Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Problems with Internet Explorer

Started by Lucky Dearly , Nov 22 2011 12:43 AM

Please log in to reply

#1
Lucky Dearly

Posted 22 November 2011 - 12:43 AM

Member

Member
349 posts

Hey all, a couple of nights ago while websurfing my computer got attacked by AV 2011, I used malware bytes to get rid of it but now it seems to have damaged my internet explorer, whenever i try to open it up the browser will freeze, no toolbars will appear, no status bar, nothing just a blank screen.

also to note I noticed in my task manager PING.exe taking up 100% memory in my pc

I did a OTL log incase something was corrupt in my IE

OTL logfile created on: 11/21/2011 10:27:11 PM - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\nwofan\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.46 Gb Total Space | 30.16 Gb Free Space | 10.53% Space Free | Partition Type: NTFS
Drive D: | 11.63 Gb Total Space | 1.59 Gb Free Space | 13.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded
Drive K: | 297.44 Gb Total Space | 54.02 Gb Free Space | 18.16% Space Free | Partition Type: NTFS

Computer Name: GAMERPC
Current User Name: nwofan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2011/11/11 16:03:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/11 16:03:47 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/10/15 00:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 00:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 00:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/09/05 16:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/08/10 11:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/08/08 14:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/11 13:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/06/23 20:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/16 16:53:22 | 002,510,848 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2011/06/16 06:55:12 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/05/13 13:49:42 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2011/03/28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011/03/28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/05 09:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM7\aim.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 04:17:30 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2010/11/05 15:11:52 | 000,081,920 | R--- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\NServiceEntry.exe
PRC - [2010/08/01 13:45:22 | 004,950,936 | ---- | M] (Pando Networks) -- C:\Program Files\Pando Networks\Pando\pando.exe
PRC - [2010/06/02 18:42:33 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\nwofan\Desktop\OTL.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/08 08:14:24 | 000,292,824 | ---- | M] (PC Tools ) -- C:\Program Files\Registry Mechanic\RMTray.exe
PRC - [2010/04/08 08:14:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/04/01 01:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/08/28 12:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/13 17:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/02/19 08:12:18 | 000,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe
PRC - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe

========== Modules (SafeList) ==========

MOD - [2011/08/11 15:37:26 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2011/07/15 20:27:30 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2010/11/20 04:21:26 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2010/11/20 04:21:04 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2010/11/20 04:20:29 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2010/11/20 04:18:12 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2010/11/20 03:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/06/02 18:42:33 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\nwofan\Desktop\OTL.exe
MOD - [2009/07/13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 17:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 17:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/10/15 00:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/09/05 16:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/15 10:02:12 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/08/10 11:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/05/13 14:27:02 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011/03/28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/02/18 22:30:54 | 000,805,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/20 04:21:33 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2010/11/20 04:21:24 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2010/11/20 04:20:57 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2010/11/20 04:19:28 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2010/11/20 04:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 04:18:06 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2010/11/20 04:17:30 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2010/11/05 15:11:52 | 000,081,920 | R--- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/07/25 02:00:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/08 08:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/24 15:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/13 17:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 17:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 17:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 17:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 17:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 17:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 17:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/05/29 14:29:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/29 02:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/19 08:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device)
SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2011/10/15 00:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/27 19:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/04/04 13:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 13:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/10 21:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2011/03/10 21:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2011/03/10 21:38:51 | 000,332,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2011/03/10 21:38:37 | 000,080,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\amdsata.sys -- (amdsata)
DRV - [2011/03/10 21:38:37 | 000,022,400 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\amdxata.sys -- (amdxata)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/13 19:20:52 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2011/02/10 06:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/02/07 16:36:00 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/01/01 09:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010/11/20 04:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:30:14 | 000,160,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vhdmp.sys -- (vhdmp)
DRV - [2010/11/20 04:30:10 | 000,173,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2010/11/20 04:29:53 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 02:01:12 | 000,164,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:50:21 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2010/11/20 01:29:49 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2010/11/20 01:24:56 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2010/11/20 01:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/20 00:47:55 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\acpipmi.sys -- (AcpiPmi)
DRV - [2010/11/20 00:39:17 | 000,074,752 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/09/19 17:03:49 | 000,052,824 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stdriver32.sys -- (stdriver)
DRV - [2010/08/19 18:24:34 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2010/08/09 18:14:25 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/28 23:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/04/01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2009/11/10 11:37:57 | 000,014,848 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tupvckmd.sys -- (TunesUpAudioDriver)
DRV - [2009/10/20 11:08:44 | 000,037,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/10/01 21:03:40 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/09/21 19:26:10 | 000,046,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2009/08/04 09:48:20 | 002,744,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/08/04 09:40:04 | 000,226,816 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2009/08/04 09:39:02 | 000,157,440 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV - [2009/07/30 16:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/07/13 17:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/07/13 17:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 17:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 17:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 17:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 17:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 17:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 17:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2009/07/13 17:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 17:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 17:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 17:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 17:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 17:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 17:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 17:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 17:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 17:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 17:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 17:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 17:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 17:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 17:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 17:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/07/13 17:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 17:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 17:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 17:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 17:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 17:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 17:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 16:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 16:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 16:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 15:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 15:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 15:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 15:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 15:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 15:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 15:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 15:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 15:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 15:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 14:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 14:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 14:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 14:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 14:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 14:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 14:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 14:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2009/07/13 14:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 14:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 14:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 14:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/22 21:34:38 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/05/22 15:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/04/29 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/02/17 09:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/13 04:58:30 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2009/02/13 04:57:28 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2009/02/13 04:56:32 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2009/01/29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/09/09 16:58:08 | 000,020,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2008/07/21 08:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/05/22 01:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/01/14 02:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/11/02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/07/03 14:05:00 | 000,162,944 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt25usbap.sys -- (RT25USBAP)
DRV - [2007/02/15 16:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2007/02/08 05:45:14 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2006/12/24 05:15:18 | 000,027,904 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xPADFL02.sys -- (XPADFL02)
DRV - [2006/11/29 14:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2005/12/12 09:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-tyc8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-tyc8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\prxtbNC2.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://browser.cdn.a....html?brand=aol
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "IncrediMail MediaBar 4 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-tyc8"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-tyc8"
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.wwe.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.003
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6102
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo....r=ytff-tyc8&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/06/08 14:55:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/06/08 14:55:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/11/21 22:21:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/10 00:05:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 16:03:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/30 08:42:43 | 000,000,000 | ---D | M]

[2010/07/24 20:13:09 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Mozilla\Extensions
[2011/11/21 03:45:21 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions
[2011/10/08 14:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/07/24 20:13:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/21 03:45:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/11 16:05:02 | 000,000,000 | ---D | M] (IncrediMail MediaBar 4 Community Toolbar) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{90eee664-34b1-422a-a782-779af65cdf6d}
[2011/11/11 16:05:05 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/11/11 16:05:03 | 000,000,000 | ---D | M] (NCH Community Toolbar) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2011/10/07 21:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/05/29 21:01:13 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]
[2011/02/09 19:44:34 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]
[2010/09/18 12:20:13 | 000,001,490 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\AIM Search.xml
[2011/01/15 03:46:37 | 000,002,242 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\AOL Search.xml
[2010/09/22 23:04:58 | 000,002,342 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\aol-search.xml
[2011/07/13 16:56:04 | 000,002,354 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\aol-web-search.xml
[2011/11/19 18:44:43 | 000,002,572 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\askcom.xml
[2011/02/09 19:45:52 | 000,001,919 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\bing-zugo.xml
[2011/08/29 16:51:44 | 000,000,947 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\conduit.xml
[2010/08/09 18:14:28 | 000,002,059 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\daemon-search.xml
[2011/09/01 02:24:46 | 000,002,207 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\MyStart Search.xml
[2011/11/11 16:04:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/04 23:57:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/11 16:03:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/11/10 23:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/07/11 13:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2011/01/15 03:46:37 | 000,002,242 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml
[2011/11/11 16:03:47 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/09/19 18:21:58 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2011/11/11 16:03:47 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll File not found
O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (CoolChaser Layouts Auto Insert) - {B0208007-27C1-4BCD-93EF-EFF5DB61FC22} - C:\Program Files\CoolChaser Layouts Auto Insert\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\prxtbNC2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Pando Toolbar) - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (CoolChaser Layouts Auto Insert) - {B0208007-27C1-4BCD-93EF-EFF5DB61FC22} - C:\Program Files\CoolChaser Layouts Auto Insert\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH Toolbar) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files\NCH\prxtbNC2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Pando Toolbar) - {E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Pando] C:\Program Files\Pando Networks\Pando\Pando.exe (Pando Networks)
O4 - HKCU..\Run: [Privacy Protection] C:\Users\nwofan\AppData\Roaming\privacy.exe File not found
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools )
O4 - Startup: C:\Users\nwofan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll File not found
O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O16 - DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} http://clients.futur...y/FMSI_v420.cab (FuturemarkSystemInfoX Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\15.0.874.121\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\nwofan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\nwofan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 13:12:18 | 000,000,088 | ---- | M] () - H:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010/05/10 21:02:29 | 000,000,000 | ---D | M] - K:\Automatically Add to iTunes -- [ NTFS ]
O32 - AutoRun File - [2009/07/14 01:26:40 | 000,000,043 | ---- | M] () - K:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{2f831927-db20-11e0-a34c-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{2f831927-db20-11e0-a34c-00038a000015}\Shell\AutoRun\command - "" = O:\unlock.exe -- File not found
O33 - MountPoints2\{4b99bd26-a425-11df-a8e6-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{4b99bd26-a425-11df-a8e6-00038a000015}\Shell\AutoRun\command - "" = F:\OblivionLauncher.exe -- File not found
O33 - MountPoints2\{6e6ad82e-cc09-11df-83d4-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{6e6ad82e-cc09-11df-83d4-00038a000015}\Shell\AutoRun\command - "" = G:\WIN\setup.exe -- File not found
O33 - MountPoints2\{cc1f19f3-9ae7-11e0-b308-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{cc1f19f3-9ae7-11e0-b308-00038a000015}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{d43c19a1-1f52-11df-89eb-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{d43c19a1-1f52-11df-89eb-00038a000015}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- [2009/11/13 11:25:22 | 003,280,672 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 22:14:50 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{43BA059F-819F-42B8-B0E3-BCF0547F3D22}
[2011/11/21 22:14:20 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{182570D7-EF98-4288-9792-D1F5D0D85356}
[2011/11/21 04:17:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/21 04:08:23 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/11/21 03:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/11/21 03:24:57 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\Yahoo!
[2011/11/20 18:26:28 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{D01AE0F8-33D7-42F9-9033-FE078F48273E}
[2011/11/20 18:26:12 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{099BE0D9-2F4A-4452-BBE3-0C834C2D011D}
[2011/11/20 17:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/11/20 17:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/20 16:52:25 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{0E41B327-6610-41FC-89A0-CFDF02DB764B}
[2011/11/20 03:18:05 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{ED8DBE0F-C74E-4B81-8AC3-D3FBD504018F}
[2011/11/20 02:29:54 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\CC4AC
[2011/11/20 02:29:22 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\BCCCC
[2011/11/20 02:29:04 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\liivvD33onFa
[2011/11/20 02:29:04 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\bwwwkUUVrlOtx0c
[2011/11/20 02:28:58 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\oyxxA00uvS2iF3n
[2011/11/20 02:28:56 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\QpmmmG5sQJ6dE8R
[2011/11/20 02:28:56 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\dPPNNyccA
[2011/11/20 01:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BOSS
[2011/11/20 01:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wrye Bash
[2011/11/19 15:17:00 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{865F6544-E8A0-44F0-839A-0E244EB56AD8}
[2011/11/19 15:16:37 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{EFE9C3B7-C812-4241-8C0D-66770E3F9C67}
[2011/11/19 03:16:06 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{7164F9D7-48D2-496D-94D4-A79BF8581A6F}
[2011/11/19 03:15:44 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{56DFEBC2-7288-4C59-A666-06ADD5037B54}
[2011/11/18 15:14:47 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{A0EF0F9D-1AF3-4674-A25B-074F5EA08331}
[2011/11/18 15:14:29 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{AD04E28A-5753-466D-B815-8B5B6D03A956}
[2011/11/18 04:03:53 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{079CA2E2-D82E-4380-AC43-A0134A05686E}
[2011/11/18 04:03:25 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{33C2A3CE-7E1D-4AF5-A6EC-F0E37F21F110}
[2011/11/17 16:02:37 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{8E23F909-F5FE-4B38-8C7A-E01E0C5A0DA8}
[2011/11/17 16:02:15 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{90F972FD-29BC-4E1D-AFBA-1A54E136FFB2}
[2011/11/17 02:16:26 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E15AEB14-0D74-49C3-BD2A-CD8AB25FA2FC}
[2011/11/17 02:16:03 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{459D2BB4-4EE9-494B-A72B-58005DD9FAD8}
[2011/11/16 14:15:02 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{CDE4A21E-273F-42FE-A73E-020E940110E1}
[2011/11/16 14:14:40 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{9AF71502-71CA-426E-9610-E85B1FCC4DA6}
[2011/11/15 18:28:47 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{6E5795A1-76A1-49F9-A2A1-D564D08B4A9C}
[2011/11/15 18:28:24 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E4069565-58AC-4996-B8CD-8C462CCA2816}
[2011/11/15 05:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/15 04:34:42 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{928EDF8E-3C77-4A77-9818-EDC45054E692}
[2011/11/15 04:34:19 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{C4B58DC1-0A5B-483A-895E-A1E738D56555}
[2011/11/15 03:59:11 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\eSupport.com
[2011/11/14 16:33:42 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{25FE84AB-A460-4208-B93D-61F43CBB9E32}
[2011/11/14 16:33:23 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{C01CFBF4-0D7A-4EB5-A731-C202687F8AA6}
[2011/11/14 02:12:23 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{88F87B15-63B4-41B9-B754-745AD2BBC9FC}
[2011/11/13 14:11:23 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{37CC809C-2C19-43B3-8395-2A1E3CC98912}
[2011/11/13 14:10:45 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{07B30A7E-A43F-49C3-A264-3DD9162003DB}
[2011/11/12 18:35:34 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{DF31EEC7-6E93-4C4F-8055-CDD41EA1C298}
[2011/11/12 18:34:57 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{4A8F9132-C817-46F2-875E-2567660CA8BD}
[2011/11/12 03:30:39 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B0A5CD9E-8E26-40BC-8387-5C0DA5A79B58}
[2011/11/12 03:30:16 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{A462520A-C017-4A19-ADB3-9F6AC404D9CD}
[2011/11/11 15:30:00 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5AD2A4D4-F157-4C92-81E1-BC7B86A2A3A8}
[2011/11/11 15:29:38 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{769D93C8-55CB-48E9-9B8E-1B131E595AE8}
[2011/11/11 03:29:07 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{EDAFF4A1-2418-48DA-A1C7-3B6CDC827CDA}
[2011/11/11 03:28:44 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5218F3C1-E779-4DED-8013-1C9DD04302F3}
[2011/11/10 15:28:27 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{95B4898A-9FF9-45C3-B598-A5B07C9781EF}
[2011/11/10 15:28:04 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{660905C1-F880-41B7-9714-EF0A95DCE820}
[2011/11/10 03:27:31 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5E55B1A7-4199-4B1C-87F1-AE94598C41D4}
[2011/11/09 15:27:03 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{2C68314C-0F85-401C-9953-EBE7FB788746}
[2011/11/09 15:26:40 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{3FCC48C4-4090-4859-AB36-0FB70C6173D7}
[2011/11/09 03:26:10 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{6CB21035-C478-4207-85E1-0189DBCE6F16}
[2011/11/09 03:25:48 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E6F93DBC-CF4A-40ED-B027-26CEA8E11B4A}
[2011/11/09 01:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\Futuremark
[2011/11/08 21:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/11/08 21:23:23 | 006,350,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2011/11/08 21:23:23 | 003,840,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2011/11/08 21:23:23 | 000,203,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2011/11/08 21:23:23 | 000,123,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2011/11/08 21:23:22 | 000,602,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\easyupdatusapiu.dll
[2011/11/08 21:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/11/08 21:22:43 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2011/11/08 21:22:43 | 010,327,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2011/11/08 21:22:43 | 000,919,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2011/11/08 21:22:43 | 000,877,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2011/11/08 21:22:43 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/11/08 21:22:42 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2011/11/08 21:22:42 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2011/11/08 21:22:42 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2011/11/08 21:22:42 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2011/11/08 21:22:42 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2011/11/08 21:22:42 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2011/11/08 21:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/11/08 15:25:03 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{89319365-BF3F-4D52-AAF9-DC82CF858C9C}
[2011/11/08 15:24:33 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{681E6080-BDCF-4696-B130-E644E2B8C102}
[2011/11/08 03:23:44 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{34301B0F-907F-412F-A4A1-07F0AF3AF29D}
[2011/11/07 15:22:43 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{0CFE9917-1632-477C-BC72-3AEA0EBC6464}
[2011/11/07 15:22:27 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{AFE8B77E-53BF-4F3F-ABEA-4AD41168F916}
[2011/11/07 01:36:07 | 000,000,000 | ---D | C] -- C:\New folder
[2011/11/06 17:28:32 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{0D1CB109-601C-42C0-A941-AB7C5FD824AA}
[2011/11/06 17:28:09 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{76E62BEB-152A-4087-BCCF-F6B875CB9E2B}
[2011/11/06 02:26:58 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{456952BA-8548-47E2-B1DF-A80C08A7E7E4}
[2011/11/06 02:26:35 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{DDE4ABBA-7701-4197-8204-85073F32A459}
[2011/11/05 14:26:20 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{37C664BF-CB99-45D4-A76F-A11BD9D9F6BE}
[2011/11/05 14:26:08 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{7F0F8E6F-73F4-4C62-A34F-164128924144}
[2011/11/05 02:25:35 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{FE33DCD0-2C9C-41BC-ADBD-262179612F45}
[2011/11/05 02:25:10 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{AF707E18-BAA6-4A98-B28C-440AC27F1E38}
[2011/11/04 17:01:49 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\VrlOBtxP0SiDnHs
[2011/11/04 17:01:48 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\lfEL8gTZqYwU
[2011/11/04 16:40:41 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\tOOONyxAuvS2i
[2011/11/04 16:40:41 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\aRRLL9hhTXjUCkB
[2011/11/04 16:40:36 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\prrzzONNx
[2011/11/04 16:40:35 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\n444pmmG5sQ6
[2011/11/04 16:40:34 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\zL8TqCVOxyS1v3F
[2011/11/04 16:40:32 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\EibF3na6dWKfL
[2011/11/04 16:14:08 | 000,000,000 | ---D | C] -- C:\Users\nwofan\Documents\New folder
[2011/11/04 14:24:35 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{2BEF9A2C-E238-440C-9FF7-D7F0BF8B7EC9}
[2011/11/04 14:24:12 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{C6C0973E-DA15-4631-9EE6-3D0FEF2EBE3B}
[2011/11/04 02:23:38 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{D06346A1-41F3-4DED-9921-A6DB835F5F6C}
[2011/11/04 02:23:15 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5487848F-5EA8-4A20-9B82-2B0D85076E01}
[2011/11/03 23:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/11/03 14:22:57 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{7F834A8D-6C70-47D7-8FBB-7F3F5DF7BF08}
[2011/11/03 14:22:34 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{647A29AC-5F36-43E0-8951-8B31410A5724}
[2011/11/03 02:22:03 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B41136C4-5E50-4668-9313-D143B139220E}
[2011/11/03 02:21:40 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1F752281-0787-4944-8AD1-33BC53116F6E}
[2011/11/03 00:06:18 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\NVIDIA
[2011/11/02 14:21:13 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1285591D-BCE6-480A-A212-A0F8D7F83D8C}
[2011/11/02 14:20:59 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{9B8D458C-BA58-4511-9A17-241F2BBB15F1}
[2011/11/01 16:53:00 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{27A3F9BD-63D4-47DC-AB97-232AC5D1F609}
[2011/11/01 16:52:46 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{2565EF1F-AD98-4161-8EAB-2DCA0B377712}
[2011/10/31 23:31:06 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B842B68E-5457-4004-89CB-138BF4AF6389}
[2011/10/31 11:29:57 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E0E33C34-1C53-4F61-BCEC-96D54B25641C}
[2011/10/31 11:29:12 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{27D9474F-B7C9-48EA-8EB2-0C1BBF895126}
[2011/10/30 21:16:26 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{3FAE5B15-39A3-4714-ADD7-5919547C89EF}
[2011/10/30 21:16:12 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{05F068DC-8AE0-40A5-A4B7-C5CEDAC6537A}
[2011/10/30 08:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/30 01:42:15 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E6FBBC09-5B0C-4A3B-8D15-CFF37B20EE66}
[2011/10/30 01:42:00 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{51E4C07B-2AD1-43B4-B7A3-620052612215}
[2011/10/29 09:31:30 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{99D80E7C-C1FB-4A70-877A-D1D6F2CB6AB0}
[2011/10/29 09:30:48 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{8902CCC9-F3DF-4381-B409-4FDC12DF7904}
[2011/10/28 16:39:31 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/28 16:38:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2011/10/28 15:30:21 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{6EFE9E82-94A8-4E93-9FF3-A9B5ECEC61DE}
[2011/10/28 15:30:05 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{6BB6ABC6-B2BC-4759-B08D-7FFEAD50C54E}
[2011/10/27 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B81E1596-9708-443B-B453-6C549B846B62}
[2011/10/27 16:37:54 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{F1CA5603-C67C-4775-9988-0E5F70397FBA}
[2011/10/26 14:55:33 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{533F03C2-F1A8-402F-8292-155E8F17FA79}
[2011/10/26 14:55:06 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{4ECE3105-1E44-4AC0-BE38-DE12255788E7}
[2011/10/26 01:03:30 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\Media Player Classic
[2011/10/25 20:01:19 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{31979212-D011-488C-97E4-0F3889421C71}
[2011/10/25 20:01:02 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{616BE1B3-ABBC-4BE9-A4DB-78C7A3BA2CD5}
[2011/10/24 15:39:39 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{413B7F0B-E573-45C6-A46B-00DCA1337E46}
[2011/10/24 15:39:25 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{815F7058-A1C1-40F5-AC59-4912B730339E}
[2011/10/24 13:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2011/10/24 13:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2011/10/23 17:15:11 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{CD30B150-E945-4FC2-8DBB-92BDAB3CE632}
[2011/10/23 17:14:54 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5ED75D7C-486D-42E8-B393-63E6173E77FD}
[2009/10/08 19:01:16 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll
[2006/11/06 15:37:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll
[2006/11/06 15:35:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll
[2006/11/06 15:28:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll
[2006/11/06 15:26:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll
[2006/11/06 15:24:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll
[2006/11/06 15:21:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll
[2006/11/06 15:20:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll
[2006/11/06 15:20:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll
[2006/11/06 15:12:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll
[2006/11/06 15:11:58 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll
[2006/11/06 15:07:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/21 22:31:24 | 008,912,896 | -HS- | M] () -- C:\Users\nwofan\NTUSER.DAT
[2011/11/21 22:27:21 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 22:27:21 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 22:22:22 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/21 22:21:38 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/11/21 22:11:44 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/21 22:11:00 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/11/21 22:09:54 | 000,000,320 | -HS- | M] () -- C:\Windows\tasks\AQSX.job
[2011/11/21 22:09:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/11/21 22:09:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/21 22:09:24 | 2314,117,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/21 04:30:42 | 002,062,505 | -H-- | M] () -- C:\Users\nwofan\AppData\Local\IconCache.db
[2011/11/21 04:11:54 | 138,670,976 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/20 17:41:27 | 001,172,166 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/11/20 03:02:45 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2011/11/20 01:54:56 | 000,778,834 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011/11/20 01:54:56 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/20 01:54:56 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/20 01:29:20 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\TES Construction Set (Oblivion).lnk
[2011/11/19 22:40:42 | 000,000,667 | ---- | M] () -- C:\Users\nwofan\Desktop\Oblivion Mod Manager.lnk
[2011/11/19 19:15:50 | 000,000,731 | ---- | M] () -- C:\Users\Public\Desktop\Oblivion.lnk
[2011/11/19 04:30:25 | 000,000,356 | ---- | M] () -- C:\swupdate.conf
[2011/11/18 09:24:07 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/11/15 05:32:47 | 000,001,715 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/13 14:19:59 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/11/11 16:06:51 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/10 00:34:44 | 000,014,444 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\wklnhst.dat
[2011/11/04 16:48:33 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/04 16:16:43 | 001,019,681 | ---- | M] () -- C:\Users\nwofan\Documents\TT and cfc rough_006.png
[2011/11/04 16:16:42 | 001,121,395 | ---- | M] () -- C:\Users\nwofan\Documents\TT and cfc rough_007.png
[2011/11/04 16:16:39 | 000,966,231 | ---- | M] () -- C:\Users\nwofan\Documents\TT and cfc rough_002.png
[2011/11/04 16:16:35 | 000,877,776 | ---- | M] () -- C:\Users\nwofan\Documents\TT and cfc rough_001.png
[2011/11/04 16:16:32 | 000,813,775 | ---- | M] () -- C:\Users\nwofan\Documents\TT and cfc rough_004.png
[2011/11/04 16:16:16 | 000,442,456 | ---- | M] () -- C:\Users\nwofan\Documents\TT and cfc rough_003.png
[2011/11/04 16:16:10 | 000,494,782 | ---- | M] () -- C:\Users\nwofan\Documents\TT and cfc rough_005.png
[2011/11/03 23:07:09 | 000,236,336 | ---- | M] () -- C:\Users\nwofan\Babs playing in her panties.png
[2011/10/30 08:42:28 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/30 08:40:58 | 000,001,768 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/10/30 02:52:28 | 001,039,211 | ---- | M] () -- C:\Users\nwofan\TT and my new_007.png
[2011/10/30 02:52:27 | 001,040,772 | ---- | M] () -- C:\Users\nwofan\TT and my new_005.png
[2011/10/30 02:52:26 | 001,024,654 | ---- | M] () -- C:\Users\nwofan\TT and my new_002.png
[2011/10/30 02:52:24 | 000,984,485 | ---- | M] () -- C:\Users\nwofan\TT and my new_004.png
[2011/10/30 02:52:23 | 000,989,946 | ---- | M] () -- C:\Users\nwofan\TT and my new_001.png
[2011/10/30 02:52:08 | 000,737,247 | ---- | M] () -- C:\Users\nwofan\TT and my new_003.png
[2011/10/30 02:51:58 | 000,541,559 | ---- | M] () -- C:\Users\nwofan\TT and my new_006.png
[2011/10/29 17:29:18 | 002,893,824 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2011/10/29 17:28:51 | 006,253,568 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2011/10/29 13:00:05 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/10/26 01:02:56 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/10/26 01:02:56 | 000,001,589 | ---- | M] () -- C:\Users\nwofan\Desktop\DivX Movies.lnk
[2011/10/26 01:02:03 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/10/24 13:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2011/10/24 13:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2011/10/23 17:37:33 | 000,000,385 | ---- | M] () -- C:\Windows\SMB2ed.ini
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/20 17:40:56 | 001,172,166 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/11/20 01:29:20 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\TES Construction Set (Oblivion).lnk
[2011/11/19 22:40:42 | 000,000,667 | ---- | C] () -- C:\Users\nwofan\Desktop\Oblivion Mod Manager.lnk
[2011/11/19 19:15:50 | 000,000,731 | ---- | C] () -- C:\Users\Public\Desktop\Oblivion.lnk
[2011/11/15 05:32:47 | 000,001,715 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/08 21:22:43 | 000,004,359 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2011/11/04 16:15:20 | 001,121,395 | ---- | C] () -- C:\Users\nwofan\Documents\TT and cfc rough_007.png
[2011/11/04 16:15:20 | 001,019,681 | ---- | C] () -- C:\Users\nwofan\Documents\TT and cfc rough_006.png
[2011/11/04 16:15:20 | 000,966,231 | ---- | C] () -- C:\Users\nwofan\Documents\TT and cfc rough_002.png
[2011/11/04 16:15:20 | 000,877,776 | ---- | C] () -- C:\Users\nwofan\Documents\TT and cfc rough_001.png
[2011/11/04 16:15:20 | 000,813,775 | ---- | C] () -- C:\Users\nwofan\Documents\TT and cfc rough_004.png
[2011/11/04 16:15:20 | 000,494,782 | ---- | C] () -- C:\Users\nwofan\Documents\TT and cfc rough_005.png
[2011/11/04 16:15:20 | 000,442,456 | ---- | C] () -- C:\Users\nwofan\Documents\TT and cfc rough_003.png
[2011/11/03 23:07:06 | 000,236,336 | ---- | C] () -- C:\Users\nwofan\Babs playing in her panties.png
[2011/10/30 08:42:28 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/30 02:50:58 | 001,040,772 | ---- | C] () -- C:\Users\nwofan\TT and my new_005.png
[2011/10/30 02:50:58 | 001,039,211 | ---- | C] () -- C:\Users\nwofan\TT and my new_007.png
[2011/10/30 02:50:58 | 001,024,654 | ---- | C] () -- C:\Users\nwofan\TT and my new_002.png
[2011/10/30 02:50:58 | 000,989,946 | ---- | C] () -- C:\Users\nwofan\TT and my new_001.png
[2011/10/30 02:50:58 | 000,984,485 | ---- | C] () -- C:\Users\nwofan\TT and my new_004.png
[2011/10/30 02:50:58 | 000,737,247 | ---- | C] () -- C:\Users\nwofan\TT and my new_003.png
[2011/10/30 02:50:58 | 000,541,559 | ---- | C] () -- C:\Users\nwofan\TT and my new_006.png
[2011/10/29 02:24:57 | 000,014,926 | ---- | C] () -- C:\Users\nwofan\RP with Shadow.TXT
[2011/07/11 10:53:36 | 000,000,020 | ---- | C] () -- C:\Windows\System32\NDADMIND.DLL
[2011/06/30 21:57:19 | 000,074,752 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys
[2011/06/29 21:42:32 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/23 19:48:06 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/08/16 13:41:08 | 000,000,385 | ---- | C] () -- C:\Windows\SMB2ed.ini
[2010/06/29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/03/18 16:59:06 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/02/27 23:44:32 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/12/21 19:59:40 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/11/10 11:37:57 | 000,016,896 | ---- | C] () -- C:\Windows\System32\tupvcumd.dll
[2009/11/10 11:37:57 | 000,014,848 | ---- | C] () -- C:\Windows\System32\drivers\tupvckmd.sys
[2009/10/20 11:08:44 | 000,037,248 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2009/10/08 19:05:10 | 000,000,325 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/10/08 19:01:16 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll
[2009/09/15 22:04:03 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 17:12:53 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/04 03:20:01 | 000,003,766 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/05/04 03:20:01 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\08751F20E9.sys
[2009/05/04 02:05:26 | 000,000,882 | ---- | C] () -- C:\Windows\DC.ini
[2008/12/16 16:30:52 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/12/16 16:30:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/02/07 16:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 07:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbkcoin.dll
[2006/11/30 12:34:24 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AMV_DecDLL.dll
[2005/10/05 11:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2005/09/13 15:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll
[2005/09/13 15:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv4.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\System32\drivers\ADFUUD.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:C26B0AB3D1150679
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C980DA7D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >

Thanks in advance

Edited by Lucky Dearly, 22 November 2011 - 02:07 AM.

#2
RKinner

Posted 23 November 2011 - 01:20 AM

Malware Expert

Expert
24,623 posts

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\prxtbNC2.dll (Conduit Ltd.)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6102
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2011/11/21 03:45:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/11 16:05:05 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/11/11 16:05:03 | 000,000,000 | ---D | M] (NCH Community Toolbar) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2011/10/07 21:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/05/29 21:01:13 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]
[2011/02/09 19:44:34 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll File not found
O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (CoolChaser Layouts Auto Insert) - {B0208007-27C1-4BCD-93EF-EFF5DB61FC22} - C:\Program Files\CoolChaser Layouts Auto Insert\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\prxtbNC2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Pando Toolbar) - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (CoolChaser Layouts Auto Insert) - {B0208007-27C1-4BCD-93EF-EFF5DB61FC22} - C:\Program Files\CoolChaser Layouts Auto Insert\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH Toolbar) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files\NCH\prxtbNC2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Pando Toolbar) - {E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe File not found
O4 - HKCU..\Run: [Privacy Protection] C:\Users\nwofan\AppData\Roaming\privacy.exe File not found
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools )

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[RESETHOSTS]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Ron

#3
Lucky Dearly

Posted 23 November 2011 - 05:21 AM

Member

Topic Starter
Member
349 posts

Well here goes the logs.

first combofix

ComboFix 11-11-22.03 - nwofan 11/23/2011 1:58.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2943.2134 [GMT -8:00]
Running from: c:\users\nwofan\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\PandoBar
c:\program files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\program files\Windows User
c:\program files\Windows User\Clipboard - [email protected]
c:\program files\Windows User\dwm.ini
c:\program files\Windows User\logeristry.txt
c:\program files\Windows User\[email protected]
c:\program files\Windows User\todo.txt
c:\program files\Windows User\update.exe
c:\program files\Windows User\ver.txt
c:\program files\Your Product\Uninstall
c:\program files\Your Product\Uninstall\IRIMG1.JPG
c:\program files\Your Product\Uninstall\IRIMG2.JPG
c:\program files\Your Product\Uninstall\uninstall.dat
c:\program files\Your Product\Uninstall\uninstall.xml
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
c:\users\nwofan\078.mp4
c:\users\nwofan\1291034238336667621.jpg
c:\users\nwofan\129191886133242788.jpg
c:\users\nwofan\129193980283769714.jpg
c:\users\nwofan\129203431687003059.jpg
c:\users\nwofan\763.jpg
c:\users\nwofan\AppData\Local\Microsoft\Windows\Temporary Internet Files\NotifyLog72391468.ini
c:\users\nwofan\AppData\Local\Microsoft\Windows\Temporary Internet Files\NotifyLog72392107.ini
c:\users\nwofan\AppData\Local\Microsoft\Windows\Temporary Internet Files\NotifyLog72393309.ini
c:\users\nwofan\AppData\Local\TempDIR
c:\users\nwofan\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\nwofan\AppData\Roaming\Microsoft\~DFK2c4f4a8.tmp
c:\users\nwofan\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\nwofan\AppData\Roaming\Microsoft\bass.dll
c:\users\nwofan\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\nwofan\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\nwofan\AppData\Roaming\Microsoft\peaadje.dll
c:\users\nwofan\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\nwofan\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\nwofan\CamStudio20.exe
c:\users\nwofan\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
c:\users\nwofan\SysSpec.exe
c:\users\Public\4a505db82b9a4f95926ad3aec2152087.jpg
c:\windows\$NtUninstallKB61914$\1573301276\@
c:\windows\$NtUninstallKB61914$\1573301276\bckfg.tmp
c:\windows\$NtUninstallKB61914$\1573301276\cfg.ini
c:\windows\$NtUninstallKB61914$\1573301276\Desktop.ini
c:\windows\$NtUninstallKB61914$\1573301276\keywords
c:\windows\$NtUninstallKB61914$\1573301276\kwrd.dll
c:\windows\$NtUninstallKB61914$\1573301276\L\ngoexmwu
c:\windows\$NtUninstallKB61914$\1573301276\lsflt7.ver
c:\windows\$NtUninstallKB61914$\1573301276\U\00000001.@
c:\windows\$NtUninstallKB61914$\1573301276\U\00000002.@
c:\windows\$NtUninstallKB61914$\1573301276\U\00000004.@
c:\windows\$NtUninstallKB61914$\1573301276\U\80000000.@
c:\windows\$NtUninstallKB61914$\1573301276\U\80000004.@
c:\windows\$NtUninstallKB61914$\1573301276\U\80000032.@
c:\windows\$NtUninstallKB61914$\3633438732
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
K:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-23 10:40 . 2011-11-23 10:40 -------- d-----w- c:\users\Veronica Valencia\AppData\Local\temp
2011-11-23 10:40 . 2011-11-23 10:40 -------- d-----w- c:\users\Mario Valencia\AppData\Local\temp
2011-11-23 10:40 . 2011-11-23 10:40 -------- d-----w- c:\users\nwofan\AppData\Local\temp
2011-11-23 10:40 . 2011-11-23 10:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-21 11:45 . 2011-11-21 11:45 -------- d-----w- c:\programdata\Yahoo! Companion
2011-11-21 11:24 . 2011-11-21 11:45 -------- d-----w- c:\users\nwofan\AppData\Roaming\Yahoo!
2011-11-21 01:40 . 2011-11-21 02:23 -------- d-----w- c:\program files\PC Tools Security
2011-11-21 01:39 . 2011-11-21 01:49 -------- d-----w- c:\programdata\PC Tools
2011-11-20 10:29 . 2011-11-20 11:13 -------- d-----w- c:\users\nwofan\AppData\Roaming\CC4AC
2011-11-20 10:29 . 2011-11-20 11:13 -------- d-----w- c:\users\nwofan\AppData\Roaming\BCCCC
2011-11-20 10:29 . 2011-11-20 10:29 -------- d-----w- c:\users\nwofan\AppData\Roaming\liivvD33onFa
2011-11-20 10:29 . 2011-11-20 10:29 -------- d-----w- c:\users\nwofan\AppData\Roaming\bwwwkUUVrlOtx0c
2011-11-20 10:28 . 2011-11-20 10:28 -------- d-----w- c:\users\nwofan\AppData\Roaming\oyxxA00uvS2iF3n
2011-11-20 10:28 . 2011-11-20 11:13 -------- d-----w- c:\users\nwofan\AppData\Roaming\QpmmmG5sQJ6dE8R
2011-11-20 10:28 . 2011-11-20 10:28 -------- d-----w- c:\users\nwofan\AppData\Roaming\dPPNNyccA
2011-11-20 09:40 . 2011-11-20 09:40 -------- d-----w- c:\program files\Common Files\BOSS
2011-11-20 09:32 . 2011-11-20 09:32 -------- d-----w- c:\program files\Common Files\Wrye Bash
2011-11-19 16:38 . 2011-11-19 16:38 -------- d-----w- c:\users\Alex Valencia\AppData\Roaming\Malwarebytes
2011-11-15 13:31 . 2011-11-15 13:31 -------- d-----w- c:\program files\iPod
2011-11-15 11:59 . 2011-11-15 11:59 -------- d-----w- c:\users\nwofan\AppData\Local\eSupport.com
2011-11-12 18:42 . 2011-11-12 18:42 -------- d-----w- c:\users\Mario Valencia\AppData\Roaming\NVIDIA
2011-11-09 09:07 . 2011-11-09 09:07 -------- d-----w- c:\program files\Futuremark
2011-11-09 05:23 . 2011-11-13 23:47 -------- d-----w- c:\programdata\NVIDIA
2011-11-09 05:23 . 2011-10-15 08:53 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2011-11-09 05:23 . 2011-10-15 08:53 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2011-11-09 05:23 . 2011-10-15 08:53 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-11-09 05:23 . 2011-10-15 08:53 123712 ----a-w- c:\windows\system32\nvshext.dll
2011-11-09 05:23 . 2011-10-15 08:53 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2011-11-09 05:23 . 2011-10-15 08:53 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-11-07 09:36 . 2011-11-07 09:36 -------- d-----w- C:\New folder
2011-11-05 01:01 . 2011-11-05 01:01 -------- d-----w- c:\users\nwofan\AppData\Roaming\VrlOBtxP0SiDnHs
2011-11-05 01:01 . 2011-11-05 01:01 -------- d-----w- c:\users\nwofan\AppData\Roaming\lfEL8gTZqYwU
2011-11-05 00:40 . 2011-11-05 00:40 -------- d-----w- c:\users\nwofan\AppData\Roaming\tOOONyxAuvS2i
2011-11-05 00:40 . 2011-11-05 00:40 -------- d-----w- c:\users\nwofan\AppData\Roaming\aRRLL9hhTXjUCkB
2011-11-05 00:40 . 2011-11-05 00:40 -------- d-----w- c:\users\nwofan\AppData\Roaming\prrzzONNx
2011-11-05 00:40 . 2011-11-05 01:16 -------- d-----w- c:\users\nwofan\AppData\Roaming\n444pmmG5sQ6
2011-11-05 00:40 . 2011-11-05 00:40 -------- d-----w- c:\users\nwofan\AppData\Roaming\zL8TqCVOxyS1v3F
2011-11-05 00:40 . 2011-11-05 00:40 -------- d-----w- c:\users\nwofan\AppData\Roaming\EibF3na6dWKfL
2011-11-03 08:06 . 2011-11-03 08:06 -------- d-----w- c:\users\nwofan\AppData\Roaming\NVIDIA
2011-11-03 08:05 . 2011-11-03 08:05 -------- d-----w- c:\users\UpdatusUser
2011-10-29 15:30 . 2011-10-29 15:30 -------- d-----w- c:\users\Veronica Valencia\AppData\Local\Winamp Toolbar
2011-10-29 00:39 . 2011-11-12 00:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-29 00:38 . 2011-10-29 00:38 -------- d-----w- c:\windows\system32\Adobe
2011-10-26 09:03 . 2011-10-26 09:03 -------- d-----w- c:\users\nwofan\AppData\Roaming\Media Player Classic
2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-08 05:23 . 2011-09-08 05:23 800824 ----a-w- c:\users\Default\AppData\Roaming\DPInst.exe
2011-09-08 05:23 . 2011-09-08 05:23 36352 ----a-w- c:\users\Default\AppData\Roaming\PnPutil.exe
2011-09-08 05:23 . 2011-09-08 05:23 106496 ----a-w- c:\users\Default\AppData\Roaming\gacutil.exe
2011-09-01 00:00 . 2009-11-21 10:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\system32\dnssd.dll
1998-04-27 05:00 . 1998-04-27 05:00 570128 ----a-w- c:\program files\Common Files\DAO350.DLL
2011-11-12 00:03 . 2011-04-02 10:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B0208007-27C1-4BCD-93EF-EFF5DB61FC22}"= "c:\program files\CoolChaser Layouts Auto Insert\Toolbar.dll" [2010-07-06 1502208]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files\NCH\prxtbNC2.dll" [2011-01-17 175912]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2010-12-28 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-12-28 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{b0208007-27c1-4bcd-93ef-eff5db61fc22}]
[HKEY_CLASSES_ROOT\FCTB000060531.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{80E55E64-0B78-4AA3-B48A-6CBF0536832A}]
[HKEY_CLASSES_ROOT\FCTB000060531.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B0208007-27C1-4BCD-93EF-EFF5DB61FC22}"= "c:\program files\CoolChaser Layouts Auto Insert\Toolbar.dll" [2010-07-06 1502208]
"{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}"= "c:\program files\NCH\prxtbNC2.dll" [2011-01-17 175912]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2010-12-28 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-12-28 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{b0208007-27c1-4bcd-93ef-eff5db61fc22}]
[HKEY_CLASSES_ROOT\FCTB000060531.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{80E55E64-0B78-4AA3-B48A-6CBF0536832A}]
[HKEY_CLASSES_ROOT\FCTB000060531.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2010-04-08 292824]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]
"Pando"="c:\program files\Pando Networks\Pando\Pando.exe" [2010-08-01 4950936]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"AIM"="c:\program files\AIM7\aim.exe" [2011-01-05 4321112]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-26 17764488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-17 2510848]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-09-06 2232752]
.
c:\users\nwofan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MBCameraMonitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MBCameraMonitor.lnk
backup=c:\windows\pss\MBCameraMonitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Registration Tool.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run Registration Tool.lnk
backup=c:\windows\pss\Run Registration Tool.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TunesUp20.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TunesUp20.lnk
backup=c:\windows\pss\TunesUp20.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2011-02-14 03:20 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 08:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 03:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-09-10 14:28 2338656 ----a-w- c:\program files\AVG\AVG10\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2009-08-01 01:38 283792 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2010-11-20 12:17 144384 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2011-06-17 00:53 2510848 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1241069855\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 15:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 22:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2010-06-30 07:14 1689144 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 08:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2008-07-21 13:30 12288 ----a-w- c:\program files\Hewlett-Packard\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2011-03-04 19:45 2741616 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbkbmgr.exe]
2008-02-28 18:57 74408 ----a-w- c:\program files\Lexmark X1100 Series\LXBKbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-09-01 00:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-09-01 00:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2011-01-29 01:36 526336 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2008-09-23 19:03 912688 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
2009-11-25 22:42 104408 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 19:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 02:11 210216 ----a-w- c:\program files\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 02:11 210216 ----a-w- c:\program files\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-09-11 23:32 210216 ----a-w- c:\program files\Cyberlink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-10-01 00:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
R1 TunesUpAudioDriver;TunesUp Audio Driver;c:\windows\system32\drivers\tupvckmd.sys [2009-11-10 14848]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca6243422bd392;Google Update Service (gupdate1ca6243422bd392);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 133104]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6016]
R3 dsiarhwprog;dsiarhwprog;c:\windows\system32\Drivers\dsiarhwprog.sys [2007-02-08 29184]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-22 46192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 133104]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-30 8320]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 81168]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-02-08 11008]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\program files\PC-Doctor for Windows\pcd5srvc.pkms [2008-09-10 20640]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-25 1343400]
R3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys [2006-12-24 27904]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-10 691696]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\NServiceEntry.exe [2010-11-05 81920]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [2011-09-06 393648]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 94880]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [2010-09-20 52824]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-07 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 19:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 20:20]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 20:20]
.
2011-10-29 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wwe.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com/?fr=fp-tyc8
uInternet Settings,ProxyOverride = <local>;192.168.*.*
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v420.cab
FF - ProfilePath - c:\users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2878731&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.wwe.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Privacy Protection - c:\users\nwofan\AppData\Roaming\privacy.exe
HKLM-Run-Conime - c:\windows\system32\conime.exe
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-Conime - c:\windows\system32\conime.exe
MSConfigStartUp-SunJavaUpdateReg - c:\windows\system32\jureg.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-sp41099 - c:\hp\Softpaq\sp41099\sp41099.exe
AddRemove-Unofficial Oblivion Patch_is1 - k:\bethesda softworks\Unofficial Oblivion Patch\unins000.exe
AddRemove-Unofficial Shivering Isles Patch_is1 - k:\bethesda softworks\Unofficial Shivering Isles Patch\unins000.exe
AddRemove-{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1 - c:\program files\Phoenix Viewer\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\program files\PC-Doctor for Windows\pcd5srvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1868571618-3835447236-223175164-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:94,22,3e,75,1a,49,97,e5,88,35,c6,e4,55,54,fe,4f,08,44,c5,99,bd,30,72,
c0,47,7c,53,58,60,ae,e4,34,f1,e9,18,33,bd,04,e3,66,3b,80,ee,8a,15,af,18,1d,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1868571618-3835447236-223175164-1000\Software\SecuROM\License information*]
"datasecu"=hex:9a,f7,6e,4d,b6,50,f9,96,5c,c1,5b,41,bf,f9,ef,d5,ae,23,46,9b,10,
29,32,2b,43,47,9b,93,30,81,02,66,93,47,ec,72,3b,70,61,b1,65,01,d0,99,57,9d,\
"rkeysecu"=hex:a3,55,ea,db,ed,3a,3b,2e,64,c0,1f,5b,8f,6c,dd,1f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(712)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2011-11-23 02:45:32
ComboFix-quarantined-files.txt 2011-11-23 10:45
.
Pre-Run: 32,340,099,072 bytes free
Post-Run: 35,720,810,496 bytes free
.
- - End Of File - - 6670E6014050A1F7B158D159033C3BF5

next TDSS killer

02:50:53.0137 5612 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
02:50:53.0757 5612 ============================================================
02:50:53.0757 5612 Current date / time: 2011/11/23 02:50:53.0757
02:50:53.0757 5612 SystemInfo:
02:50:53.0757 5612
02:50:53.0757 5612 OS Version: 6.1.7601 ServicePack: 1.0
02:50:53.0757 5612 Product type: Workstation
02:50:53.0758 5612 ComputerName: GAMERPC
02:50:53.0758 5612 UserName: nwofan
02:50:53.0758 5612 Windows directory: C:\Windows
02:50:53.0758 5612 System windows directory: C:\Windows
02:50:53.0758 5612 Processor architecture: Intel x86
02:50:53.0758 5612 Number of processors: 2
02:50:53.0758 5612 Page size: 0x1000
02:50:53.0758 5612 Boot type: Normal boot
02:50:53.0758 5612 ============================================================
02:50:55.0505 5612 Initialize success
02:50:58.0173 5600 ============================================================
02:50:58.0173 5600 Scan started
02:50:58.0173 5600 Mode: Manual;
02:50:58.0173 5600 ============================================================
02:50:58.0994 5600 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
02:50:58.0999 5600 1394ohci - ok
02:50:59.0043 5600 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
02:50:59.0047 5600 ACPI - ok
02:50:59.0197 5600 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
02:50:59.0198 5600 AcpiPmi - ok
02:50:59.0282 5600 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
02:50:59.0283 5600 adfs - ok
02:50:59.0486 5600 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
02:50:59.0494 5600 adp94xx - ok
02:50:59.0562 5600 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
02:50:59.0565 5600 adpahci - ok
02:50:59.0736 5600 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
02:50:59.0738 5600 adpu320 - ok
02:50:59.0826 5600 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
02:50:59.0833 5600 AFD - ok
02:50:59.0956 5600 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
02:50:59.0957 5600 agp440 - ok
02:51:00.0067 5600 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
02:51:00.0068 5600 aic78xx - ok
02:51:00.0224 5600 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
02:51:00.0225 5600 aliide - ok
02:51:00.0299 5600 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
02:51:00.0301 5600 amdagp - ok
02:51:00.0348 5600 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
02:51:00.0349 5600 amdide - ok
02:51:00.0496 5600 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
02:51:00.0498 5600 AmdK8 - ok
02:51:00.0560 5600 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
02:51:00.0562 5600 AmdPPM - ok
02:51:00.0628 5600 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
02:51:00.0630 5600 amdsata - ok
02:51:00.0790 5600 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
02:51:00.0793 5600 amdsbs - ok
02:51:00.0865 5600 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
02:51:00.0866 5600 amdxata - ok
02:51:01.0013 5600 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
02:51:01.0022 5600 AppID - ok
02:51:01.0236 5600 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
02:51:01.0238 5600 arc - ok
02:51:01.0275 5600 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
02:51:01.0279 5600 arcsas - ok
02:51:01.0366 5600 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
02:51:01.0367 5600 AsyncMac - ok
02:51:01.0469 5600 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
02:51:01.0470 5600 atapi - ok
02:51:01.0703 5600 AVGIDSDriver (b9acb889ba1e0561868c025f95d63e25) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
02:51:01.0704 5600 AVGIDSDriver - ok
02:51:01.0775 5600 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
02:51:01.0776 5600 AVGIDSEH - ok
02:51:01.0917 5600 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
02:51:01.0918 5600 AVGIDSFilter - ok
02:51:01.0937 5600 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
02:51:01.0938 5600 AVGIDSShim - ok
02:51:01.0992 5600 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
02:51:01.0995 5600 Avgldx86 - ok
02:51:02.0154 5600 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
02:51:02.0156 5600 Avgmfx86 - ok
02:51:02.0239 5600 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
02:51:02.0240 5600 Avgrkx86 - ok
02:51:02.0399 5600 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
02:51:02.0402 5600 Avgtdix - ok
02:51:02.0704 5600 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
02:51:02.0709 5600 b06bdrv - ok
02:51:03.0041 5600 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
02:51:03.0045 5600 b57nd60x - ok
02:51:03.0211 5600 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
02:51:03.0212 5600 Beep - ok
02:51:03.0289 5600 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
02:51:03.0291 5600 blbdrive - ok
02:51:03.0453 5600 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
02:51:03.0464 5600 bowser - ok
02:51:03.0533 5600 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:51:03.0534 5600 BrFiltLo - ok
02:51:03.0552 5600 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:51:03.0553 5600 BrFiltUp - ok
02:51:03.0665 5600 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
02:51:03.0672 5600 Brserid - ok
02:51:03.0756 5600 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
02:51:03.0758 5600 BrSerWdm - ok
02:51:03.0781 5600 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:51:03.0782 5600 BrUsbMdm - ok
02:51:03.0878 5600 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
02:51:03.0879 5600 BrUsbSer - ok
02:51:03.0972 5600 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
02:51:03.0974 5600 BTCFilterService - ok
02:51:04.0034 5600 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
02:51:04.0035 5600 BTHMODEM - ok
02:51:04.0254 5600 catchme - ok
02:51:04.0476 5600 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
02:51:04.0477 5600 cdfs - ok
02:51:04.0524 5600 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
02:51:04.0526 5600 cdrom - ok
02:51:04.0718 5600 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
02:51:04.0720 5600 circlass - ok
02:51:04.0779 5600 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
02:51:04.0783 5600 CLFS - ok
02:51:05.0012 5600 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
02:51:05.0013 5600 CmBatt - ok
02:51:05.0049 5600 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
02:51:05.0050 5600 cmdide - ok
02:51:05.0077 5600 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
02:51:05.0082 5600 CNG - ok
02:51:05.0106 5600 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
02:51:05.0107 5600 Compbatt - ok
02:51:05.0298 5600 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
02:51:05.0300 5600 CompositeBus - ok
02:51:05.0378 5600 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
02:51:05.0379 5600 crcdisk - ok
02:51:05.0577 5600 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
02:51:05.0583 5600 CSC - ok
02:51:05.0676 5600 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
02:51:05.0691 5600 DfsC - ok
02:51:05.0883 5600 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
02:51:05.0885 5600 discache - ok
02:51:05.0911 5600 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
02:51:05.0913 5600 Disk - ok
02:51:05.0990 5600 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
02:51:05.0991 5600 drmkaud - ok
02:51:06.0174 5600 dsiarhwprog (f35b5d0cc142b87e687fc504baa69d82) C:\Windows\system32\Drivers\dsiarhwprog.sys
02:51:06.0175 5600 dsiarhwprog - ok
02:51:06.0268 5600 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
02:51:06.0277 5600 DXGKrnl - ok
02:51:06.0545 5600 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
02:51:06.0590 5600 ebdrv - ok
02:51:06.0757 5600 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
02:51:06.0758 5600 ElbyCDFL - ok
02:51:06.0778 5600 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
02:51:06.0778 5600 ElbyCDIO - ok
02:51:06.0854 5600 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
02:51:06.0858 5600 elxstor - ok
02:51:07.0022 5600 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
02:51:07.0024 5600 ErrDev - ok
02:51:07.0119 5600 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
02:51:07.0122 5600 exfat - ok
02:51:07.0268 5600 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
02:51:07.0271 5600 fastfat - ok
02:51:07.0351 5600 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
02:51:07.0352 5600 fdc - ok
02:51:07.0509 5600 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
02:51:07.0510 5600 FileInfo - ok
02:51:07.0524 5600 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
02:51:07.0525 5600 Filetrace - ok
02:51:07.0589 5600 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
02:51:07.0590 5600 flpydisk - ok
02:51:07.0754 5600 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
02:51:07.0758 5600 FltMgr - ok
02:51:07.0782 5600 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
02:51:07.0783 5600 FsDepends - ok
02:51:07.0918 5600 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
02:51:07.0933 5600 fssfltr - ok
02:51:08.0092 5600 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
02:51:08.0094 5600 Fs_Rec - ok
02:51:08.0267 5600 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
02:51:08.0273 5600 fvevol - ok
02:51:08.0368 5600 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:51:08.0371 5600 gagp30kx - ok
02:51:08.0604 5600 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:51:08.0619 5600 GEARAspiWDM - ok
02:51:08.0687 5600 GenericMount (29c3d2a2398b980a73043fa3688e2f30) C:\Windows\system32\DRIVERS\GenericMount.sys
02:51:08.0688 5600 GenericMount - ok
02:51:08.0919 5600 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
02:51:08.0921 5600 hcw85cir - ok
02:51:08.0966 5600 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
02:51:08.0968 5600 HDAudBus - ok
02:51:08.0999 5600 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
02:51:09.0000 5600 HidBatt - ok
02:51:09.0025 5600 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
02:51:09.0028 5600 HidBth - ok
02:51:09.0198 5600 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
02:51:09.0200 5600 HidIr - ok
02:51:09.0247 5600 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
02:51:09.0248 5600 HidUsb - ok
02:51:09.0440 5600 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
02:51:09.0446 5600 HpSAMD - ok
02:51:09.0558 5600 HSF_DP (0f5ed510a6c361420bc319e0cf96c1dc) C:\Windows\system32\DRIVERS\HSX_DP.sys
02:51:09.0564 5600 HSF_DP - ok
02:51:09.0700 5600 HSXHWBS2 (186c11d0ca0e53b1ee266633b9d8b393) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
02:51:09.0705 5600 HSXHWBS2 - ok
02:51:09.0787 5600 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
02:51:09.0800 5600 HTTP - ok
02:51:09.0860 5600 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
02:51:09.0863 5600 hwpolicy - ok
02:51:10.0031 5600 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
02:51:10.0035 5600 i8042prt - ok
02:51:10.0091 5600 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
02:51:10.0111 5600 iaStorV - ok
02:51:10.0296 5600 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
02:51:10.0298 5600 iirsp - ok
02:51:10.0435 5600 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys
02:51:10.0454 5600 IntcAzAudAddService - ok
02:51:10.0590 5600 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
02:51:10.0591 5600 intelide - ok
02:51:10.0654 5600 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
02:51:10.0657 5600 intelppm - ok
02:51:10.0690 5600 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:51:10.0693 5600 IpFilterDriver - ok
02:51:10.0861 5600 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
02:51:10.0862 5600 IPMIDRV - ok
02:51:10.0926 5600 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
02:51:10.0939 5600 IPNAT - ok
02:51:11.0143 5600 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
02:51:11.0155 5600 IRENUM - ok
02:51:11.0205 5600 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
02:51:11.0208 5600 isapnp - ok
02:51:11.0258 5600 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
02:51:11.0263 5600 iScsiPrt - ok
02:51:11.0462 5600 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) C:\Windows\system32\DRIVERS\ivusb.sys
02:51:11.0463 5600 ivusb - ok
02:51:11.0522 5600 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
02:51:11.0524 5600 kbdclass - ok
02:51:11.0692 5600 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
02:51:11.0694 5600 kbdhid - ok
02:51:11.0775 5600 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
02:51:11.0777 5600 KSecDD - ok
02:51:11.0966 5600 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
02:51:11.0971 5600 KSecPkg - ok
02:51:12.0078 5600 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
02:51:12.0079 5600 lltdio - ok
02:51:12.0223 5600 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:51:12.0226 5600 LSI_FC - ok
02:51:12.0246 5600 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:51:12.0248 5600 LSI_SAS - ok
02:51:12.0403 5600 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:51:12.0406 5600 LSI_SAS2 - ok
02:51:12.0437 5600 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:51:12.0440 5600 LSI_SCSI - ok
02:51:12.0520 5600 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
02:51:12.0523 5600 luafv - ok
02:51:12.0732 5600 ManyCam (c6d085c7045200143528136a43a65fde) C:\Windows\system32\DRIVERS\ManyCam.sys
02:51:12.0733 5600 ManyCam - ok
02:51:12.0969 5600 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
02:51:12.0970 5600 MBAMProtector - ok
02:51:13.0206 5600 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
02:51:13.0207 5600 mdmxsdk - ok
02:51:13.0270 5600 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
02:51:13.0271 5600 megasas - ok
02:51:13.0317 5600 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
02:51:13.0321 5600 MegaSR - ok
02:51:13.0346 5600 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
02:51:13.0347 5600 Modem - ok
02:51:13.0547 5600 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
02:51:13.0549 5600 monitor - ok
02:51:13.0646 5600 motccgp (f4ea1193a52c8fe4b8a135e210abe546) C:\Windows\system32\DRIVERS\motccgp.sys
02:51:13.0648 5600 motccgp - ok
02:51:13.0794 5600 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
02:51:13.0796 5600 motccgpfl - ok
02:51:13.0829 5600 MotioninJoyXFilter (61448ba3cca3063541437694a5527af2) C:\Windows\system32\DRIVERS\MijXfilt.sys
02:51:13.0832 5600 MotioninJoyXFilter - ok
02:51:13.0915 5600 motmodem (69814acd50a9d6d28296050ef6215d46) C:\Windows\system32\DRIVERS\motmodem.sys
02:51:13.0917 5600 motmodem - ok
02:51:14.0140 5600 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
02:51:14.0142 5600 MotoSwitchService - ok
02:51:14.0169 5600 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\Windows\system32\DRIVERS\Motousbnet.sys
02:51:14.0171 5600 Motousbnet - ok
02:51:14.0226 5600 motport - ok
02:51:14.0402 5600 motusbdevice (f18898d418f43e74a93edc57e1f28bc9) C:\Windows\system32\DRIVERS\motusbdevice.sys
02:51:14.0403 5600 motusbdevice - ok
02:51:14.0439 5600 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
02:51:14.0440 5600 mouclass - ok
02:51:14.0653 5600 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
02:51:14.0655 5600 mouhid - ok
02:51:14.0726 5600 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
02:51:14.0730 5600 mountmgr - ok
02:51:14.0788 5600 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
02:51:14.0791 5600 mpio - ok
02:51:14.0925 5600 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
02:51:14.0927 5600 mpsdrv - ok
02:51:15.0000 5600 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
02:51:15.0003 5600 MRxDAV - ok
02:51:15.0083 5600 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:51:15.0090 5600 mrxsmb - ok
02:51:15.0272 5600 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:51:15.0279 5600 mrxsmb10 - ok
02:51:15.0349 5600 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:51:15.0353 5600 mrxsmb20 - ok
02:51:15.0481 5600 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
02:51:15.0483 5600 msahci - ok
02:51:15.0556 5600 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
02:51:15.0559 5600 msdsm - ok
02:51:15.0629 5600 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
02:51:15.0630 5600 Msfs - ok
02:51:15.0724 5600 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
02:51:15.0725 5600 mshidkmdf - ok
02:51:15.0748 5600 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
02:51:15.0749 5600 msisadrv - ok
02:51:15.0880 5600 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
02:51:15.0882 5600 MSKSSRV - ok
02:51:16.0013 5600 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
02:51:16.0015 5600 MSPCLOCK - ok
02:51:16.0040 5600 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
02:51:16.0042 5600 MSPQM - ok
02:51:16.0144 5600 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
02:51:16.0148 5600 MsRPC - ok
02:51:16.0242 5600 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
02:51:16.0243 5600 mssmbios - ok
02:51:16.0284 5600 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
02:51:16.0285 5600 MSTEE - ok
02:51:16.0392 5600 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
02:51:16.0394 5600 MTConfig - ok
02:51:16.0487 5600 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
02:51:16.0496 5600 Mup - ok
02:51:16.0573 5600 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
02:51:16.0578 5600 NativeWifiP - ok
02:51:16.0654 5600 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
02:51:16.0660 5600 NDIS - ok
02:51:16.0791 5600 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
02:51:16.0793 5600 NdisCap - ok
02:51:16.0827 5600 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
02:51:16.0828 5600 NdisTapi - ok
02:51:16.0895 5600 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
02:51:16.0897 5600 Ndisuio - ok
02:51:16.0957 5600 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
02:51:16.0959 5600 NdisWan - ok
02:51:17.0085 5600 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
02:51:17.0086 5600 NDProxy - ok
02:51:17.0146 5600 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
02:51:17.0148 5600 NetBIOS - ok
02:51:17.0230 5600 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
02:51:17.0236 5600 NetBT - ok
02:51:17.0416 5600 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
02:51:17.0417 5600 nfrd960 - ok
02:51:17.0478 5600 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
02:51:17.0480 5600 Npfs - ok
02:51:17.0499 5600 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
02:51:17.0500 5600 nsiproxy - ok
02:51:17.0590 5600 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
02:51:17.0614 5600 Ntfs - ok
02:51:17.0759 5600 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
02:51:17.0760 5600 Null - ok
02:51:17.0831 5600 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
02:51:17.0835 5600 NVENETFD - ok
02:51:18.0261 5600 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:51:18.0325 5600 nvlddmkm - ok
02:51:18.0495 5600 NVNET (5bf9c11586f4764446407f509f1beca8) C:\Windows\system32\DRIVERS\nvmf6232.sys
02:51:18.0500 5600 NVNET - ok
02:51:18.0542 5600 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
02:51:18.0544 5600 nvraid - ok
02:51:18.0703 5600 nvrd32 (085e88101d0d4b321abf9c7e2b6ee99d) C:\Windows\system32\drivers\nvrd32.sys
02:51:18.0706 5600 nvrd32 - ok
02:51:18.0747 5600 nvsmu (62754e376185eacbb73d06fea0ffc54a) C:\Windows\system32\drivers\nvsmu.sys
02:51:18.0749 5600 nvsmu - ok
02:51:18.0788 5600 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
02:51:18.0791 5600 nvstor - ok
02:51:18.0987 5600 nvstor32 (01cb6251cb805abec096ef004b2239c5) C:\Windows\system32\DRIVERS\nvstor32.sys
02:51:18.0990 5600 nvstor32 - ok
02:51:19.0050 5600 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
02:51:19.0063 5600 nv_agp - ok
02:51:19.0207 5600 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
02:51:19.0209 5600 ohci1394 - ok
02:51:19.0278 5600 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
02:51:19.0279 5600 Parport - ok
02:51:19.0347 5600 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
02:51:19.0350 5600 partmgr - ok
02:51:19.0551 5600 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
02:51:19.0553 5600 Parvdm - ok
02:51:19.0709 5600 PCD5SRVC{BD6912E3-AC9D80E8-05040000} (9489c4cf14126a06b061163d2b261c69) C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms
02:51:19.0712 5600 PCD5SRVC{BD6912E3-AC9D80E8-05040000} - ok
02:51:19.0862 5600 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
02:51:19.0866 5600 pci - ok
02:51:19.0943 5600 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
02:51:19.0945 5600 pciide - ok
02:51:20.0132 5600 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
02:51:20.0136 5600 pcmcia - ok
02:51:20.0178 5600 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
02:51:20.0180 5600 pcw - ok
02:51:20.0212 5600 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
02:51:20.0219 5600 PEAUTH - ok
02:51:20.0461 5600 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
02:51:20.0463 5600 PptpMiniport - ok
02:51:20.0487 5600 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
02:51:20.0488 5600 Processor - ok
02:51:20.0711 5600 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
02:51:20.0713 5600 Ps2 - ok
02:51:20.0773 5600 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
02:51:20.0775 5600 Psched - ok
02:51:20.0834 5600 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
02:51:20.0845 5600 ql2300 - ok
02:51:21.0025 5600 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
02:51:21.0027 5600 ql40xx - ok
02:51:21.0050 5600 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
02:51:21.0051 5600 QWAVEdrv - ok
02:51:21.0078 5600 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
02:51:21.0079 5600 RasAcd - ok
02:51:21.0147 5600 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:51:21.0148 5600 RasAgileVpn - ok
02:51:21.0327 5600 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:51:21.0332 5600 Rasl2tp - ok
02:51:21.0384 5600 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
02:51:21.0388 5600 RasPppoe - ok
02:51:21.0547 5600 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
02:51:21.0549 5600 RasSstp - ok
02:51:21.0597 5600 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
02:51:21.0601 5600 rdbss - ok
02:51:21.0619 5600 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
02:51:21.0620 5600 rdpbus - ok
02:51:21.0683 5600 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:51:21.0684 5600 RDPCDD - ok
02:51:21.0857 5600 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
02:51:21.0874 5600 RDPDR - ok
02:51:21.0954 5600 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
02:51:21.0956 5600 RDPENCDD - ok
02:51:21.0998 5600 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
02:51:22.0002 5600 RDPREFMP - ok
02:51:22.0193 5600 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
02:51:22.0194 5600 RdpVideoMiniport - ok
02:51:22.0241 5600 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
02:51:22.0244 5600 RDPWD - ok
02:51:22.0312 5600 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
02:51:22.0320 5600 rdyboost - ok
02:51:22.0563 5600 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
02:51:22.0566 5600 rspndr - ok
02:51:22.0617 5600 RT25USBAP (d3b4872de758efa9e0740694c4461421) C:\Windows\system32\DRIVERS\rt25usbap.sys
02:51:22.0619 5600 RT25USBAP - ok
02:51:22.0774 5600 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
02:51:22.0776 5600 s3cap - ok
02:51:22.0831 5600 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
02:51:22.0834 5600 sbp2port - ok
02:51:23.0027 5600 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
02:51:23.0028 5600 scfilter - ok
02:51:23.0111 5600 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:51:23.0112 5600 secdrv - ok
02:51:23.0273 5600 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
02:51:23.0274 5600 Serenum - ok
02:51:23.0297 5600 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
02:51:23.0299 5600 Serial - ok
02:51:23.0331 5600 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
02:51:23.0332 5600 sermouse - ok
02:51:23.0382 5600 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
02:51:23.0383 5600 sffdisk - ok
02:51:23.0533 5600 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
02:51:23.0536 5600 sffp_mmc - ok
02:51:23.0562 5600 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
02:51:23.0564 5600 sffp_sd - ok
02:51:23.0631 5600 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
02:51:23.0632 5600 sfloppy - ok
02:51:23.0791 5600 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
02:51:23.0792 5600 sisagp - ok
02:51:23.0832 5600 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:51:23.0833 5600 SiSRaid2 - ok
02:51:23.0888 5600 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
02:51:23.0890 5600 SiSRaid4 - ok
02:51:24.0034 5600 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
02:51:24.0037 5600 Smb - ok
02:51:24.0094 5600 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
02:51:24.0095 5600 spldr - ok
02:51:24.0298 5600 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
02:51:24.0298 5600 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
02:51:24.0314 5600 sptd ( LockedFile.Multi.Generic ) - warning
02:51:24.0314 5600 sptd - detected LockedFile.Multi.Generic (1)
02:51:24.0384 5600 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
02:51:24.0392 5600 srv - ok
02:51:24.0569 5600 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
02:51:24.0580 5600 srv2 - ok
02:51:24.0647 5600 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
02:51:24.0650 5600 srvnet - ok
02:51:24.0712 5600 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
02:51:24.0713 5600 sscdbus - ok
02:51:24.0867 5600 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
02:51:24.0868 5600 sscdmdfl - ok
02:51:24.0895 5600 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
02:51:24.0896 5600 sscdmdm - ok
02:51:24.0974 5600 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
02:51:24.0986 5600 sscdserd - ok
02:51:25.0200 5600 stdriver (8bb19094def583e0eece1830457444ee) C:\Windows\system32\DRIVERS\stdriver32.sys
02:51:25.0201 5600 stdriver - ok
02:51:25.0264 5600 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
02:51:25.0265 5600 stexstor - ok
02:51:25.0308 5600 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
02:51:25.0309 5600 storflt - ok
02:51:25.0328 5600 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
02:51:25.0329 5600 storvsc - ok
02:51:25.0529 5600 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
02:51:25.0531 5600 swenum - ok
02:51:25.0606 5600 swmsflt (3d4776ab6520240ae06d277ac45bf836) C:\Windows\system32\DRIVERS\swmsflt.sys
02:51:25.0608 5600 swmsflt - ok
02:51:25.0783 5600 SWMX00 (af88ae62b84d016eb5bdc12ddf1005a3) C:\Windows\system32\DRIVERS\swmx00.sys
02:51:25.0785 5600 SWMX00 - ok
02:51:25.0845 5600 SWNC5E00 (68fa9dea71b307210045aea89310ef7f) C:\Windows\system32\DRIVERS\SWNC5E00.sys
02:51:25.0848 5600 SWNC5E00 - ok
02:51:25.0964 5600 Synth3dVsc - ok
02:51:26.0127 5600 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
02:51:26.0141 5600 Tcpip - ok
02:51:26.0377 5600 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
02:51:26.0397 5600 TCPIP6 - ok
02:51:26.0454 5600 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
02:51:26.0455 5600 tcpipreg - ok
02:51:26.0625 5600 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
02:51:26.0626 5600 TDPIPE - ok
02:51:26.0654 5600 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
02:51:26.0656 5600 TDTCP - ok
02:51:26.0710 5600 tdx (cacc713621c2d28b58a98b35ca0965dc) C:\Windows\system32\DRIVERS\tdx.sys
02:51:26.0713 5600 tdx ( Rootkit.Win32.ZAccess.k ) - infected
02:51:26.0714 5600 tdx - detected Rootkit.Win32.ZAccess.k (0)
02:51:26.0769 5600 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
02:51:26.0772 5600 TermDD - ok
02:51:26.0998 5600 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:51:27.0000 5600 tssecsrv - ok
02:51:27.0069 5600 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
02:51:27.0071 5600 TsUsbFlt - ok
02:51:27.0080 5600 tsusbhub - ok
02:51:27.0137 5600 TunesUpAudioDriver (c2ed11d18a5790686d49c7155c29ae48) C:\Windows\system32\drivers\tupvckmd.sys
02:51:27.0138 5600 Suspicious file (Forged): C:\Windows\system32\drivers\tupvckmd.sys. Real md5: c2ed11d18a5790686d49c7155c29ae48, Fake md5: 3209b6cc34f40e1180ce453e846050bf
02:51:27.0139 5600 TunesUpAudioDriver ( ForgedFile.Multi.Generic ) - warning
02:51:27.0140 5600 TunesUpAudioDriver - detected ForgedFile.Multi.Generic (1)
02:51:27.0323 5600 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
02:51:27.0327 5600 tunnel - ok
02:51:27.0388 5600 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
02:51:27.0391 5600 uagp35 - ok
02:51:27.0466 5600 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
02:51:27.0473 5600 udfs - ok
02:51:27.0688 5600 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
02:51:27.0689 5600 uliagpkx - ok
02:51:27.0750 5600 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
02:51:27.0755 5600 umbus - ok
02:51:27.0931 5600 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
02:51:27.0933 5600 UmPass - ok
02:51:28.0061 5600 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
02:51:28.0062 5600 USBAAPL - ok
02:51:28.0188 5600 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
02:51:28.0190 5600 usbccgp - ok
02:51:28.0229 5600 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
02:51:28.0231 5600 usbcir - ok
02:51:28.0257 5600 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
02:51:28.0258 5600 usbehci - ok
02:51:28.0327 5600 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
02:51:28.0332 5600 usbhub - ok
02:51:28.0464 5600 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
02:51:28.0467 5600 usbohci - ok
02:51:28.0576 5600 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
02:51:28.0578 5600 usbprint - ok
02:51:28.0712 5600 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
02:51:28.0713 5600 usbscan - ok
02:51:28.0782 5600 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:51:28.0784 5600 USBSTOR - ok
02:51:28.0829 5600 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
02:51:28.0831 5600 usbuhci - ok
02:51:28.0867 5600 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
02:51:28.0868 5600 VClone - ok
02:51:29.0025 5600 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
02:51:29.0029 5600 vdrvroot - ok
02:51:29.0124 5600 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
02:51:29.0125 5600 vga - ok
02:51:29.0280 5600 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
02:51:29.0282 5600 VgaSave - ok
02:51:29.0310 5600 VGPU - ok
02:51:29.0351 5600 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
02:51:29.0354 5600 vhdmp - ok
02:51:29.0507 5600 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
02:51:29.0514 5600 viaagp - ok
02:51:29.0600 5600 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
02:51:29.0602 5600 ViaC7 - ok
02:51:29.0643 5600 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
02:51:29.0644 5600 viaide - ok
02:51:29.0775 5600 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
02:51:29.0777 5600 vmbus - ok
02:51:29.0812 5600 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
02:51:29.0813 5600 VMBusHID - ok
02:51:29.0846 5600 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
02:51:29.0848 5600 volmgr - ok
02:51:30.0074 5600 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
02:51:30.0098 5600 volmgrx - ok
02:51:30.0190 5600 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
02:51:30.0195 5600 volsnap - ok
02:51:30.0231 5600 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
02:51:30.0233 5600 vsmraid - ok
02:51:30.0541 5600 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
02:51:30.0547 5600 VSTHWBS2 - ok
02:51:30.0752 5600 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
02:51:30.0764 5600 VST_DPV - ok
02:51:30.0870 5600 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
02:51:30.0872 5600 vwifibus - ok
02:51:30.0948 5600 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
02:51:30.0949 5600 WacomPen - ok
02:51:31.0259 5600 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
02:51:31.0289 5600 WANARP - ok
02:51:31.0310 5600 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
02:51:31.0312 5600 Wanarpv6 - ok
02:51:31.0360 5600 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
02:51:31.0361 5600 wanatw - ok
02:51:31.0455 5600 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
02:51:31.0456 5600 Wd - ok
02:51:31.0787 5600 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
02:51:31.0790 5600 WDC_SAM - ok
02:51:32.0005 5600 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
02:51:32.0016 5600 Wdf01000 - ok
02:51:32.0156 5600 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
02:51:32.0158 5600 WfpLwf - ok
02:51:32.0265 5600 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
02:51:32.0267 5600 WimFltr - ok
02:51:32.0318 5600 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
02:51:32.0320 5600 WIMMount - ok
02:51:32.0508 5600 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
02:51:32.0519 5600 winachsf - ok
02:51:32.0703 5600 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
02:51:32.0705 5600 WinUsb - ok
02:51:32.0933 5600 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
02:51:32.0936 5600 WmiAcpi - ok
02:51:33.0028 5600 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
02:51:33.0029 5600 ws2ifsl - ok
02:51:33.0241 5600 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
02:51:33.0243 5600 WudfPf - ok
02:51:33.0327 5600 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:51:33.0330 5600 WUDFRd - ok
02:51:33.0513 5600 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
02:51:33.0515 5600 XAudio - ok
02:51:33.0567 5600 XPADFL02 (6ab0d2d28e2a984fbba5295f2dd81878) C:\Windows\system32\DRIVERS\xpadfl02.sys
02:51:33.0568 5600 XPADFL02 - ok
02:51:33.0640 5600 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
02:51:33.0642 5600 xusb21 - ok
02:51:33.0692 5600 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:51:33.0697 5600 \Device\Harddisk0\DR0 - ok
02:51:33.0703 5600 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
02:51:33.0708 5600 \Device\Harddisk1\DR1 - ok
02:51:33.0714 5600 Boot (0x1200) (c53d9631575fdd4bb83174dd99dcd33a) \Device\Harddisk0\DR0\Partition0
02:51:33.0714 5600 \Device\Harddisk0\DR0\Partition0 - ok
02:51:33.0752 5600 Boot (0x1200) (c96c2a65e55b5d47f1bb124541a0a1d8) \Device\Harddisk0\DR0\Partition1
02:51:33.0753 5600 \Device\Harddisk0\DR0\Partition1 - ok
02:51:33.0757 5600 Boot (0x1200) (74e808ce78b282d4fa4b5d5d5e26c335) \Device\Harddisk1\DR1\Partition0
02:51:33.0759 5600 \Device\Harddisk1\DR1\Partition0 - ok
02:51:33.0762 5600 ============================================================
02:51:33.0762 5600 Scan finished
02:51:33.0762 5600 ============================================================
02:51:33.0780 5596 Detected object count: 3
02:51:33.0780 5596 Actual detected object count: 3
02:53:16.0616 5596 sptd ( LockedFile.Multi.Generic ) - skipped by user
02:53:16.0617 5596 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
02:53:16.0789 5596 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\tdx.sys) error 1813
02:53:17.0288 5596 Backup copy found, using it..
02:53:17.0388 5596 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
02:53:34.0965 5596 tdx ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
02:53:34.0965 5596 TunesUpAudioDriver ( ForgedFile.Multi.Generic ) - skipped by user
02:53:34.0965 5596 TunesUpAudioDriver ( ForgedFile.Multi.Generic ) - User select action: Skip
02:54:28.0026 5676 Deinitialize success

next aswMBR

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-23 03:01:30
-----------------------------
03:01:30.114 OS Version: Windows 6.1.7601 Service Pack 1
03:01:30.114 Number of processors: 2 586 0x6B02
03:01:30.116 ComputerName: GAMERPC UserName: nwofan
03:01:50.789 Initialize success
03:02:36.057 AVAST engine defs: 11112300
03:03:05.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
03:03:05.526 Disk 0 Vendor: Hitachi_ GM3O Size: 305245MB BusType: 3
03:03:07.569 Disk 0 MBR read successfully
03:03:07.573 Disk 0 MBR scan
03:03:07.582 Disk 0 Windows 7 default MBR code
03:03:07.589 Disk 0 scanning sectors +625137345
03:03:07.688 Disk 0 scanning C:\Windows\system32\drivers
03:03:48.853 Service scanning
03:03:53.726 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
03:03:54.400 Modules scanning
03:04:43.527 Scan finished successfully
03:05:06.868 Disk 0 MBR has been saved successfully to "C:\Users\nwofan\Desktop\MBR.dat"
03:05:06.869 The log file has been saved successfully to "C:\Users\nwofan\Desktop\aswMBR.txt"

next the OTL logs

log #1

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
C:\Program Files\uTorrentBar\tbuTo1.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c2db4fe6-8409-45ce-8010-189a7b5cce86} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\ deleted successfully.
C:\Program Files\NCH\prxtbNC2.dll moved successfully.
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6102 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: [email protected]:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: [email protected]:3.11.3.15590 removed from extensions.enabledItems
Prefs.js: [email protected]:1.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\searchplugin folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\META-INF folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\defaults folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\chrome folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86} folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\META-INF folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\chrome folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760} folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]\searchplugin folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]\lib folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]\DualPackage folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]\components folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected] folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]\components folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected] folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
C:\Program Files\AVG\AVG10\avgssie.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}\ deleted successfully.
c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\ConduitEngin0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40D41A8B-D79B-43d7-99A7-9EE0F344C385} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40D41A8B-D79B-43d7-99A7-9EE0F344C385}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{61539ecd-cc67-4437-a03c-9aaccbd14326} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ecd-cc67-4437-a03c-9aaccbd14326}\ deleted successfully.
C:\Program Files\AIM Toolbar\aimtb.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B0208007-27C1-4BCD-93EF-EFF5DB61FC22} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0208007-27C1-4BCD-93EF-EFF5DB61FC22}\ deleted successfully.
C:\Program Files\CoolChaser Layouts Auto Insert\Toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files\uTorrentBar\tbuTo1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c2db4fe6-8409-45ce-8010-189a7b5cce86} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\ not found.
File C:\Program Files\NCH\prxtbNC2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
C:\Program Files\Winamp Toolbar\winamptb.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngin0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40D41A8B-D79B-43D7-99A7-9EE0F344C385}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326}\ not found.
File C:\Program Files\AIM Toolbar\aimtb.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B0208007-27C1-4BCD-93EF-EFF5DB61FC22} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0208007-27C1-4BCD-93EF-EFF5DB61FC22}\ not found.
File C:\Program Files\CoolChaser Layouts Auto Insert\Toolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
File C:\Program Files\uTorrentBar\tbuTo1.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}\ not found.
File C:\Program Files\NCH\prxtbNC2.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Conime not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Privacy Protection not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryMechanic deleted successfully.
C:\Program Files\Registry Mechanic\RMTray.exe moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\nwofan\Desktop\cmd.bat deleted successfully.
C:\Users\nwofan\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\nwofan\Desktop\cmd.bat deleted successfully.
C:\Users\nwofan\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\nwofan\Desktop\cmd.bat deleted successfully.
C:\Users\nwofan\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\nwofan\Desktop\cmd.bat deleted successfully.
C:\Users\nwofan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[EMPTYJAVA]> in the current context!

OTL by OldTimer - Version 3.2.5.3 log created on 11232011_030618

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

finally OTL log #2

OTL logfile created on: 11/23/2011 3:13:59 AM - Run 3
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\nwofan\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.46 Gb Total Space | 33.28 Gb Free Space | 11.62% Space Free | Partition Type: NTFS
Drive D: | 11.63 Gb Total Space | 1.59 Gb Free Space | 13.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded
Drive K: | 297.44 Gb Total Space | 54.02 Gb Free Space | 18.16% Space Free | Partition Type: NTFS

Computer Name: GAMERPC
Current User Name: nwofan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2011/11/11 16:03:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/10/15 00:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 00:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 00:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/09/05 16:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/10 11:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/08/08 14:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/11 13:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/06/23 20:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/16 16:53:22 | 002,510,848 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2011/06/16 06:55:12 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011/03/28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011/03/16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/05 09:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM7\aim.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 04:17:30 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2010/11/05 15:11:52 | 000,081,920 | R--- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\NServiceEntry.exe
PRC - [2010/08/01 13:45:22 | 004,950,936 | ---- | M] (Pando Networks) -- C:\Program Files\Pando Networks\Pando\pando.exe
PRC - [2010/06/02 18:42:33 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\nwofan\Desktop\OTL.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/08 08:14:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/04/01 01:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/08/28 12:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/13 17:14:21 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/02/19 08:12:18 | 000,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe
PRC - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe

========== Modules (SafeList) ==========

MOD - [2011/08/11 15:37:26 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2011/07/15 20:27:30 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2010/11/20 04:21:26 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2010/11/20 04:21:04 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2010/11/20 04:20:29 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2010/11/20 04:18:12 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2010/11/20 03:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/06/02 18:42:33 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\nwofan\Desktop\OTL.exe
MOD - [2009/07/13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 17:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 17:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/10/15 00:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/09/05 16:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/15 10:02:12 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/08/10 11:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/05/13 14:27:02 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011/03/28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/02/18 22:30:54 | 000,805,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/20 04:21:33 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2010/11/20 04:21:24 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2010/11/20 04:20:57 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2010/11/20 04:19:28 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2010/11/20 04:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 04:18:06 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2010/11/20 04:17:30 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2010/11/05 15:11:52 | 000,081,920 | R--- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/07/25 02:00:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/08 08:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/24 15:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/13 17:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 17:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 17:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 17:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 17:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 17:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 17:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/05/29 14:29:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/29 02:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/19 08:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device)
SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2011/10/15 00:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/27 19:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/04/04 13:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 13:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/10 21:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2011/03/10 21:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2011/03/10 21:38:51 | 000,332,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2011/03/10 21:38:37 | 000,080,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\amdsata.sys -- (amdsata)
DRV - [2011/03/10 21:38:37 | 000,022,400 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\amdxata.sys -- (amdxata)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/13 19:20:52 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2011/02/10 06:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/02/07 16:36:00 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/01/01 09:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010/11/20 04:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:30:14 | 000,160,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vhdmp.sys -- (vhdmp)
DRV - [2010/11/20 04:30:10 | 000,173,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2010/11/20 04:29:53 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 02:07:39 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.svs -- (NDProxy)
DRV - [2010/11/20 02:01:12 | 000,164,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:50:21 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2010/11/20 01:29:49 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2010/11/20 01:24:56 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2010/11/20 01:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/20 00:47:55 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\acpipmi.sys -- (AcpiPmi)
DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/09/19 17:03:49 | 000,052,824 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stdriver32.sys -- (stdriver)
DRV - [2010/08/19 18:24:34 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2010/08/09 18:14:25 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/28 23:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/04/01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2009/11/10 11:37:57 | 000,014,848 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tupvckmd.sys -- (TunesUpAudioDriver)
DRV - [2009/10/20 11:08:44 | 000,037,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/10/01 21:03:40 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/09/21 19:26:10 | 000,046,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2009/08/04 09:48:20 | 002,744,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/08/04 09:40:04 | 000,226,816 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2009/08/04 09:39:02 | 000,157,440 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV - [2009/07/30 16:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/07/13 17:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/07/13 17:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 17:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 17:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 17:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 17:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 17:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 17:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2009/07/13 17:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 17:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 17:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 17:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 17:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 17:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 17:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 17:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 17:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 17:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 17:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 17:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 17:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 17:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 17:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 17:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/07/13 17:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 17:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 17:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 17:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 17:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 17:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 17:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 16:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 16:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 16:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 15:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 15:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 15:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 15:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 15:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 15:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 15:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 15:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 15:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 15:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 14:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 14:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 14:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 14:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 14:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 14:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 14:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 14:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2009/07/13 14:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 14:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 14:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 14:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/22 21:34:38 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/05/22 15:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/04/29 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/02/17 09:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/13 04:58:30 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2009/02/13 04:57:28 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2009/02/13 04:56:32 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2009/01/29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/09/09 16:58:08 | 000,020,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2008/07/21 08:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/05/22 01:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/01/14 02:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/11/02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/07/03 14:05:00 | 000,162,944 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt25usbap.sys -- (RT25USBAP)
DRV - [2007/02/15 16:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2007/02/08 05:45:14 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2006/12/24 05:15:18 | 000,027,904 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xPADFL02.sys -- (XPADFL02)
DRV - [2006/11/29 14:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2005/12/12 09:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-tyc8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "IncrediMail MediaBar 4 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-tyc8"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-tyc8"
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.wwe.com"

FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/06/08 14:55:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/06/08 14:55:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/11/21 22:21:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/23 03:06:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 16:03:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/30 08:42:43 | 000,000,000 | ---D | M]

[2010/07/24 20:13:09 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Mozilla\Extensions
[2011/11/23 03:06:23 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions
[2011/10/08 14:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/07/24 20:13:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/11 16:05:02 | 000,000,000 | ---D | M] (IncrediMail MediaBar 4 Community Toolbar) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{90eee664-34b1-422a-a782-779af65cdf6d}
[2010/09/18 12:20:13 | 000,001,490 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\AIM Search.xml
[2011/01/15 03:46:37 | 000,002,242 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\AOL Search.xml
[2010/09/22 23:04:58 | 000,002,342 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\aol-search.xml
[2011/07/13 16:56:04 | 000,002,354 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\aol-web-search.xml
[2011/11/19 18:44:43 | 000,002,572 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\askcom.xml
[2011/02/09 19:45:52 | 000,001,919 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\bing-zugo.xml
[2011/08/29 16:51:44 | 000,000,947 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\conduit.xml
[2010/08/09 18:14:28 | 000,002,059 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\daemon-search.xml
[2011/09/01 02:24:46 | 000,002,207 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\MyStart Search.xml
[2011/11/11 16:04:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/04 23:57:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/11 16:03:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/11/10 23:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/07/11 13:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2011/01/15 03:46:37 | 000,002,242 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml
[2011/11/11 16:03:47 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/09/19 18:21:58 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2011/11/11 16:03:47 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/23 03:06:35 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Pando] C:\Program Files\Pando Networks\Pando\Pando.exe (Pando Networks)
O4 - Startup: C:\Users\nwofan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll File not found
O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O16 - DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} http://clients.futur...y/FMSI_v420.cab (FuturemarkSystemInfoX Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\15.0.874.121\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\nwofan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\nwofan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 13:12:18 | 000,000,088 | ---- | M] () - H:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010/05/10 21:02:29 | 000,000,000 | ---D | M] - K:\Automatically Add to iTunes -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/23 03:06:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/23 02:49:57 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\nwofan\Desktop\aswMBR(1).exe
[2011/11/23 02:45:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/23 02:45:34 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\temp
[2011/11/23 01:52:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.svs
[2011/11/22 23:29:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/22 23:29:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/22 23:29:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/22 23:29:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/22 23:29:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/22 23:27:36 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\nwofan\Desktop\tdsskiller.exe
[2011/11/22 23:26:09 | 004,305,694 | R--- | C] (Swearware) -- C:\Users\nwofan\Desktop\ComboFix.exe
[2011/11/22 13:04:32 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{AC1BE7BA-36B6-4CE2-9BE7-C4699F2DB820}
[2011/11/22 13:04:04 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{4E88034B-2AB3-4CE6-A4A3-A73F674C1097}
[2011/11/21 22:14:50 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{43BA059F-819F-42B8-B0E3-BCF0547F3D22}
[2011/11/21 22:14:20 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{182570D7-EF98-4288-9792-D1F5D0D85356}
[2011/11/21 04:17:40 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/11/21 03:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/11/21 03:24:57 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\Yahoo!
[2011/11/20 18:26:28 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{D01AE0F8-33D7-42F9-9033-FE078F48273E}
[2011/11/20 18:26:12 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{099BE0D9-2F4A-4452-BBE3-0C834C2D011D}
[2011/11/20 17:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/11/20 17:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/20 16:52:25 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{0E41B327-6610-41FC-89A0-CFDF02DB764B}
[2011/11/20 03:18:05 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{ED8DBE0F-C74E-4B81-8AC3-D3FBD504018F}
[2011/11/20 02:29:54 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\CC4AC
[2011/11/20 02:29:22 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\BCCCC
[2011/11/20 02:29:04 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\liivvD33onFa
[2011/11/20 02:29:04 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\bwwwkUUVrlOtx0c
[2011/11/20 02:28:58 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\oyxxA00uvS2iF3n
[2011/11/20 02:28:56 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\QpmmmG5sQJ6dE8R
[2011/11/20 02:28:56 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\dPPNNyccA
[2011/11/20 01:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BOSS
[2011/11/20 01:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wrye Bash
[2011/11/19 15:17:00 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{865F6544-E8A0-44F0-839A-0E244EB56AD8}
[2011/11/19 15:16:37 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{EFE9C3B7-C812-4241-8C0D-66770E3F9C67}
[2011/11/19 03:16:06 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{7164F9D7-48D2-496D-94D4-A79BF8581A6F}
[2011/11/19 03:15:44 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{56DFEBC2-7288-4C59-A666-06ADD5037B54}
[2011/11/18 15:14:47 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{A0EF0F9D-1AF3-4674-A25B-074F5EA08331}
[2011/11/18 15:14:29 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{AD04E28A-5753-466D-B815-8B5B6D03A956}
[2011/11/18 04:03:53 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{079CA2E2-D82E-4380-AC43-A0134A05686E}
[2011/11/18 04:03:25 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{33C2A3CE-7E1D-4AF5-A6EC-F0E37F21F110}
[2011/11/17 16:02:37 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{8E23F909-F5FE-4B38-8C7A-E01E0C5A0DA8}
[2011/11/17 16:02:15 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{90F972FD-29BC-4E1D-AFBA-1A54E136FFB2}
[2011/11/17 02:16:26 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E15AEB14-0D74-49C3-BD2A-CD8AB25FA2FC}
[2011/11/17 02:16:03 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{459D2BB4-4EE9-494B-A72B-58005DD9FAD8}
[2011/11/16 14:15:02 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{CDE4A21E-273F-42FE-A73E-020E940110E1}
[2011/11/16 14:14:40 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{9AF71502-71CA-426E-9610-E85B1FCC4DA6}
[2011/11/15 18:28:47 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{6E5795A1-76A1-49F9-A2A1-D564D08B4A9C}
[2011/11/15 18:28:24 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E4069565-58AC-4996-B8CD-8C462CCA2816}
[2011/11/15 05:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/15 04:34:42 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{928EDF8E-3C77-4A77-9818-EDC45054E692}
[2011/11/15 04:34:19 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{C4B58DC1-0A5B-483A-895E-A1E738D56555}
[2011/11/15 03:59:11 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\eSupport.com
[2011/11/14 16:33:42 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{25FE84AB-A460-4208-B93D-61F43CBB9E32}
[2011/11/14 16:33:23 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{C01CFBF4-0D7A-4EB5-A731-C202687F8AA6}
[2011/11/14 02:12:23 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{88F87B15-63B4-41B9-B754-745AD2BBC9FC}
[2011/11/13 14:11:23 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{37CC809C-2C19-43B3-8395-2A1E3CC98912}
[2011/11/13 14:10:45 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{07B30A7E-A43F-49C3-A264-3DD9162003DB}
[2011/11/12 18:35:34 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{DF31EEC7-6E93-4C4F-8055-CDD41EA1C298}
[2011/11/12 18:34:57 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{4A8F9132-C817-46F2-875E-2567660CA8BD}
[2011/11/12 03:30:39 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B0A5CD9E-8E26-40BC-8387-5C0DA5A79B58}
[2011/11/12 03:30:16 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{A462520A-C017-4A19-ADB3-9F6AC404D9CD}
[2011/11/11 15:30:00 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5AD2A4D4-F157-4C92-81E1-BC7B86A2A3A8}
[2011/11/11 15:29:38 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{769D93C8-55CB-48E9-9B8E-1B131E595AE8}
[2011/11/11 03:29:07 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{EDAFF4A1-2418-48DA-A1C7-3B6CDC827CDA}
[2011/11/11 03:28:44 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5218F3C1-E779-4DED-8013-1C9DD04302F3}
[2011/11/10 15:28:27 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{95B4898A-9FF9-45C3-B598-A5B07C9781EF}
[2011/11/10 15:28:04 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{660905C1-F880-41B7-9714-EF0A95DCE820}
[2011/11/10 03:27:31 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5E55B1A7-4199-4B1C-87F1-AE94598C41D4}
[2011/11/09 15:27:03 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{2C68314C-0F85-401C-9953-EBE7FB788746}
[2011/11/09 15:26:40 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{3FCC48C4-4090-4859-AB36-0FB70C6173D7}
[2011/11/09 03:26:10 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{6CB21035-C478-4207-85E1-0189DBCE6F16}
[2011/11/09 03:25:48 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E6F93DBC-CF4A-40ED-B027-26CEA8E11B4A}
[2011/11/09 01:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\Futuremark
[2011/11/08 21:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/11/08 21:23:23 | 006,350,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2011/11/08 21:23:23 | 003,840,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2011/11/08 21:23:23 | 000,203,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2011/11/08 21:23:23 | 000,123,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2011/11/08 21:23:22 | 000,602,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\easyupdatusapiu.dll
[2011/11/08 21:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/11/08 21:22:43 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2011/11/08 21:22:43 | 010,327,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2011/11/08 21:22:43 | 000,919,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2011/11/08 21:22:43 | 000,877,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2011/11/08 21:22:43 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/11/08 21:22:42 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2011/11/08 21:22:42 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2011/11/08 21:22:42 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2011/11/08 21:22:42 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2011/11/08 21:22:42 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2011/11/08 21:22:42 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2011/11/08 21:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/11/08 15:25:03 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{89319365-BF3F-4D52-AAF9-DC82CF858C9C}
[2011/11/08 15:24:33 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{681E6080-BDCF-4696-B130-E644E2B8C102}
[2011/11/08 03:23:44 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{34301B0F-907F-412F-A4A1-07F0AF3AF29D}
[2011/11/07 15:22:43 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{0CFE9917-1632-477C-BC72-3AEA0EBC6464}
[2011/11/07 15:22:27 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{AFE8B77E-53BF-4F3F-ABEA-4AD41168F916}
[2011/11/07 01:36:07 | 000,000,000 | ---D | C] -- C:\New folder
[2011/11/06 17:28:32 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{0D1CB109-601C-42C0-A941-AB7C5FD824AA}
[2011/11/06 17:28:09 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{76E62BEB-152A-4087-BCCF-F6B875CB9E2B}
[2011/11/06 02:26:58 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{456952BA-8548-47E2-B1DF-A80C08A7E7E4}
[2011/11/06 02:26:35 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{DDE4ABBA-7701-4197-8204-85073F32A459}
[2011/11/05 14:26:20 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{37C664BF-CB99-45D4-A76F-A11BD9D9F6BE}
[2011/11/05 14:26:08 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{7F0F8E6F-73F4-4C62-A34F-164128924144}
[2011/11/05 02:25:35 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{FE33DCD0-2C9C-41BC-ADBD-262179612F45}
[2011/11/05 02:25:10 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{AF707E18-BAA6-4A98-B28C-440AC27F1E38}
[2011/11/04 17:01:49 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\VrlOBtxP0SiDnHs
[2011/11/04 17:01:48 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\lfEL8gTZqYwU
[2011/11/04 16:40:41 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\tOOONyxAuvS2i
[2011/11/04 16:40:41 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\aRRLL9hhTXjUCkB
[2011/11/04 16:40:36 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\prrzzONNx
[2011/11/04 16:40:35 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\n444pmmG5sQ6
[2011/11/04 16:40:34 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\zL8TqCVOxyS1v3F
[2011/11/04 16:40:32 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\EibF3na6dWKfL
[2011/11/04 16:14:08 | 000,000,000 | ---D | C] -- C:\Users\nwofan\Documents\New folder
[2011/11/04 14:24:35 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{2BEF9A2C-E238-440C-9FF7-D7F0BF8B7EC9}
[2011/11/04 14:24:12 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{C6C0973E-DA15-4631-9EE6-3D0FEF2EBE3B}
[2011/11/04 02:23:38 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{D06346A1-41F3-4DED-9921-A6DB835F5F6C}
[2011/11/04 02:23:15 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5487848F-5EA8-4A20-9B82-2B0D85076E01}
[2011/11/03 14:22:57 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{7F834A8D-6C70-47D7-8FBB-7F3F5DF7BF08}
[2011/11/03 14:22:34 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{647A29AC-5F36-43E0-8951-8B31410A5724}
[2011/11/03 02:22:03 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B41136C4-5E50-4668-9313-D143B139220E}
[2011/11/03 02:21:40 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1F752281-0787-4944-8AD1-33BC53116F6E}
[2011/11/03 00:06:18 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\NVIDIA
[2011/11/02 14:21:13 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1285591D-BCE6-480A-A212-A0F8D7F83D8C}
[2011/11/02 14:20:59 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{9B8D458C-BA58-4511-9A17-241F2BBB15F1}
[2011/11/01 16:53:00 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{27A3F9BD-63D4-47DC-AB97-232AC5D1F609}
[2011/11/01 16:52:46 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{2565EF1F-AD98-4161-8EAB-2DCA0B377712}
[2011/10/31 23:31:06 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B842B68E-5457-4004-89CB-138BF4AF6389}
[2011/10/31 11:29:57 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E0E33C34-1C53-4F61-BCEC-96D54B25641C}
[2011/10/31 11:29:12 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{27D9474F-B7C9-48EA-8EB2-0C1BBF895126}
[2011/10/30 21:16:26 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{3FAE5B15-39A3-4714-ADD7-5919547C89EF}
[2011/10/30 21:16:12 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{05F068DC-8AE0-40A5-A4B7-C5CEDAC6537A}
[2011/10/30 08:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/30 01:42:15 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E6FBBC09-5B0C-4A3B-8D15-CFF37B20EE66}
[2011/10/30 01:42:00 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{51E4C07B-2AD1-43B4-B7A3-620052612215}
[2011/10/29 09:31:30 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{99D80E7C-C1FB-4A70-877A-D1D6F2CB6AB0}
[2011/10/29 09:30:48 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{8902CCC9-F3DF-4381-B409-4FDC12DF7904}
[2011/10/28 16:39:31 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/28 16:38:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2011/10/28 15:30:21 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{6EFE9E82-94A8-4E93-9FF3-A9B5ECEC61DE}
[2011/10/28 15:30:05 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{6BB6ABC6-B2BC-4759-B08D-7FFEAD50C54E}
[2011/10/27 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B81E1596-9708-443B-B453-6C549B846B62}
[2011/10/27 16:37:54 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{F1CA5603-C67C-4775-9988-0E5F70397FBA}
[2011/10/26 14:55:33 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{533F03C2-F1A8-402F-8292-155E8F17FA79}
[2011/10/26 14:55:06 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{4ECE3105-1E44-4AC0-BE38-DE12255788E7}
[2011/10/26 01:03:30 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\Media Player Classic
[2011/10/25 20:01:19 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{31979212-D011-488C-97E4-0F3889421C71}
[2011/10/25 20:01:02 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{616BE1B3-ABBC-4BE9-A4DB-78C7A3BA2CD5}
[2011/10/24 15:39:39 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{413B7F0B-E573-45C6-A46B-00DCA1337E46}
[2011/10/24 15:39:25 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{815F7058-A1C1-40F5-AC59-4912B730339E}
[2011/10/24 13:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2011/10/24 13:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2009/10/08 19:01:16 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll
[2006/11/06 15:37:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll
[2006/11/06 15:35:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll
[2006/11/06 15:28:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll
[2006/11/06 15:26:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll
[2006/11/06 15:24:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll
[2006/11/06 15:21:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll
[2006/11/06 15:20:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll
[2006/11/06 15:20:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll
[2006/11/06 15:12:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll
[2006/11/06 15:11:58 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll
[2006/11/06 15:07:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/23 03:09:36 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/11/23 03:08:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/23 03:08:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/11/23 03:08:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/23 03:07:56 | 2314,117,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/23 03:06:40 | 008,912,896 | -HS- | M] () -- C:\Users\nwofan\NTUSER.DAT
[2011/11/23 03:06:35 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/11/23 03:05:16 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/23 03:05:16 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/23 03:05:06 | 000,000,512 | ---- | M] () -- C:\Users\nwofan\Desktop\MBR.dat
[2011/11/23 02:54:29 | 003,018,340 | -H-- | M] () -- C:\Users\nwofan\AppData\Local\IconCache.db
[2011/11/23 02:50:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\nwofan\Desktop\aswMBR(1).exe
[2011/11/23 02:41:35 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2011/11/23 02:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/22 23:27:38 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\nwofan\Desktop\tdsskiller.exe
[2011/11/22 23:26:27 | 004,305,694 | R--- | M] (Swearware) -- C:\Users\nwofan\Desktop\ComboFix.exe
[2011/11/22 17:15:28 | 138,810,077 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/22 13:20:48 | 000,778,834 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011/11/22 13:20:48 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/22 13:20:48 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/21 22:21:38 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/11/20 17:41:27 | 001,172,166 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/11/20 03:02:45 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2011/11/20 01:29:20 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\TES Construction Set (Oblivion).lnk
[2011/11/19 22:40:42 | 000,000,667 | ---- | M] () -- C:\Users\nwofan\Desktop\Oblivion Mod Manager.lnk
[2011/11/19 19:15:50 | 000,000,731 | ---- | M] () -- C:\Users\Public\Desktop\Oblivion.lnk
[2011/11/19 04:30:25 | 000,000,356 | ---- | M] () -- C:\swupdate.conf
[2011/11/18 09:24:07 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/11/15 05:32:47 | 000,001,715 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/13 14:19:59 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/11/11 16:06:51 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/10 00:34:44 | 000,014,444 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\wklnhst.dat
[2011/11/04 16:48:33 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/04 16:16:43 | 001,019,681 | ---- | M] () -- C:\Users\nwofan\Documents\TT and cfc rough_006.png
[2011/11/04 16:16:42 | 001,121,395 | ---- | M] () -- C:\Users\nwofan\Documents\TT and cfc rough_007.png
[2011/11/04 16:16:39 | 000,966,231 | ---- | M] () -- C:\Users\nwofan\Documents\TT and cfc rough_002.png
[2011/11/04 16:16:35 | 000,877,776 | ---- | M] () -- C:\Users\nwofan\Documents\TT and cfc rough_001.png
[2011/11/04 16:16:32 | 000,813,775 | ---- | M] () -- C:\Users\nwofan\Documents\TT and cfc rough_004.png
[2011/11/04 16:16:16 | 000,442,456 | ---- | M] () -- C:\Users\nwofan\Documents\TT and cfc rough_003.png
[2011/11/04 16:16:10 | 000,494,782 | ---- | M] () -- C:\Users\nwofan\Documents\TT and cfc rough_005.png
[2011/11/03 23:07:09 | 000,236,336 | ---- | M] () -- C:\Users\nwofan\Babs playing in her panties.png
[2011/10/30 08:42:28 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/30 08:40:58 | 000,001,768 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/10/30 02:52:28 | 001,039,211 | ---- | M] () -- C:\Users\nwofan\TT and my new_007.png
[2011/10/30 02:52:27 | 001,040,772 | ---- | M] () -- C:\Users\nwofan\TT and my new_005.png
[2011/10/30 02:52:26 | 001,024,654 | ---- | M] () -- C:\Users\nwofan\TT and my new_002.png
[2011/10/30 02:52:24 | 000,984,485 | ---- | M] () -- C:\Users\nwofan\TT and my new_004.png
[2011/10/30 02:52:23 | 000,989,946 | ---- | M] () -- C:\Users\nwofan\TT and my new_001.png
[2011/10/30 02:52:08 | 000,737,247 | ---- | M] () -- C:\Users\nwofan\TT and my new_003.png
[2011/10/30 02:51:58 | 000,541,559 | ---- | M] () -- C:\Users\nwofan\TT and my new_006.png
[2011/10/29 17:29:18 | 002,893,824 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2011/10/29 17:28:51 | 006,253,568 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2011/10/29 13:00:05 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/10/26 01:02:56 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/10/26 01:02:56 | 000,001,589 | ---- | M] () -- C:\Users\nwofan\Desktop\DivX Movies.lnk
[2011/10/26 01:02:03 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/10/24 13:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2011/10/24 13:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/23 03:05:06 | 000,000,512 | ---- | C] () -- C:\Users\nwofan\Desktop\MBR.dat
[2011/11/22 23:29:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/22 23:29:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/22 23:29:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/22 23:29:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/22 23:29:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/20 17:40:56 | 001,172,166 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/11/20 01:29:20 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\TES Construction Set (Oblivion).lnk
[2011/11/19 22:40:42 | 000,000,667 | ---- | C] () -- C:\Users\nwofan\Desktop\Oblivion Mod Manager.lnk
[2011/11/19 19:15:50 | 000,000,731 | ---- | C] () -- C:\Users\Public\Desktop\Oblivion.lnk
[2011/11/15 05:32:47 | 000,001,715 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/08 21:22:43 | 000,004,359 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2011/11/04 16:15:20 | 001,121,395 | ---- | C] () -- C:\Users\nwofan\Documents\TT and cfc rough_007.png
[2011/11/04 16:15:20 | 001,019,681 | ---- | C] () -- C:\Users\nwofan\Documents\TT and cfc rough_006.png
[2011/11/04 16:15:20 | 000,966,231 | ---- | C] () -- C:\Users\nwofan\Documents\TT and cfc rough_002.png
[2011/11/04 16:15:20 | 000,877,776 | ---- | C] () -- C:\Users\nwofan\Documents\TT and cfc rough_001.png
[2011/11/04 16:15:20 | 000,813,775 | ---- | C] () -- C:\Users\nwofan\Documents\TT and cfc rough_004.png
[2011/11/04 16:15:20 | 000,494,782 | ---- | C] () -- C:\Users\nwofan\Documents\TT and cfc rough_005.png
[2011/11/04 16:15:20 | 000,442,456 | ---- | C] () -- C:\Users\nwofan\Documents\TT and cfc rough_003.png
[2011/11/03 23:07:06 | 000,236,336 | ---- | C] () -- C:\Users\nwofan\Babs playing in her panties.png
[2011/10/30 08:42:28 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/30 02:50:58 | 001,040,772 | ---- | C] () -- C:\Users\nwofan\TT and my new_005.png
[2011/10/30 02:50:58 | 001,039,211 | ---- | C] () -- C:\Users\nwofan\TT and my new_007.png
[2011/10/30 02:50:58 | 001,024,654 | ---- | C] () -- C:\Users\nwofan\TT and my new_002.png
[2011/10/30 02:50:58 | 000,989,946 | ---- | C] () -- C:\Users\nwofan\TT and my new_001.png
[2011/10/30 02:50:58 | 000,984,485 | ---- | C] () -- C:\Users\nwofan\TT and my new_004.png
[2011/10/30 02:50:58 | 000,737,247 | ---- | C] () -- C:\Users\nwofan\TT and my new_003.png
[2011/10/30 02:50:58 | 000,541,559 | ---- | C] () -- C:\Users\nwofan\TT and my new_006.png
[2011/10/29 02:24:57 | 000,014,926 | ---- | C] () -- C:\Users\nwofan\RP with Shadow.TXT
[2011/07/11 10:53:36 | 000,000,020 | ---- | C] () -- C:\Windows\System32\NDADMIND.DLL
[2011/06/29 21:42:32 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/23 19:48:06 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/08/16 13:41:08 | 000,000,385 | ---- | C] () -- C:\Windows\SMB2ed.ini
[2010/06/29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/03/18 16:59:06 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/02/27 23:44:32 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/12/21 19:59:40 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/11/10 11:37:57 | 000,016,896 | ---- | C] () -- C:\Windows\System32\tupvcumd.dll
[2009/11/10 11:37:57 | 000,014,848 | ---- | C] () -- C:\Windows\System32\drivers\tupvckmd.sys
[2009/10/20 11:08:44 | 000,037,248 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2009/10/08 19:05:10 | 000,000,325 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/10/08 19:01:16 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll
[2009/09/15 22:04:03 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 17:12:53 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/04 03:20:01 | 000,003,766 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/05/04 03:20:01 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\08751F20E9.sys
[2009/05/04 02:05:26 | 000,000,882 | ---- | C] () -- C:\Windows\DC.ini
[2008/12/16 16:30:52 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/12/16 16:30:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/02/07 16:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 07:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbkcoin.dll
[2006/11/30 12:34:24 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AMV_DecDLL.dll
[2005/10/05 11:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2005/09/13 15:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll
[2005/09/13 15:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv4.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\System32\drivers\ADFUUD.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C980DA7D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >

and the second log from OTL

OTL Extras logfile created on: 11/23/2011 3:13:59 AM - Run 3
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\nwofan\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.46 Gb Total Space | 33.28 Gb Free Space | 11.62% Space Free | Partition Type: NTFS
Drive D: | 11.63 Gb Total Space | 1.59 Gb Free Space | 13.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded
Drive K: | 297.44 Gb Total Space | 54.02 Gb Free Space | 18.16% Space Free | Partition Type: NTFS

Computer Name: GAMERPC
Current User Name: nwofan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\ar1uh2Ts.exe" = C:\\ar1uh2Ts.exe:*:Enabled:Windows Messanger -- File not found
"C:\Users\nwofan\AppData\Local\Temp\Ace.Selfextractor.exe" = C:\Users\nwofan\AppData\Local\Temp\Ace.Selfextractor.exe:*:Enabled:Windows Messanger -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05E740C4-0F88-4673-9DAF-549E41A6CB21}" = AVG 2011
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{229B6751-774A-11E0-BCAE-0013D3D69929}" = MSVCRT Redists
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25771101-7948-4591-ABF3-B1ECE7A7F45F}" = HP Update
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 26
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{48494430-A8AB-11E0-939A-005056C00008}" = MSVCRT Redists
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54266945-8A11-424D-B20F-4F747A714FBA}" = DV TS
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5600094C-5EA0-4BE8-9ECE-4C9B726AC9D9}" = Sierra Wireless USB MUX Driver Package
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587EC3B2-C9F2-A2BF-274E-9A666130516F}" = Mortal Kombat Widget
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{5CA03ECF-B4A6-464B-9F5D-64D8B61B083F}" = Everio MediaBrowser
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{600B9FB0-30A0-11E0-9ABC-005056C00008}" = DVD Architect Studio 5.0
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{655CD886-3B90-4E4D-B314-92BDA9B08C86}" = Vegas Movie Studio HD 9.0c
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D543DFE-6459-462A-9A62-B5B012B1DCF1}" = AVG 2011
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.19
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92881120-6DA5-44A3-8BAB-2429A01D022E}" = YouTube Downloader Toolbar v4.3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93F599DF-519B-4706-A3F1-9530DF2590B4}" = ArcSoft PhotoImpression 5
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2016015-8323-4AF8-8B3E-F56239D7D59D}" = HP Demo
"{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326}" = TWC Customer Controls
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}" = Pando
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D064F16E-88DA-4E8F-BBAE-0E2AA9A6AE61}" = VP6 Decoder
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{DDBA0DC0-A738-11E0-BF44-005056C00008}" = Vegas Movie Studio HD Platinum 11.0
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E6CF5B58-E775-46C0-BFF2-F39A0014FE4A}" = muvee autoProducer 4.1
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"7-Zip" = 7-Zip 4.65
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AIM Toolbar" = AOL Messaging Toolbar
"AIM_7" = AIM 7
"AIMToolbar" = AIM Toolbar
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Audacity_is1" = Audacity 1.2.6
"AudioConverter Studio_is1" = AudioConverter Studio 6.1
"AVG" = AVG 2011
"AVS DVD Copy_is1" = AVS DVD Copy version 4.1.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BigJon PCGames Config Wizard1.1" = BigJon PCGames Config Wizard
"BJWOF" = Wheel Of Fortune 7.0.x
"BOSS" = BOSS
"CamStudio" = CamStudio
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"Card_Sharks" = Card Sharks
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"CloneCD" = CloneCD
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"CoolChaser Layouts Auto Insert" = CoolChaser Layouts Auto Insert
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Deal or No Deal3.5.x" = Deal or No Deal
"Deal or No Deal3.6.x" = Deal or No Deal
"DiscJuggler" = DiscJuggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DLDIrc" = DLDIrc
"DOOM Collector's Edition" = DOOM Collector's Edition
"Easy GIF Animator_is1" = Easy GIF Animator 5.1
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.12.6
"Fallout New Vegas_is1" = Fallout New Vegas
"Family Feud 2010" = Family Feud 2010 1.0.4
"FOOK2 v1.0" = FOOK2
"Free Convert M4A to MP3 AMR OGG AAC Converter_is1" = Free Convert M4A to MP3 AMR OGG AAC Converter 5.8
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Game Booster_is1" = Game Booster 3
"GameSaike SixaxisDriver_is1" = SixaxisDriver 0.91
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"GoldWave v5.52" = GoldWave v5.52
"Google Chrome" = Google Chrome
"Google Chrome Frame" = Google Chrome Frame
"HijackThis" = HijackThis 2.0.2
"Hollywood Squares1.x.x" = Hollywood Squares
"Homepage Protection" = Homepage Protection
"ImgBurn" = ImgBurn
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lexmark X1100 Series" = Lexmark X1100 Series
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"ManyCam" = ManyCam 2.6.60 (remove only)
"Match Game1.0" = Match Game
"McAfee Security Scan" = McAfee Security Scan Plus
"MFZ0CODEC" = MFZ0 codec (Remove Only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MixPad" = MixPad Audio Mixer
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MWSnap 3" = MWSnap 3
"NCH Toolbar" = NCH Toolbar
"Neopets" = Neopets
"NVIDIA Drivers" = NVIDIA Drivers
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PhotoStage" = PhotoStage Slideshow Producer
"Press Your Luck 2010" = Press Your Luck 2010 1.0.2
"Prism" = Prism Video Converter
"Project64 1.7" = Project64 1.7
"PunkBusterSvc" = PunkBuster Services
"Race To A Billion2.2.3" = Race To A Billion
"Registry Mechanic_is1" = Registry Mechanic 9.0
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"SingularityViewer" = SingularityViewer (remove only)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SoundTap" = SoundTap Streaming Audio Recorder
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"The Jokers' Wild1.0.x" = The Jokers' Wild
"The Price Is Right" = The Price Is Right
"The Price Is Right7.7.11" = The Price Is Right
"The Price Is Right7.9.0" = The Price Is Right
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Veetle TV" = Veetle TV 0.9.17
"VideoPad" = VideoPad Video Editor
"VirtuallTek Fighter Factory Ultimate_is1" = Fighter Factory Ultimate
"Visual Zip Password Recovery Processor" = Visual Zip Password Recovery Processor
"WavePad" = WavePad Sound Editor
"wb" = Mortal Kombat Widget
"WBFS Manager 3.0" = WBFS Manager 3.0
"Whammy_1.0" = Press Your Luck (BJ) 1.3.3
"Wheel of Fortune Deluxe" = Wheel of Fortune Deluxe (remove only)
"WiFiConnector" = Nintendo Wi-Fi USB Connector Registration Tool
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wrestling MPire 2008 (Career Edition) Trial" = Wrestling MPire 2008 (Career Edition) Trial
"Wrye Bash" = Wrye Bash
"wxPython2.8-ansi-py26_is1" = wxPython 2.8.11.0 (ansi) for Python 2.6
"XPort 360_is1" = XPort 360
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Your Product1.0" = Your Product

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AOL Messaging Toolbar" = AOL Messaging Toolbar
"Game Organizer" = EasyBits GO
"Mushroom Kingdom Fusion" = Mushroom Kingdom Fusion
"Super Mario Fusion Revival" = Super Mario Fusion Revival
"Winamp Detect" = Winamp Detector Plug-in
"Winamp Toolbar" = Winamp Toolbar
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

hope this looks good

#4
RKinner

Posted 23 November 2011 - 09:55 AM

Malware Expert

Expert
24,623 posts

You had the nasty zeroaccess rootkit and some of his friends.

Uninstall:
Norton Internet Security
then
Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Run the Norton Removal tool.

AOL Messaging Toolbar
AIM Toolbar
Conduit Engine
LiveUpdate 3.2 (Symantec Corporation) (If still there)
McAfee Security Scan Plus
NCH Toolbar
Registry Mechanic 9.0
µTorrent
uTorrentBar Toolbar
Winamp Toolbar
Yahoo! Toolbar
Yahoo! BrowserPlus 2.9.8

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\tupvckmd.sys
c:\windows\System32\Drivers\sptd.sys
c:\users\nwofan\AppData\Roaming\VrlOBtxP0SiDnHs
c:\users\nwofan\AppData\Roaming\lfEL8gTZqYwU
c:\users\nwofan\AppData\Roaming\tOOONyxAuvS2i
c:\users\nwofan\AppData\Roaming\aRRLL9hhTXjUCkB
c:\users\nwofan\AppData\Roaming\prrzzONNx
c:\users\nwofan\AppData\Roaming\n444pmmG5sQ6
c:\users\nwofan\AppData\Roaming\zL8TqCVOxyS1v3F
c:\users\nwofan\AppData\Roaming\EibF3na6dWKfL
c:\users\nwofan\AppData\Roaming\CC4AC
c:\users\nwofan\AppData\Roaming\BCCCC
c:\users\nwofan\AppData\Roaming\liivvD33onFa
c:\users\nwofan\AppData\Roaming\bwwwkUUVrlOtx0c
c:\users\nwofan\AppData\Roaming\oyxxA00uvS2iF3n
c:\users\nwofan\AppData\Roaming\QpmmmG5sQJ6dE8R
c:\users\nwofan\AppData\Roaming\dPPNNyccA
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TunesUp20.lnk
c:\windows\pss\TunesUp20.lnk.CommonStartup
C:\WINDOWS\system32\tupvcumd.dll

Driver::
TunesUpAudioDriver
sptd

Folder::
C:\Program Files\HLT\TunesUp20

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Rerun TDSSKiller and aswMBR as before and post their logs.

Any improvement in IE?

Ron

#5
Lucky Dearly

Posted 23 November 2011 - 05:09 PM

Member

Topic Starter
Member
349 posts

here's the logs

Combofix

ComboFix 11-11-23.01 - nwofan 11/23/2011 13:59:43.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2943.1285 [GMT -8:00]
Running from: c:\users\nwofan\Desktop\ComboFix.exe
Command switches used :: c:\users\nwofan\Desktop\CFScript.txt
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TunesUp20.lnk"
"c:\users\nwofan\AppData\Roaming\aRRLL9hhTXjUCkB"
"c:\users\nwofan\AppData\Roaming\BCCCC"
"c:\users\nwofan\AppData\Roaming\bwwwkUUVrlOtx0c"
"c:\users\nwofan\AppData\Roaming\CC4AC"
"c:\users\nwofan\AppData\Roaming\dPPNNyccA"
"c:\users\nwofan\AppData\Roaming\EibF3na6dWKfL"
"c:\users\nwofan\AppData\Roaming\lfEL8gTZqYwU"
"c:\users\nwofan\AppData\Roaming\liivvD33onFa"
"c:\users\nwofan\AppData\Roaming\n444pmmG5sQ6"
"c:\users\nwofan\AppData\Roaming\oyxxA00uvS2iF3n"
"c:\users\nwofan\AppData\Roaming\prrzzONNx"
"c:\users\nwofan\AppData\Roaming\QpmmmG5sQJ6dE8R"
"c:\users\nwofan\AppData\Roaming\tOOONyxAuvS2i"
"c:\users\nwofan\AppData\Roaming\VrlOBtxP0SiDnHs"
"c:\users\nwofan\AppData\Roaming\zL8TqCVOxyS1v3F"
"c:\windows\pss\TunesUp20.lnk.CommonStartup"
"c:\windows\System32\Drivers\sptd.sys"
"c:\windows\system32\drivers\tupvckmd.sys"
"c:\windows\system32\tupvcumd.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\HLT\TunesUp20
c:\program files\HLT\TunesUp20\bass.dll
c:\program files\HLT\TunesUp20\basscd.dll
c:\program files\HLT\TunesUp20\basswma.dll
c:\program files\HLT\TunesUp20\PianoSample.mp3
c:\program files\HLT\TunesUp20\SkypeX.dll
c:\program files\HLT\TunesUp20\tags.dll
c:\program files\HLT\TunesUp20\TunesUp20.exe
c:\program files\HLT\TunesUp20\tupvckmd.sys
c:\program files\HLT\TunesUp20\tupvcumd.dll
c:\program files\HLT\TunesUp20\unins000.dat
c:\program files\HLT\TunesUp20\unins000.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPTD
-------\Service_sptd
-------\Service_TunesUpAudioDriver
.
.
((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-23 22:32 . 2011-11-23 22:38 -------- d-----w- c:\users\nwofan\AppData\Local\temp
2011-11-23 22:32 . 2011-11-23 22:32 -------- d-----w- c:\users\Veronica Valencia\AppData\Local\temp
2011-11-23 22:32 . 2011-11-23 22:32 -------- d-----w- c:\users\Mario Valencia\AppData\Local\temp
2011-11-23 22:32 . 2011-11-23 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-23 11:06 . 2011-11-23 11:06 -------- d-----w- C:\_OTL
2011-11-21 11:45 . 2011-11-21 11:45 -------- d-----w- c:\programdata\Yahoo! Companion
2011-11-21 11:24 . 2011-11-21 11:45 -------- d-----w- c:\users\nwofan\AppData\Roaming\Yahoo!
2011-11-21 01:40 . 2011-11-21 02:23 -------- d-----w- c:\program files\PC Tools Security
2011-11-21 01:39 . 2011-11-21 01:49 -------- d-----w- c:\programdata\PC Tools
2011-11-20 10:29 . 2011-11-20 11:13 -------- d-----w- c:\users\nwofan\AppData\Roaming\CC4AC
2011-11-20 10:29 . 2011-11-20 11:13 -------- d-----w- c:\users\nwofan\AppData\Roaming\BCCCC
2011-11-20 10:29 . 2011-11-20 10:29 -------- d-----w- c:\users\nwofan\AppData\Roaming\liivvD33onFa
2011-11-20 10:29 . 2011-11-20 10:29 -------- d-----w- c:\users\nwofan\AppData\Roaming\bwwwkUUVrlOtx0c
2011-11-20 10:28 . 2011-11-20 10:28 -------- d-----w- c:\users\nwofan\AppData\Roaming\oyxxA00uvS2iF3n
2011-11-20 10:28 . 2011-11-20 11:13 -------- d-----w- c:\users\nwofan\AppData\Roaming\QpmmmG5sQJ6dE8R
2011-11-20 10:28 . 2011-11-20 10:28 -------- d-----w- c:\users\nwofan\AppData\Roaming\dPPNNyccA
2011-11-20 09:40 . 2011-11-20 09:40 -------- d-----w- c:\program files\Common Files\BOSS
2011-11-20 09:32 . 2011-11-20 09:32 -------- d-----w- c:\program files\Common Files\Wrye Bash
2011-11-19 16:38 . 2011-11-19 16:38 -------- d-----w- c:\users\Alex Valencia\AppData\Roaming\Malwarebytes
2011-11-15 13:31 . 2011-11-15 13:31 -------- d-----w- c:\program files\iPod
2011-11-15 11:59 . 2011-11-15 11:59 -------- d-----w- c:\users\nwofan\AppData\Local\eSupport.com
2011-11-12 18:42 . 2011-11-12 18:42 -------- d-----w- c:\users\Mario Valencia\AppData\Roaming\NVIDIA
2011-11-09 09:07 . 2011-11-09 09:07 -------- d-----w- c:\program files\Futuremark
2011-11-09 05:23 . 2011-11-13 23:47 -------- d-----w- c:\programdata\NVIDIA
2011-11-09 05:23 . 2011-10-15 08:53 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2011-11-09 05:23 . 2011-10-15 08:53 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2011-11-09 05:23 . 2011-10-15 08:53 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-11-09 05:23 . 2011-10-15 08:53 123712 ----a-w- c:\windows\system32\nvshext.dll
2011-11-09 05:23 . 2011-10-15 08:53 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2011-11-09 05:23 . 2011-10-15 08:53 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-11-07 09:36 . 2011-11-07 09:36 -------- d-----w- C:\New folder
2011-11-05 01:01 . 2011-11-05 01:01 -------- d-----w- c:\users\nwofan\AppData\Roaming\VrlOBtxP0SiDnHs
2011-11-05 01:01 . 2011-11-05 01:01 -------- d-----w- c:\users\nwofan\AppData\Roaming\lfEL8gTZqYwU
2011-11-05 00:40 . 2011-11-05 00:40 -------- d-----w- c:\users\nwofan\AppData\Roaming\tOOONyxAuvS2i
2011-11-05 00:40 . 2011-11-05 00:40 -------- d-----w- c:\users\nwofan\AppData\Roaming\aRRLL9hhTXjