-21 03:24 3029504 ----a-w- c:\windows\SysWow64\themeui.dll
2011-09-18 07:51 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2011-09-18 07:51 . 2011-09-18 07:51 50536 ----a-w- c:\windows\UTP.exe
2011-09-18 01:45 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2011-09-18 01:45 . 2010-11-21 03:23 3126272 ----a-w- c:\windows\system32\themeui.dll
2011-09-18 01:44 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2011-09-06 20:45 . 2011-09-21 20:48 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-01 02:12 . 2011-09-18 03:55 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-31 04:05 . 2011-08-31 04:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 04:05 . 2011-08-31 04:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 04:05 . 2011-08-31 04:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 04:05 . 2011-08-31 04:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 04:05 . 2011-08-31 04:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[-] 2011-02-25 . C9A561405FC9A8019772A81D8A85E962 . 3090944 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot_2011-11-04_05.13.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2011-11-04 06:21 48246 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-04 06:21 35426 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-18 01:03 . 2011-11-04 06:21 10780 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3491092077-2592809933-3551427508-1000_UserData.bin
- 2011-09-18 00:53 . 2011-11-04 03:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-18 00:53 . 2011-11-04 05:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-18 00:53 . 2011-11-04 05:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-18 00:53 . 2011-11-04 03:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-04 05:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-04 03:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-18 01:00 . 2011-11-04 06:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-18 01:00 . 2011-11-04 05:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-18 01:00 . 2011-11-04 05:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-18 01:00 . 2011-11-04 06:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-19 22:36 . 2011-11-04 06:18 3168 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-09-19 22:36 . 2011-11-04 05:11 3168 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-11-04 06:19 . 2011-11-04 06:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-04 05:12 . 2011-11-04 05:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-04 05:12 . 2011-11-04 05:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-04 06:19 . 2011-11-04 06:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:12 . 2011-11-04 03:48 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-11-04 05:16 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-11-04 05:11 322300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-04 06:18 322300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-18 01:14 . 2011-11-04 06:18 15863688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3491092077-2592809933-3551427508-1000-12288.dat
- 2011-09-18 01:14 . 2011-11-04 05:11 15863688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3491092077-2592809933-3551427508-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"RocketDock"="c:\users\[email protected]@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe" [2007-09-02 495616]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-07 641400]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2011-05-20 1949088]
"Registry Repair Wizard Scheduler"="c:\program files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe" [2010-03-15 1540352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 5500800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LmpcService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Backup Client Agent Service;Backup Client Agent Service;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [2010-11-23 179200]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-04 584488]
R4 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-09-24 68928]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-16 2249000]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-09-24 341312]
S2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [2010-12-07 365704]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys [x]
S3 ALSysIO;ALSysIO;c:\users\[email protected]@L\AppData\Local\Temp\ALSysIO64.sys [x]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
*NewlyCreated* - RTCORE64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 19:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3491092077-2592809933-3551427508-1000Core.job
- c:\users\[email protected]@L\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-27 04:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com/?l=dis&o=15434
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Upload to Facebook - c:\program files (x86)\WebcamMax\share\iecontext.htm
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_่\00\00่\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~่\00\00่\00\00\00\00]\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\IObit\Game Booster\gbtray.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\windows\SysWOW64\DllHost.exe
.
**************************************************************************
.
Completion time: 2011-11-04 01:24:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-04 06:24
ComboFix2.txt 2011-11-04 05:17
.
Pre-Run: 97,803,370,496 bytes free
Post-Run: 97,754,882,048 bytes free
.
- - End Of File - - E41592FC3EC1A45A3D2C5B290C055884
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
That didn't work for some reason. Did you save the fix.txt file to your desktop?

Were you able to run TDSSKiller and aswmbr?
  • 0

#7
[email protected]@L

[email protected]@L

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I negligently missed those steps in the beginning should i do them now and repeat the CFScript.txt

Edited by [email protected]@L, 04 November 2011 - 12:46 AM.

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Not sure which steps you mean. We need the fix.txt file on your desktop so that cfscript has something to work with. IF you didn't download the file first then do so now and then run the cfscript/combofix. The other two programs also need to be run in order to see if there is other stuff hiding.
  • 0

#9
[email protected]@L

[email protected]@L

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
sorry for the mixup here's the other logs




01:51:40.0495 4452 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
01:51:41.0145 4452 ============================================================
01:51:41.0145 4452 Current date / time: 2011/11/04 01:51:41.0145
01:51:41.0145 4452 SystemInfo:
01:51:41.0145 4452
01:51:41.0146 4452 OS Version: 6.1.7601 ServicePack: 1.0
01:51:41.0146 4452 Product type: Workstation
01:51:41.0146 4452 ComputerName: WEZEL
01:51:41.0146 4452 UserName: [email protected]@L
01:51:41.0146 4452 Windows directory: C:\Windows
01:51:41.0146 4452 System windows directory: C:\Windows
01:51:41.0146 4452 Running under WOW64
01:51:41.0146 4452 Processor architecture: Intel x64
01:51:41.0146 4452 Number of processors: 4
01:51:41.0146 4452 Page size: 0x1000
01:51:41.0146 4452 Boot type: Normal boot
01:51:41.0146 4452 ============================================================
01:51:42.0864 4452 Initialize success
01:51:46.0905 3468 ============================================================
01:51:46.0906 3468 Scan started
01:51:46.0906 3468 Mode: Manual;
01:51:46.0906 3468 ============================================================
01:51:48.0007 3468 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
01:51:48.0015 3468 1394ohci - ok
01:51:48.0076 3468 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:51:48.0080 3468 ACPI - ok
01:51:48.0103 3468 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:51:48.0103 3468 AcpiPmi - ok
01:51:48.0166 3468 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
01:51:48.0184 3468 adp94xx - ok
01:51:48.0227 3468 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
01:51:48.0231 3468 adpahci - ok
01:51:48.0254 3468 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
01:51:48.0257 3468 adpu320 - ok
01:51:48.0347 3468 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
01:51:48.0364 3468 AFD - ok
01:51:48.0409 3468 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:51:48.0410 3468 agp440 - ok
01:51:48.0453 3468 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:51:48.0454 3468 aliide - ok
01:51:48.0478 3468 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:51:48.0478 3468 amdide - ok
01:51:48.0503 3468 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
01:51:48.0504 3468 AmdK8 - ok
01:51:48.0547 3468 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
01:51:48.0548 3468 AmdPPM - ok
01:51:48.0620 3468 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:51:48.0621 3468 amdsata - ok
01:51:48.0657 3468 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
01:51:48.0660 3468 amdsbs - ok
01:51:48.0693 3468 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:51:48.0694 3468 amdxata - ok
01:51:48.0719 3468 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:51:48.0721 3468 AppID - ok
01:51:48.0916 3468 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
01:51:48.0919 3468 arc - ok
01:51:49.0070 3468 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
01:51:49.0072 3468 arcsas - ok
01:51:49.0120 3468 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:51:49.0120 3468 AsyncMac - ok
01:51:49.0169 3468 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:51:49.0169 3468 atapi - ok
01:51:49.0249 3468 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
01:51:49.0265 3468 b06bdrv - ok
01:51:49.0337 3468 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:51:49.0363 3468 b57nd60a - ok
01:51:49.0419 3468 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:51:49.0419 3468 Beep - ok
01:51:49.0478 3468 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:51:49.0479 3468 blbdrive - ok
01:51:49.0554 3468 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:51:49.0555 3468 bowser - ok
01:51:49.0629 3468 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
01:51:49.0629 3468 BrFiltLo - ok
01:51:49.0653 3468 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
01:51:49.0653 3468 BrFiltUp - ok
01:51:49.0696 3468 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:51:49.0705 3468 Brserid - ok
01:51:49.0728 3468 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:51:49.0729 3468 BrSerWdm - ok
01:51:49.0752 3468 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:51:49.0753 3468 BrUsbMdm - ok
01:51:49.0778 3468 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:51:49.0778 3468 BrUsbSer - ok
01:51:49.0803 3468 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
01:51:49.0805 3468 BTHMODEM - ok
01:51:49.0915 3468 CamDrL64 (6e1641724439e18ce55adee2d347aa19) C:\Windows\system32\DRIVERS\CamDrL64.sys
01:51:49.0918 3468 CamDrL64 - ok
01:51:49.0953 3468 catchme - ok
01:51:49.0995 3468 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:51:49.0997 3468 cdfs - ok
01:51:50.0038 3468 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:51:50.0064 3468 cdrom - ok
01:51:50.0086 3468 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
01:51:50.0087 3468 circlass - ok
01:51:50.0133 3468 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:51:50.0150 3468 CLFS - ok
01:51:50.0203 3468 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
01:51:50.0204 3468 CmBatt - ok
01:51:50.0227 3468 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:51:50.0228 3468 cmdide - ok
01:51:50.0268 3468 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
01:51:50.0285 3468 CNG - ok
01:51:50.0344 3468 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
01:51:50.0345 3468 Compbatt - ok
01:51:50.0436 3468 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
01:51:50.0437 3468 CompositeBus - ok
01:51:50.0470 3468 cpuz135 - ok
01:51:50.0494 3468 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
01:51:50.0495 3468 crcdisk - ok
01:51:50.0552 3468 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
01:51:50.0570 3468 CSC - ok
01:51:50.0636 3468 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:51:50.0638 3468 DfsC - ok
01:51:50.0661 3468 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:51:50.0662 3468 discache - ok
01:51:50.0703 3468 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
01:51:50.0704 3468 Disk - ok
01:51:50.0746 3468 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
01:51:50.0748 3468 dmvsc - ok
01:51:50.0825 3468 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
01:51:50.0875 3468 Dot4 - ok
01:51:50.0924 3468 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
01:51:50.0924 3468 Dot4Print - ok
01:51:50.0988 3468 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
01:51:50.0989 3468 dot4usb - ok
01:51:51.0045 3468 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:51:51.0047 3468 drmkaud - ok
01:51:51.0106 3468 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:51:51.0111 3468 DXGKrnl - ok
01:51:51.0212 3468 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
01:51:51.0283 3468 ebdrv - ok
01:51:51.0352 3468 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
01:51:51.0370 3468 elxstor - ok
01:51:51.0394 3468 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:51:51.0395 3468 ErrDev - ok
01:51:51.0446 3468 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:51:51.0449 3468 exfat - ok
01:51:51.0471 3468 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:51:51.0474 3468 fastfat - ok
01:51:51.0528 3468 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:51:51.0529 3468 fdc - ok
01:51:51.0553 3468 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:51:51.0554 3468 FileInfo - ok
01:51:51.0578 3468 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:51:51.0579 3468 Filetrace - ok
01:51:51.0602 3468 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
01:51:51.0603 3468 flpydisk - ok
01:51:51.0630 3468 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:51:51.0640 3468 FltMgr - ok
01:51:51.0669 3468 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:51:51.0670 3468 FsDepends - ok
01:51:51.0703 3468 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
01:51:51.0703 3468 Fs_Rec - ok
01:51:51.0754 3468 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:51:51.0772 3468 fvevol - ok
01:51:51.0807 3468 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
01:51:51.0808 3468 gagp30kx - ok
01:51:51.0853 3468 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:51:51.0854 3468 GEARAspiWDM - ok
01:51:51.0877 3468 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:51:51.0878 3468 hcw85cir - ok
01:51:51.0922 3468 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:51:51.0948 3468 HdAudAddService - ok
01:51:51.0987 3468 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:51:51.0988 3468 HDAudBus - ok
01:51:52.0010 3468 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
01:51:52.0012 3468 HidBatt - ok
01:51:52.0050 3468 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
01:51:52.0051 3468 HidBth - ok
01:51:52.0078 3468 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
01:51:52.0079 3468 HidIr - ok
01:51:52.0135 3468 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
01:51:52.0136 3468 HidUsb - ok
01:51:52.0186 3468 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:51:52.0188 3468 HpSAMD - ok
01:51:52.0255 3468 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:51:52.0282 3468 HTTP - ok
01:51:52.0302 3468 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:51:52.0302 3468 hwpolicy - ok
01:51:52.0378 3468 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
01:51:52.0380 3468 i8042prt - ok
01:51:52.0479 3468 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:51:52.0496 3468 iaStorV - ok
01:51:52.0563 3468 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
01:51:52.0564 3468 iirsp - ok
01:51:52.0619 3468 IntcAzAudAddService - ok
01:51:52.0647 3468 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:51:52.0648 3468 intelide - ok
01:51:52.0694 3468 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:51:52.0695 3468 intelppm - ok
01:51:52.0745 3468 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:51:52.0746 3468 IpFilterDriver - ok
01:51:52.0769 3468 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:51:52.0771 3468 IPMIDRV - ok
01:51:52.0805 3468 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:51:52.0807 3468 IPNAT - ok
01:51:52.0861 3468 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:51:52.0861 3468 IRENUM - ok
01:51:52.0885 3468 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:51:52.0886 3468 isapnp - ok
01:51:52.0923 3468 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:51:52.0932 3468 iScsiPrt - ok
01:51:52.0953 3468 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
01:51:52.0954 3468 kbdclass - ok
01:51:52.0977 3468 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
01:51:52.0978 3468 kbdhid - ok
01:51:53.0012 3468 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
01:51:53.0013 3468 KSecDD - ok
01:51:53.0038 3468 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
01:51:53.0040 3468 KSecPkg - ok
01:51:53.0061 3468 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:51:53.0062 3468 ksthunk - ok
01:51:53.0120 3468 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:51:53.0121 3468 lltdio - ok
01:51:53.0153 3468 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
01:51:53.0156 3468 LSI_FC - ok
01:51:53.0192 3468 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
01:51:53.0194 3468 LSI_SAS - ok
01:51:53.0219 3468 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
01:51:53.0221 3468 LSI_SAS2 - ok
01:51:53.0245 3468 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
01:51:53.0247 3468 LSI_SCSI - ok
01:51:53.0270 3468 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:51:53.0272 3468 luafv - ok
01:51:53.0362 3468 LVUSBS64 (9761370ffb533cf6e4a7176f4baa3ba9) C:\Windows\system32\DRIVERS\LVUSBS64.sys
01:51:53.0363 3468 LVUSBS64 - ok
01:51:53.0442 3468 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
01:51:53.0443 3468 MBAMProtector - ok
01:51:53.0469 3468 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
01:51:53.0470 3468 megasas - ok
01:51:53.0511 3468 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
01:51:53.0529 3468 MegaSR - ok
01:51:53.0552 3468 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:51:53.0553 3468 Modem - ok
01:51:53.0592 3468 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:51:53.0593 3468 monitor - ok
01:51:53.0619 3468 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:51:53.0620 3468 mouclass - ok
01:51:53.0688 3468 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:51:53.0689 3468 mouhid - ok
01:51:53.0711 3468 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:51:53.0712 3468 mountmgr - ok
01:51:53.0804 3468 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
01:51:53.0822 3468 MpFilter - ok
01:51:53.0874 3468 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:51:53.0875 3468 mpio - ok
01:51:53.0937 3468 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
01:51:53.0938 3468 MpNWMon - ok
01:51:53.0961 3468 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:51:53.0962 3468 mpsdrv - ok
01:51:53.0987 3468 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:51:53.0989 3468 MRxDAV - ok
01:51:54.0032 3468 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:51:54.0049 3468 mrxsmb - ok
01:51:54.0097 3468 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:51:54.0101 3468 mrxsmb10 - ok
01:51:54.0130 3468 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:51:54.0147 3468 mrxsmb20 - ok
01:51:54.0181 3468 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:51:54.0182 3468 msahci - ok
01:51:54.0204 3468 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:51:54.0206 3468 msdsm - ok
01:51:54.0237 3468 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:51:54.0237 3468 Msfs - ok
01:51:54.0260 3468 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:51:54.0261 3468 mshidkmdf - ok
01:51:54.0286 3468 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:51:54.0286 3468 msisadrv - ok
01:51:54.0406 3468 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:51:54.0407 3468 MSKSSRV - ok
01:51:54.0426 3468 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:51:54.0427 3468 MSPCLOCK - ok
01:51:54.0452 3468 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:51:54.0453 3468 MSPQM - ok
01:51:54.0494 3468 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:51:54.0510 3468 MsRPC - ok
01:51:54.0536 3468 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
01:51:54.0536 3468 mssmbios - ok
01:51:54.0560 3468 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:51:54.0561 3468 MSTEE - ok
01:51:54.0585 3468 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
01:51:54.0585 3468 MTConfig - ok
01:51:54.0611 3468 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:51:54.0611 3468 Mup - ok
01:51:54.0670 3468 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:51:54.0679 3468 NativeWifiP - ok
01:51:54.0751 3468 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:51:54.0756 3468 NDIS - ok
01:51:54.0777 3468 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:51:54.0778 3468 NdisCap - ok
01:51:54.0821 3468 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:51:54.0822 3468 NdisTapi - ok
01:51:54.0844 3468 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:51:54.0845 3468 Ndisuio - ok
01:51:54.0871 3468 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:51:54.0873 3468 NdisWan - ok
01:51:54.0894 3468 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:51:54.0896 3468 NDProxy - ok
01:51:54.0944 3468 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:51:54.0945 3468 NetBIOS - ok
01:51:55.0001 3468 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:51:55.0010 3468 NetBT - ok
01:51:55.0105 3468 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
01:51:55.0106 3468 nfrd960 - ok
01:51:55.0173 3468 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
01:51:55.0174 3468 NisDrv - ok
01:51:55.0252 3468 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:51:55.0253 3468 Npfs - ok
01:51:55.0277 3468 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:51:55.0278 3468 nsiproxy - ok
01:51:55.0419 3468 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:51:55.0427 3468 Ntfs - ok
01:51:55.0458 3468 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:51:55.0459 3468 Null - ok
01:51:55.0541 3468 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
01:51:55.0557 3468 NVENETFD - ok
01:51:55.0597 3468 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
01:51:55.0598 3468 NVHDA - ok
01:51:55.0958 3468 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:51:56.0208 3468 nvlddmkm - ok
01:51:56.0262 3468 NVNET - ok
01:51:56.0308 3468 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:51:56.0342 3468 nvraid - ok
01:51:56.0402 3468 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:51:56.0410 3468 nvstor - ok
01:51:56.0486 3468 nvstor64 (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS\nvstor64.sys
01:51:56.0487 3468 nvstor64 - ok
01:51:56.0549 3468 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:51:56.0551 3468 nv_agp - ok
01:51:56.0578 3468 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:51:56.0579 3468 ohci1394 - ok
01:51:56.0612 3468 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
01:51:56.0614 3468 Parport - ok
01:51:56.0635 3468 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
01:51:56.0636 3468 partmgr - ok
01:51:56.0662 3468 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:51:56.0664 3468 pci - ok
01:51:56.0695 3468 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:51:56.0695 3468 pciide - ok
01:51:56.0729 3468 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
01:51:56.0738 3468 pcmcia - ok
01:51:56.0760 3468 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:51:56.0761 3468 pcw - ok
01:51:56.0799 3468 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:51:56.0817 3468 PEAUTH - ok
01:51:56.0922 3468 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:51:56.0924 3468 PptpMiniport - ok
01:51:56.0945 3468 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
01:51:56.0947 3468 Processor - ok
01:51:57.0003 3468 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:51:57.0017 3468 Psched - ok
01:51:57.0117 3468 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
01:51:57.0118 3468 PxHlpa64 - ok
01:51:57.0186 3468 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
01:51:57.0221 3468 ql2300 - ok
01:51:57.0263 3468 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
01:51:57.0266 3468 ql40xx - ok
01:51:57.0293 3468 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:51:57.0294 3468 QWAVEdrv - ok
01:51:57.0343 3468 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:51:57.0344 3468 RasAcd - ok
01:51:57.0388 3468 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:51:57.0390 3468 RasAgileVpn - ok
01:51:57.0419 3468 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:51:57.0421 3468 Rasl2tp - ok
01:51:57.0451 3468 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:51:57.0453 3468 RasPppoe - ok
01:51:57.0477 3468 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:51:57.0479 3468 RasSstp - ok
01:51:57.0516 3468 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:51:57.0520 3468 rdbss - ok
01:51:57.0551 3468 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:51:57.0553 3468 rdpbus - ok
01:51:57.0577 3468 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:51:57.0577 3468 RDPCDD - ok
01:51:57.0632 3468 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
01:51:57.0641 3468 RDPDR - ok
01:51:57.0693 3468 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:51:57.0694 3468 RDPENCDD - ok
01:51:57.0717 3468 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:51:57.0718 3468 RDPREFMP - ok
01:51:57.0762 3468 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
01:51:57.0763 3468 RdpVideoMiniport - ok
01:51:57.0788 3468 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
01:51:57.0803 3468 RDPWD - ok
01:51:57.0829 3468 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:51:57.0831 3468 rdyboost - ok
01:51:57.0904 3468 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:51:57.0905 3468 rspndr - ok
01:51:57.0940 3468 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
01:51:57.0941 3468 s3cap - ok
01:51:58.0079 3468 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
01:51:58.0079 3468 SASDIFSV - ok
01:51:58.0108 3468 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
01:51:58.0108 3468 SASKUTIL - ok
01:51:58.0135 3468 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:51:58.0137 3468 sbp2port - ok
01:51:58.0217 3468 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
01:51:58.0219 3468 SCDEmu - ok
01:51:58.0266 3468 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:51:58.0267 3468 scfilter - ok
01:51:58.0337 3468 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:51:58.0338 3468 secdrv - ok
01:51:58.0410 3468 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:51:58.0411 3468 Serenum - ok
01:51:58.0444 3468 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:51:58.0446 3468 Serial - ok
01:51:58.0468 3468 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
01:51:58.0469 3468 sermouse - ok
01:51:58.0493 3468 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:51:58.0494 3468 sffdisk - ok
01:51:58.0518 3468 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:51:58.0519 3468 sffp_mmc - ok
01:51:58.0543 3468 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:51:58.0544 3468 sffp_sd - ok
01:51:58.0568 3468 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
01:51:58.0569 3468 sfloppy - ok
01:51:58.0618 3468 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
01:51:58.0620 3468 SiSRaid2 - ok
01:51:58.0659 3468 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
01:51:58.0660 3468 SiSRaid4 - ok
01:51:58.0710 3468 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:51:58.0712 3468 Smb - ok
01:51:58.0777 3468 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:51:58.0778 3468 spldr - ok
01:51:58.0833 3468 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:51:58.0849 3468 srv - ok
01:51:58.0905 3468 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:51:58.0930 3468 srv2 - ok
01:51:58.0975 3468 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:51:58.0983 3468 srvnet - ok
01:51:59.0025 3468 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
01:51:59.0026 3468 stexstor - ok
01:51:59.0091 3468 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
01:51:59.0092 3468 storflt - ok
01:51:59.0119 3468 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
01:51:59.0120 3468 storvsc - ok
01:51:59.0155 3468 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
01:51:59.0156 3468 swenum - ok
01:51:59.0208 3468 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
01:51:59.0209 3468 Synth3dVsc - ok
01:51:59.0291 3468 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
01:51:59.0301 3468 Tcpip - ok
01:51:59.0391 3468 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
01:51:59.0401 3468 TCPIP6 - ok
01:51:59.0440 3468 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:51:59.0441 3468 tcpipreg - ok
01:51:59.0481 3468 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:51:59.0482 3468 TDPIPE - ok
01:51:59.0509 3468 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
01:51:59.0510 3468 TDTCP - ok
01:51:59.0571 3468 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:51:59.0573 3468 tdx - ok
01:51:59.0619 3468 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
01:51:59.0620 3468 TermDD - ok
01:51:59.0644 3468 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
01:51:59.0645 3468 terminpt - ok
01:51:59.0685 3468 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:51:59.0686 3468 tssecsrv - ok
01:51:59.0709 3468 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:51:59.0711 3468 TsUsbFlt - ok
01:51:59.0735 3468 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
01:51:59.0736 3468 TsUsbGD - ok
01:51:59.0760 3468 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
01:51:59.0763 3468 tsusbhub - ok
01:51:59.0820 3468 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:51:59.0822 3468 tunnel - ok
01:51:59.0843 3468 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
01:51:59.0844 3468 uagp35 - ok
01:51:59.0883 3468 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:51:59.0901 3468 udfs - ok
01:51:59.0926 3468 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:51:59.0928 3468 uliagpkx - ok
01:51:59.0952 3468 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
01:51:59.0953 3468 umbus - ok
01:51:59.0976 3468 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
01:51:59.0977 3468 UmPass - ok
01:52:00.0049 3468 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
01:52:00.0051 3468 usbaudio - ok
01:52:00.0104 3468 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
01:52:00.0106 3468 usbccgp - ok
01:52:00.0135 3468 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:52:00.0137 3468 usbcir - ok
01:52:00.0169 3468 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
01:52:00.0170 3468 usbehci - ok
01:52:00.0241 3468 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
01:52:00.0257 3468 usbhub - ok
01:52:00.0301 3468 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
01:52:00.0302 3468 usbohci - ok
01:52:00.0348 3468 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:52:00.0349 3468 usbprint - ok
01:52:00.0413 3468 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
01:52:00.0414 3468 usbscan - ok
01:52:00.0466 3468 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:52:00.0467 3468 USBSTOR - ok
01:52:00.0506 3468 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
01:52:00.0507 3468 usbuhci - ok
01:52:00.0580 3468 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:52:00.0580 3468 vdrvroot - ok
01:52:00.0626 3468 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:52:00.0627 3468 vga - ok
01:52:00.0651 3468 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:52:00.0652 3468 VgaSave - ok
01:52:00.0675 3468 VGPU - ok
01:52:00.0713 3468 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:52:00.0717 3468 vhdmp - ok
01:52:00.0743 3468 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:52:00.0744 3468 viaide - ok
01:52:00.0789 3468 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
01:52:00.0796 3468 vmbus - ok
01:52:00.0825 3468 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
01:52:00.0826 3468 VMBusHID - ok
01:52:00.0852 3468 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:52:00.0852 3468 volmgr - ok
01:52:00.0889 3468 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:52:00.0898 3468 volmgrx - ok
01:52:00.0931 3468 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:52:00.0934 3468 volsnap - ok
01:52:00.0978 3468 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
01:52:00.0987 3468 vsmraid - ok
01:52:01.0009 3468 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
01:52:01.0010 3468 vwifibus - ok
01:52:01.0043 3468 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
01:52:01.0044 3468 WacomPen - ok
01:52:01.0085 3468 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:52:01.0086 3468 WANARP - ok
01:52:01.0111 3468 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:52:01.0112 3468 Wanarpv6 - ok
01:52:01.0191 3468 WCMVCAM (3a2d452c40162823b79867040b46d4a8) C:\Windows\system32\DRIVERS\wcmvcam64.sys
01:52:01.0196 3468 WCMVCAM - ok
01:52:01.0226 3468 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
01:52:01.0227 3468 Wd - ok
01:52:01.0272 3468 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:52:01.0289 3468 Wdf01000 - ok
01:52:01.0359 3468 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:52:01.0360 3468 WfpLwf - ok
01:52:01.0384 3468 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:52:01.0385 3468 WIMMount - ok
01:52:01.0451 3468 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:52:01.0452 3468 WmiAcpi - ok
01:52:01.0509 3468 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:52:01.0510 3468 ws2ifsl - ok
01:52:01.0563 3468 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:52:01.0565 3468 WudfPf - ok
01:52:01.0611 3468 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:52:01.0614 3468 WUDFRd - ok
01:52:01.0666 3468 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:52:01.0672 3468 \Device\Harddisk0\DR0 - ok
01:52:01.0675 3468 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
01:52:01.0679 3468 \Device\Harddisk1\DR1 - ok
01:52:01.0681 3468 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
01:52:01.0685 3468 \Device\Harddisk2\DR2 - ok
01:52:01.0688 3468 Boot (0x1200) (deaf58d051002368b45f1df4b8942b4b) \Device\Harddisk0\DR0\Partition0
01:52:01.0688 3468 \Device\Harddisk0\DR0\Partition0 - ok
01:52:01.0691 3468 Boot (0x1200) (8f0323b1e5aaeed3423b923026809858) \Device\Harddisk1\DR1\Partition0
01:52:01.0692 3468 \Device\Harddisk1\DR1\Partition0 - ok
01:52:01.0694 3468 Boot (0x1200) (7f942c6a33d071ba3b8b1d629d7d6b80) \Device\Harddisk2\DR2\Partition0
01:52:01.0694 3468 \Device\Harddisk2\DR2\Partition0 - ok
01:52:01.0695 3468 ============================================================
01:52:01.0695 3468 Scan finished
01:52:01.0695 3468 ============================================================
01:52:01.0702 0848 Detected object count: 0
01:52:01.0702 0848 Actual detected object count: 0
01:52:27.0300 1204 Deinitialize success





**************************************************************************************************************





aswMBR Fix button was not enabled after scan


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-04 01:58:34
-----------------------------
01:58:34.323 OS Version: Windows x64 6.1.7601 Service Pack 1
01:58:34.323 Number of processors: 4 586 0xF07
01:58:34.324 ComputerName: WEZEL UserName: [email protected]@L
01:58:34.982 Initialize success
01:58:37.629 AVAST engine defs: 11110301
01:58:38.721 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
01:58:38.723 Disk 0 Vendor: Maxtor_7 BANC Size: 286188MB BusType: 3
01:58:38.724 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005f
01:58:38.726 Disk 1 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
01:58:38.730 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000061
01:58:38.732 Disk 2 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
01:58:40.799 Disk 0 MBR read successfully
01:58:40.801 Disk 0 MBR scan
01:58:40.804 Disk 0 Windows 7 default MBR code
01:58:40.812 Service scanning
01:58:41.751 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
01:58:42.335 Modules scanning
01:58:43.389 AVAST engine scan C:\Windows
01:58:58.789 AVAST engine scan C:\Windows\system32
02:00:30.674 AVAST engine scan C:\Windows\system32\drivers
02:00:58.086 AVAST engine scan C:\Users\[email protected]@L
02:04:33.664 AVAST engine scan C:\ProgramData
02:06:03.116 Scan finished successfully
02:07:02.561 Disk 0 MBR has been saved successfully to "C:\Users\[email protected]@L\Desktop\MBR.dat"
02:07:02.565 The log file has been saved successfully to "C:\Users\[email protected]@L\Desktop\aswMBR.txt"





************************************************************************************************************






OTL logfile created on: 11/4/2011 2:11:01 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\[email protected]@L\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 42.87% Memory free
8.00 Gb Paging File | 5.34 Gb Available in Paging File | 66.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.48 Gb Total Space | 91.02 Gb Free Space | 32.57% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 356.51 Gb Free Space | 38.27% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 78.73 Gb Free Space | 8.45% Space Free | Partition Type: NTFS

Computer Name: WEZEL | User Name: [email protected]@L | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/03 23:15:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\[email protected]@L\Desktop\OTL.exe
PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/03 16:12:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/29 21:19:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/03/30 09:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/12/07 14:41:58 | 000,365,704 | ---- | M] (NovaStor) -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
PRC - [2010/11/20 22:25:10 | 000,495,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/03/14 22:56:12 | 001,540,352 | ---- | M] (SmartPCTools) -- C:\Program Files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe
PRC - [2007/09/02 15:58:52 | 000,495,616 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/23 14:04:37 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 21:18:59 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2007/09/02 15:58:52 | 000,495,616 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe
MOD - [2007/09/02 15:57:36 | 000,069,632 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/24 15:03:32 | 000,341,312 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe -- (NitroDriverReadSpool)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/08/19 17:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/03 16:12:45 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/24 15:03:42 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/04 13:39:14 | 000,584,488 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/12/07 14:41:58 | 000,365,704 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)
SRV - [2010/11/22 19:09:14 | 000,179,200 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe -- (Backup Client Agent Service)
SRV - [2010/11/16 08:25:29 | 002,249,000 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/06/23 01:43:04 | 001,071,032 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\wcmvcam64.sys -- (WCMVCAM)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/04/12 03:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/02/03 12:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/02/03 12:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15434
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 2E EC CC 9E 75 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\[email protected]@L\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/09/25 00:39:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 23:18:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/27 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/27 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 23:18:59 | 000,000,000 | ---D | M]

[2011/09/17 20:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Extensions
[2011/11/03 21:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions
[2011/09/27 18:26:16 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/09/23 20:29:58 | 000,000,000 | ---D | M] (LightShot (screenshot tool)) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2011/10/25 19:01:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/17 20:21:20 | 000,000,000 | ---D | M] (WOT) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/03 21:37:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/10/22 16:45:43 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011/10/12 03:06:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/09/17 20:21:19 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\[email protected]
[2011/10/02 17:38:25 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\[email protected]
[2011/09/17 20:21:19 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\[email protected]
[2011/09/17 20:21:19 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\[email protected]
[2011/10/04 16:00:25 | 000,002,572 | ---- | M] () -- C:\Users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\searchplugins\askcom.xml
[2011/10/21 17:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/17 22:38:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/10/21 16:57:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/17 20:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011/09/17 20:05:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
() (No name found) -- C:\USERS\[email protected]@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
() (No name found) -- C:\USERS\[email protected]@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\[email protected]@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
() (No name found) -- C:\USERS\[email protected]@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
() (No name found) -- C:\USERS\[email protected]@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.XPI
() (No name found) -- C:\USERS\[email protected]@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\[email protected]@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\[email protected]@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\[email protected]@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\[email protected]
[2011/09/29 21:19:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/29 21:18:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/04 01:19:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [Registry Repair Wizard Scheduler] C:\Program Files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe (SmartPCTools)
O4 - HKCU..\Run: [RocketDock] C:\Users\[email protected]@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Upload to Facebook - C:\Program Files (x86)\WebcamMax\share\iecontext.htm File not found
O8 - Extra context menu item: Upload to Facebook - C:\Program Files (x86)\WebcamMax\share\iecontext.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C467AA4-DC81-41E6-A854-E08F21501115}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes3\deskscapes.dll (Stardock Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/04 01:32:43 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\[email protected]@L\Desktop\aswMBR.exe
[2011/11/04 01:32:36 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\[email protected]@L\Desktop\tdsskiller.exe
[2011/11/04 01:24:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/04 01:19:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/04 00:00:58 | 004,282,413 | R--- | C] (Swearware) -- C:\Users\[email protected]@L\Desktop\ComboFix.exe
[2011/11/03 23:15:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\[email protected]@L\Desktop\OTL.exe
[2011/11/03 22:29:25 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Malwarebytes
[2011/11/03 22:29:21 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/03 22:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/03 22:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/03 22:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/03 22:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/03 22:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/03 22:28:52 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/03 22:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/03 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Enki Games
[2011/11/03 21:37:03 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincarnations 3- Back to Reality Collectors Edition
[2011/11/03 21:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reincarnations 3- Back to Reality Collectors Edition
[2011/11/03 20:05:04 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\TeamViewer
[2011/11/03 07:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/11/02 06:47:38 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\Orcs Must Die
[2011/11/02 06:45:04 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orcs Must Die!
[2011/11/02 06:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orcs Must Die!
[2011/11/02 06:36:46 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Desktop\Orcs.Must.Die.v1.0r8.update.cracked.READ.NFO-THETA [ALEX]
[2011/11/02 06:36:45 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Desktop\Orcs.Must.Die.v1.0r7.update.cracked.fixed.READ.NFO-THETA [ALEX]
[2011/11/02 06:34:46 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Desktop\Orcs.Must.Die.v1.0r6.multi9.cracked.READ.NFO-THETA
[2011/10/29 23:25:08 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\HP
[2011/10/29 23:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/10/29 23:21:26 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\HP
[2011/10/29 23:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/10/29 23:16:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011/10/29 23:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011/10/29 23:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/10/29 23:14:45 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2011/10/29 23:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/10/29 23:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/10/29 23:05:10 | 000,938,496 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpowiax8.dll
[2011/10/29 23:05:10 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll
[2011/10/29 23:05:09 | 001,406,464 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpotiop6.dll
[2011/10/29 23:05:09 | 000,505,344 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpovst14.dll
[2011/10/29 20:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\restore
[2011/10/29 19:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/10/29 19:54:11 | 010,406,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/10/29 19:54:11 | 005,067,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011/10/29 19:54:11 | 000,837,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011/10/29 19:54:11 | 000,222,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/10/29 19:54:11 | 000,137,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011/10/29 19:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/10/29 19:52:58 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2011/10/29 19:52:58 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2011/10/29 19:52:56 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/10/29 19:52:56 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/10/29 19:52:56 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/10/29 19:52:56 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/10/29 19:52:56 | 015,693,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/10/29 19:52:56 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/10/29 19:52:56 | 008,791,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/10/29 19:52:56 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/10/29 19:52:56 | 007,041,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/10/29 19:52:56 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/10/29 19:52:56 | 002,808,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011/10/29 19:52:56 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/10/29 19:52:56 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/10/29 19:52:56 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/10/29 19:52:56 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/10/29 19:52:56 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/10/29 19:52:56 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/10/29 19:52:56 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/10/29 19:52:56 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/10/29 19:52:56 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/10/29 16:44:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/29 16:44:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/29 16:44:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/29 16:44:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/29 16:43:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/29 08:59:24 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\SmartPCTools
[2011/10/29 08:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair Wizard
[2011/10/29 08:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartPCTools
[2011/10/27 20:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/27 20:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/10/26 23:50:11 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\Facebook
[2011/10/26 18:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/10/26 18:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/25 09:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2011/10/25 09:02:03 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\PAYDAY
[2011/10/24 14:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2011/10/24 14:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2011/10/24 12:35:46 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\My Games
[2011/10/24 09:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2011/10/24 08:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2011/10/23 04:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Payday The Heist
[2011/10/22 19:36:48 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Sahmon Games
[2011/10/22 18:15:02 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Island - Castaway 2
[2011/10/22 18:14:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Island - Castaway 2
[2011/10/21 17:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/10/21 16:57:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/21 16:57:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/21 16:57:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/21 14:58:56 | 000,000,000 | ---D | C] -- C:\Windows\FltMgr
[2011/10/21 08:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SwagHack_Galaxy_Edition_3
[2011/10/21 08:03:28 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\Panda Security
[2011/10/21 07:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2012
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\PAV
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Panda Security
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011/10/21 07:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panda Security
[2011/10/21 05:46:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2011/10/21 05:40:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trendy Entertainment
[2011/10/20 19:44:51 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\My Cheat Tables
[2011/10/20 13:59:29 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Trillian
[2011/10/20 13:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian
[2011/10/19 21:07:52 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\201280
[2011/10/19 02:28:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/10/19 00:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster
[2011/10/19 00:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/10/19 00:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/10/18 22:11:25 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\The Adventures of Tintin
[2011/10/18 17:28:03 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Realtime Soft
[2011/10/18 16:42:33 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\David_Rudie
[2011/10/18 15:50:31 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\SoftTH
[2011/10/17 22:15:56 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\DeskSoft
[2011/10/17 22:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Almeza
[2011/10/17 22:12:23 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\Almeza
[2011/10/17 18:49:44 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\Ubisoft Game Launcher
[2011/10/17 18:43:45 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\Ubisoft
[2011/10/17 18:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011/10/17 18:36:31 | 000,000,000 | -H-D | C] -- C:\Users\[email protected]@L\InstallAnywhere
[2011/10/16 16:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Computer Artworks
[2011/10/16 16:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Thing
[2011/10/16 16:14:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Computer Artworks
[2011/10/16 15:38:48 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\Eidos
[2011/10/16 15:21:28 | 000,000,000 | ---D | C] -- C:\Games
[2011/10/13 22:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/13 22:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/13 22:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/13 22:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/13 22:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/13 22:53:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/12 14:03:56 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Nitro PDF
[2011/10/12 13:53:27 | 000,028,992 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon.dll
[2011/10/12 13:53:27 | 000,017,216 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui.dll
[2011/10/12 13:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2011/10/12 13:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2011/10/12 13:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2011/10/12 13:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2011/10/12 13:52:19 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Downloaded Installations
[2011/10/12 11:15:41 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/10/12 11:15:41 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/12 11:15:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/12 11:15:40 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/12 11:15:40 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/12 11:15:40 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/12 11:15:40 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/12 11:15:38 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/12 11:15:38 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/12 11:15:38 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/12 11:15:37 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/12 11:14:56 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/12 11:14:56 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/07 06:35:21 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\SKIDROW
[2011/10/07 06:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2011/10/07 06:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2011/10/07 05:23:26 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/10/07 05:23:26 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/10/07 05:23:26 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/10/07 05:23:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/10/07 05:23:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/10/07 05:23:26 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/10/07 05:23:25 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/10/07 05:23:22 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/10/07 05:23:22 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011/10/06 08:11:13 | 000,000,000 | --SD | C] -- C:\Users\[email protected]@L\Documents\Passwords Database
[2011/10/05 14:42:46 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\dvdcss
[2011/10/05 14:42:26 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\Documents\:) Studio
[2011/10/05 14:42:26 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\:yes: Studio
[2011/10/05 14:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\:)
[2011/10/05 14:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\:) Studio
[2011/10/05 14:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\:) Studio
[2011/10/05 12:21:25 | 000,085,048 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2011/10/05 12:21:25 | 000,066,104 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2011/10/05 12:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/05 09:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2011/10/05 09:48:47 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Roaming\Apple Computer
[2011/10/05 09:48:47 | 000,000,000 | ---D | C] -- C:\Users\[email protected]@L\AppData\Local\Apple Computer
[2011/10/05 09:48:23 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011/10/05 09:48:23 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011/10/05 09:48:23 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/10/05 09:48:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/10/05 09:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/10/05 09:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/10/05 09:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/10/05 08:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/04 02:07:02 | 000,000,512 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\MBR.dat
[2011/11/04 01:33:04 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\[email protected]@L\Desktop\aswMBR.exe
[2011/11/04 01:32:43 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\[email protected]@L\Desktop\tdsskiller.exe
[2011/11/04 01:27:56 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/04 01:27:56 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/04 01:19:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/04 01:19:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/04 01:19:01 | 3220,074,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/04 00:53:12 | 182,972,416 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\beavis.and.butt-head.902.pdtv.xvid-sys.avi
[2011/11/04 00:01:10 | 004,282,413 | R--- | M] (Swearware) -- C:\Users\[email protected]@L\Desktop\ComboFix.exe
[2011/11/03 23:15:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\[email protected]@L\Desktop\OTL.exe
[2011/11/03 22:29:53 | 000,007,605 | ---- | M] () -- C:\Users\[email protected]@L\AppData\Local\Resmon.ResmonCfg
[2011/11/03 20:19:48 | 366,962,000 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\Charlies.Angels.2011.S01E06.HDTV.XviD-ASAP.avi
[2011/11/02 21:34:07 | 576,767,162 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\james.mays.man.lab.s01e03.ws.pdtv.xvid-ftp.avi
[2011/11/02 21:08:11 | 576,755,712 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\James.Mays.Man.Lab.S01E02.WS.PDTV.XviD-BARGE.avi
[2011/11/02 21:01:33 | 575,969,280 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\James.Mays.Man.Lab.S01E01.WS.PDTV.XviD-FTP.avi
[2011/11/01 11:36:00 | 000,782,702 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/01 11:36:00 | 000,662,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/01 11:36:00 | 000,122,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/31 19:38:27 | 419,433,678 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/30 09:36:59 | 004,841,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/29 23:21:17 | 000,164,734 | ---- | M] () -- C:\Windows\hpoins29.dat
[2011/10/29 23:18:22 | 000,002,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/10/29 07:33:56 | 183,485,720 | ---- | M] () -- C:\Users\[email protected]@L\Desktop\X-Men.2011.S01E02.HDTV.XviD-LMAO.avi
[2011/10/26 23:50:13 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3491092077-2592809933-3551427508-1000Core.job
[2011/10/26 18:34:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/26 18:31:17 | 000,796,360 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/24 14:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2011/10/24 14:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2011/10/23 14:04:37 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/15 03:53:00 | 024,796,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/10/15 03:53:00 | 024,742,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/10/15 03:53:00 | 018,871,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/10/15 03:53:00 | 017,248,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/10/15 03:53:00 | 015,693,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/10/15 03:53:00 | 013,205,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/10/15 03:53:00 | 010,406,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/10/15 03:53:00 | 008,791,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/10/15 03:53:00 | 007,581,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/10/15 03:53:00 | 007,041,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/10/15 03:53:00 | 005,578,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/10/15 03:53:00 | 005,067,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011/10/15 03:53:00 | 002,808,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011/10/15 03:53:00 | 002,542,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/10/15 03:53:00 | 002,458,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/10/15 03:53:00 | 002,401,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/10/15 03:53:00 | 002,232,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/10/15 03:53:00 | 002,099,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/10/15 03:53:00 | 001,533,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/10/15 03:53:00 | 001,454,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/10/15 03:53:00 | 000,837,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011/10/15 03:53:00 | 000,222,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/10/15 03:53:00 | 000,137,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011/10/15 03:53:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/10/15 03:53:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/10/15 03:53:00 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011/10/13 22:58:41 | 000,002,515 | ---- | M] () -- C:\Users\[email protected]@L\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/11 09:25:39 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/10 12:27:45 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/10/08 16:39:53 | 000,000,117 | ---- | M] () -- C:\Users\[email protected]@L\Documents\Rage.cht
[2011/10/08 14:26:28 | 000,001,806 | ---- | M] () -- C:\Windows\TSearch.INI
[2011/10/05 14:41:58 | 000,002,223 | ---- | M] () -- C:\Users\[email protected]@L\Application Data\Microsoft\Internet Explorer\Quick Launch\:) DVD Ripper.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/04 02:07:02 | 000,000,512 | ---- | C] () -- C:\Users\[email protected]@L\Desktop\MBR.dat
[2011/11/04 00:51:31 | 182,972,416 | ---- | C] () -- C:\Users\[email protected]@L\Desktop\beavis.and.butt-head.902.pdtv.xvid-sys.avi
[2011/11/03 20:12:14 | 366,962,000 | ---- | C] () -- C:\Users\[email protected]@L\Desktop\Charlies.Angels.2011.S01E06.HDTV.XviD-ASAP.avi
[2011/11/02 21:12:11 | 576,767,162 | ---- | C] () -- C:\Users\[email protected]@L\Desktop\james.mays.man.lab.s01e03.ws.pdtv.xvid-ftp.avi
[2011/11/02 21:02:42 | 576,755,712 | ---- | C] () -- C:\Users\[email protected]@L\Desktop\James.Mays.Man.Lab.S01E02.WS.PDTV.XviD-BARGE.avi
[2011/11/02 20:49:36 | 575,969,280 | ---- | C] () -- C:\Users\[email protected]@L\Desktop\James.Mays.Man.Lab.S01E01.WS.PDTV.XviD-FTP.avi
[2011/10/29 23:18:44 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/10/29 23:18:22 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/10/29 23:15:18 | 000,164,734 | ---- | C] () -- C:\Windows\hpoins29.dat
[2011/10/29 23:15:17 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2011/10/29 19:52:56 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011/10/29 16:44:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/29 16:44:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/29 16:44:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/29 16:44:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/29 16:44:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/29 07:30:42 | 183,485,720 | ---- | C] () -- C:\Users\[email protected]@L\Desktop\X-Men.2011.S01E02.HDTV.XviD-LMAO.avi
[2011/10/26 23:50:13 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3491092077-2592809933-3551427508-1000Core.job
[2011/10/26 18:34:56 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/26 18:31:09 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/23 04:49:38 | 000,000,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Payday The Heist.lnk
[2011/10/12 13:53:19 | 000,002,553 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Professional.lnk
[2011/10/07 18:07:38 | 000,000,117 | ---- | C] () -- C:\Users\[email protected]@L\Documents\Rage.cht
[2011/10/07 07:29:04 | 000,001,806 | ---- | C] () -- C:\Windows\TSearch.INI
[2011/10/05 14:41:58 | 000,002,223 | ---- | C] () -- C:\Users\[email protected]@L\Application Data\Microsoft\Internet Explorer\Quick Launch\:) DVD Ripper.lnk
[2011/10/05 09:49:25 | 000,002,515 | ---- | C] () -- C:\Users\[email protected]@L\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/05 09:49:25 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/10/03 15:58:22 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2011/10/02 07:33:12 | 000,000,126 | ---- | C] () -- C:\Users\[email protected]@L\AppData\Roaming\Earthquakes Meter_Settings.ini
[2011/09/28 01:59:34 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/28 01:59:29 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/25 06:24:42 | 000,007,605 | ---- | C] () -- C:\Users\[email protected]@L\AppData\Local\Resmon.ResmonCfg
[2011/09/21 14:26:25 | 000,796,360 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/21 01:41:53 | 000,000,097 | RHS- | C] () -- C:\ProgramData\1.12.0.lic
[2011/09/18 02:51:50 | 000,050,536 | ---- | C] () -- C:\Windows\UTP.exe
[2011/09/17 23:25:50 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:ECF54A0E

< End of report >
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
I've got to go to bed now.

Can you verify that the file fix.txt is on your desktop?
We may have a problem because of the @'s in your name. They may cause problems. Copy the file to c:\ then make a new cfscript:


******************************************

Killall::

FCopy::
C:\fix.txt | C:\windows\explorer.exe

******************************************

then try it again with the new script.


Run aswmbr again and where it says AV scan, change it to c:\ and then hit SCAN. It should take a lot longer this time so maybe you should let it run while you get some sleep too.

Ron
  • 0

Advertisements


#11
[email protected]@L

[email protected]@L

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Havent got the fix.txt showing up on my desktop
I will try the steps you recommended then get some sleep thanks again.
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
it looks like the forum did not like my file the first time. I have had to zip it up in order to post it. Download and save the file fix.Zip then right click on it Extract All. Then move the fix.txt file to your desktop and run the first cfscript again.

Ron
  • 0

#13
[email protected]@L

[email protected]@L

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ty again
  • 0

#14
[email protected]@L

[email protected]@L

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Well that didn't work at all.
So now my explorer.exe will not start at all I'm getting the error Class not found.
I had to run firefox.exe through the task manager.
Then I was able to start explorer by using the task manager and renaming the explorer_backup and running it.



Here's the report Combofix gave me after restarting explorer


ComboFix 11-11-04.01 - [email protected]@L 11/04/2011 3:18.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2130 [GMT -5:00]
Running from: c:\users\[email protected]@L\Desktop\ComboFix.exe
Command switches used :: c:\users\[email protected]@L\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\[email protected]@L\Desktop\fix.txt
.
.
--------------- FCopy ---------------
.
c:\users\[email protected]@L\Desktop\fix.txt --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-04 11:28 . 2011-11-04 11:28 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29C324BD-C453-4129-88EC-2E47C8332FE3}\offreg.dll
2011-11-04 08:25 . 2011-11-04 08:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Malwarebytes
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\SUPERAntiSpyware.com
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-04 03:28 . 2011-11-04 03:28 -------- d-----w- c:\programdata\Malwarebytes
2011-11-04 03:28 . 2011-11-04 03:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-04 03:28 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-04 02:46 . 2011-11-04 02:46 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Enki Games
2011-11-04 02:36 . 2011-11-04 02:36 -------- d-----w- c:\program files (x86)\Reincarnations 3- Back to Reality Collectors Edition
2011-11-04 01:05 . 2011-11-04 01:05 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\TeamViewer
2011-11-03 12:05 . 2011-10-07 02:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29C324BD-C453-4129-88EC-2E47C8332FE3}\mpengine.dll
2011-11-03 12:01 . 2011-11-03 12:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-11-02 11:37 . 2011-11-02 11:47 -------- d-----w- c:\program files (x86)\Orcs Must Die!
2011-10-30 04:25 . 2011-10-30 04:25 -------- d-----w- c:\users\[email protected]@L\AppData\Local\HP
2011-10-30 04:21 . 2011-10-30 04:25 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\HP
2011-10-30 04:21 . 2011-10-30 04:21 -------- d-----w- c:\programdata\WEBREG
2011-10-30 04:17 . 2011-10-30 04:17 -------- d-----w- c:\programdata\HP Product Assistant
2011-10-30 04:16 . 2011-10-30 04:16 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-10-30 04:16 . 2011-10-30 04:16 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2011-10-30 04:14 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll
2011-10-30 04:06 . 2011-10-30 04:19 -------- d-----w- c:\program files (x86)\HP
2011-10-30 04:05 . 2011-10-30 04:21 -------- d-----w- c:\programdata\HP
2011-10-30 04:05 . 2009-07-08 10:51 938496 ----a-w- c:\windows\system32\hpowiax8.dll
2011-10-30 04:05 . 2009-07-08 10:51 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2011-10-30 04:05 . 2009-07-08 10:51 505344 ----a-w- c:\windows\system32\hpovst14.dll
2011-10-30 04:05 . 2009-07-08 10:51 1406464 ----a-w- c:\windows\system32\hpotiop6.dll
2011-10-30 01:10 . 2011-10-30 01:10 -------- d-----w- c:\programdata\restore
2011-10-30 00:54 . 2011-11-03 00:49 -------- d-----w- c:\users\UpdatusUser
2011-10-30 00:54 . 2011-10-30 00:55 -------- d-----w- c:\programdata\NVIDIA
2011-10-30 00:54 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-30 00:54 . 2011-10-15 08:53 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-30 00:54 . 2011-10-15 08:53 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-30 00:54 . 2011-10-15 08:53 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-30 00:54 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-30 00:54 . 2011-10-15 08:53 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-30 00:53 . 2011-10-30 00:53 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-10-29 13:59 . 2011-10-29 13:59 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\SmartPCTools
2011-10-29 13:58 . 2011-10-29 13:58 -------- d-----w- c:\program files (x86)\SmartPCTools
2011-10-29 06:04 . 2005-04-04 04:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-10-29 06:04 . 2011-10-29 06:04 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-10-29 06:04 . 2011-10-29 06:04 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-10-29 06:04 . 2005-04-04 04:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-10-29 06:04 . 2005-04-04 04:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-10-29 06:04 . 2005-04-04 04:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-10-29 06:04 . 2005-04-04 04:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-10-29 06:04 . 2005-04-04 03:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-10-27 04:50 . 2011-10-27 04:50 -------- d-----w- c:\users\[email protected]@L\AppData\Local\Facebook
2011-10-26 23:37 . 2011-10-07 02:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-26 23:35 . 2011-10-04 22:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0702DB1-7B2F-4608-9AAE-7796B1198D0E}\gapaengine.dll
2011-10-26 23:31 . 2011-10-26 23:31 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-10-26 23:31 . 2011-10-26 23:31 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-25 14:02 . 2011-10-25 14:02 -------- d-----w- c:\users\[email protected]@L\AppData\Local\PAYDAY
2011-10-25 14:02 . 2011-10-25 14:02 -------- d-----w- c:\programdata\RELOADED
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-24 13:57 . 2011-10-24 13:57 -------- d-----w- c:\program files (x86)\THQ
2011-10-23 09:47 . 2011-10-23 10:02 -------- d-----w- c:\program files (x86)\Payday The Heist
2011-10-23 00:36 . 2011-10-23 00:36 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Sahmon Games
2011-10-22 23:14 . 2011-10-22 23:15 -------- d-----w- c:\program files (x86)\The Island - Castaway 2
2011-10-21 22:14 . 2011-10-07 04:16 8570192 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03A46292-3676-44E9-A82D-221DF9D71B59}\mpengine.dll
2011-10-21 19:58 . 2011-10-21 20:49 -------- d-----w- c:\windows\FltMgr
2011-10-21 13:08 . 2011-10-21 13:08 -------- d-----w- c:\programdata\SwagHack_Galaxy_Edition_3
2011-10-21 13:03 . 2011-10-21 13:03 -------- d-----w- c:\users\[email protected]@L\AppData\Local\Panda Security
2011-10-21 12:58 . 2011-10-21 20:49 -------- d-----w- c:\program files (x86)\Panda Security
2011-10-21 12:58 . 2011-10-21 12:59 -------- d-----w- c:\programdata\Panda Security
2011-10-21 12:58 . 2011-10-21 12:58 -------- d-----w- c:\windows\SysWow64\PAV
2011-10-21 12:58 . 2011-10-21 12:58 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Panda Security
2011-10-21 12:58 . 2011-10-21 12:58 -------- d-----w- c:\program files (x86)\Common Files\Panda Security
2011-10-21 10:46 . 2011-10-21 20:49 -------- d-----w- c:\program files (x86)\Steam
2011-10-21 10:40 . 2011-10-21 10:40 -------- d-----w- c:\program files (x86)\Trendy Entertainment
2011-10-20 18:59 . 2011-10-20 19:05 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Trillian
2011-10-20 18:58 . 2011-10-21 20:49 -------- d-----w- c:\program files (x86)\Trillian
2011-10-20 02:07 . 2011-10-20 02:07 -------- d-----w- c:\users\[email protected]@L\AppData\Local\201280
2011-10-19 05:59 . 2011-10-19 05:59 -------- d-----w- c:\programdata\IObit
2011-10-19 05:59 . 2011-10-19 05:59 -------- d-----w- c:\program files (x86)\IObit
2011-10-18 22:28 . 2011-10-18 22:28 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Realtime Soft
2011-10-18 21:42 . 2011-10-18 21:42 -------- d-----w- c:\users\[email protected]@L\AppData\Local\David_Rudie
2011-10-18 03:15 . 2011-10-19 07:26 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\DeskSoft
2011-10-17 23:49 . 2011-10-18 00:18 -------- d-----w- c:\users\[email protected]@L\AppData\Local\Ubisoft Game Launcher
2011-10-17 23:37 . 2011-10-18 22:37 -------- d-----w- c:\program files (x86)\Ubisoft
2011-10-17 23:36 . 2011-10-17 23:36 -------- d--h--w- c:\users\[email protected]@L\InstallAnywhere
2011-10-16 21:15 . 2011-10-16 21:15 -------- d-----w- c:\program files\Computer Artworks
2011-10-16 21:14 . 2011-10-16 21:14 -------- d-----w- c:\program files (x86)\Computer Artworks
2011-10-16 20:35 . 2011-10-16 20:35 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-10-16 20:21 . 2011-10-16 20:39 -------- d-----w- C:\Games
2011-10-14 03:55 . 2011-10-14 03:55 -------- d-----w- c:\program files\iPod
2011-10-14 03:55 . 2011-10-14 03:56 -------- d-----w- c:\program files\iTunes
2011-10-14 03:55 . 2011-10-14 03:56 -------- d-----w- c:\program files (x86)\iTunes
2011-10-14 03:53 . 2011-10-14 03:53 -------- d-----w- c:\program files\Bonjour
2011-10-14 03:53 . 2011-10-14 03:53 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-12 19:03 . 2011-10-12 19:03 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Nitro PDF
2011-10-12 18:53 . 2011-09-24 20:02 17216 ----a-w- c:\windows\system32\nitrolocalui.dll
2011-10-12 18:53 . 2011-09-24 20:02 28992 ----a-w- c:\windows\system32\nitrolocalmon.dll
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\programdata\Nitro PDF
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\program files\Common Files\Nitro PDF
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\program files (x86)\Nitro PDF
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\program files (x86)\Common Files\Nitro PDF
2011-10-12 18:52 . 2011-10-12 18:52 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Downloaded Installations
2011-10-12 16:14 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 16:14 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 16:14 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 16:14 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-07 11:35 . 2011-10-21 20:49 -------- d-----w- c:\users\[email protected]@L\AppData\Local\SKIDROW
2011-10-07 11:21 . 2011-10-29 06:05 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2011-10-05 19:42 . 2011-10-05 19:42 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\dvdcss
2011-10-05 19:42 . 2011-10-05 19:42 -------- d-----w- c:\users\[email protected]@L\AppData\Local\:) Studio
2011-10-05 19:41 . 2011-10-05 19:41 -------- d-----w- c:\programdata\:yes: Studio
2011-10-05 19:41 . 2011-10-05 19:41 -------- d-----w- c:\program files (x86)\:) Studio
2011-10-05 17:21 . 2009-12-14 17:44 85048 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-10-05 17:21 . 2009-12-14 17:44 66104 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-10-05 17:20 . 2011-10-08 14:38 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-05 14:49 . 2011-10-14 03:58 -------- d-----w- c:\program files (x86)\Safari
2011-10-05 14:48 . 2011-10-14 03:18 -------- d-----w- c:\users\[email protected]@L\AppData\Roaming\Apple Computer
2011-10-05 14:48 . 2011-10-05 14:48 -------- d-----w- c:\users\[email protected]@L\AppData\Local\Apple Computer
2011-10-05 14:48 . 2011-10-06 13:11 -------- dc----w- c:\windows\system32\DRVSTORE
2011-10-05 14:48 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-05 14:48 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-10-05 14:48 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-10-05 14:47 . 2011-10-05 14:48 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-10-05 14:47 . 2011-10-05 14:47 -------- d-----w- c:\program files\Common Files\Apple
2011-10-05 14:20 . 2011-10-14 03:55 -------- d-----w- c:\programdata\Apple Computer
2011-10-05 13:56 . 2011-10-05 13:56 -------- d-----w- c:\program files (x86)\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 19:04 . 2011-09-18 01:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 14:25 . 2011-09-28 06:59 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-10 17:27 . 2011-09-28 06:59 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-04 02:35 . 2011-10-04 02:13 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-03 21:12 . 2011-09-28 06:59 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-03 10:06 . 2011-09-18 03:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-24 20:03 . 2011-09-24 20:03 68928 ----a-w- c:\windows\SysWow64\NLSSRV32.EXE
2011-09-24 17:08 . 2010-11-21 03:24 699904 ----a-w- c:\windows\system32\taskmgr.exe
2011-09-18 07:51 . 2010-11-21 03:24 3029504 ----a-w- c:\windows\SysWow64\themeui.dll
2011-09-18 07:51 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2011-09-18 07:51 . 2011-09-18 07:51 50536 ----a-w- c:\windows\UTP.exe
2011-09-18 01:45 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2011-09-18 01:45 . 2010-11-21 03:23 3126272 ----a-w- c:\windows\system32\themeui.dll
2011-09-18 01:44 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2011-09-06 20:45 . 2011-09-21 20:48 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-01 02:12 . 2011-09-18 03:55 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-31 04:05 . 2011-08-31 04:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 04:05 . 2011-08-31 04:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 04:05 . 2011-08-31 04:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 04:05 . 2011-08-31 04:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 04:05 . 2011-08-31 04:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-04_05.13.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2011-11-04 08:28 48594 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-04 08:28 35458 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-18 01:03 . 2011-11-04 08:28 10796 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3491092077-2592809933-3551427508-1000_UserData.bin
+ 2011-09-18 00:53 . 2011-11-04 11:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-18 00:53 . 2011-11-04 03:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-18 00:53 . 2011-11-04 03:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-18 00:53 . 2011-11-04 11:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-04 03:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-04 11:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-18 01:00 . 2011-11-04 05:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-18 01:00 . 2011-11-04 11:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-18 01:00 . 2011-11-04 05:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-18 01:00 . 2011-11-04 11:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-19 22:36 . 2011-11-04 05:11 3168 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-09-19 22:36 . 2011-11-04 08:34 3168 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-11-04 05:12 . 2011-11-04 05:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-04 11:28 . 2011-11-04 11:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-04 11:28 . 2011-11-04 11:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-04 05:12 . 2011-11-04 05:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:12 . 2011-11-04 11:31 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-11-04 03:48 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-11-04 05:11 322300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-04 08:34 322300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-18 01:45 . 2011-02-25 05:30 2616320 c:\windows\explorerbad.exe
+ 2011-09-18 01:14 . 2011-11-04 08:25 16097720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3491092077-2592809933-3551427508-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"RocketDock"="c:\users\[email protected]@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe" [2007-09-02 495616]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-07 641400]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2011-05-20 1949088]
"Registry Repair Wizard Scheduler"="c:\program files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe" [2010-03-15 1540352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 5500800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LmpcService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Backup Client Agent Service;Backup Client Agent Service;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [2010-11-23 179200]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-04 584488]
R4 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-09-24 68928]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-16 2249000]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-09-24 341312]
S2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [2010-12-07 365704]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys [x]
S3 ALSysIO;ALSysIO;c:\users\[email protected]@L\AppData\Local\Temp\ALSysIO64.sys [x]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 19:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3491092077-2592809933-3551427508-1000Core.job
- c:\users\[email protected]@L\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-27 04:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com/?l=dis&o=15434
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Upload to Facebook - c:\program files (x86)\WebcamMax\share\iecontext.htm
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\[email protected]@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_è\00\00è\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~è\00\00è\00\00\00\00]\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\IObit\Game Booster\gbtray.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-11-04 06:40:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-04 11:40
ComboFix2.txt 2011-11-04 05:17
.
Pre-Run: 96,864,706,560 bytes free
Post-Run: 96,851,144,704 bytes free
.
- - End Of File - - 508A8FE873B4C8A47A7B38C8D63B9AC4

Edited by [email protected]@L, 04 November 2011 - 05:42 AM.

  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Where did you get explorer_backup?

CF actually seems happy now. Run it again without the cfscrift and let's see if it is really happy.

Copy the text in the code box by highlighting and Ctrl + c

/md5start
explorer.exe
/md5stop

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top. Let the program run unhindered, it shouldn't need to reboot. Save the log and copy and paste it to a reply. This just looks for all explorer.exe files on the C:\ drive. It will also tell me if the infection is still there.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP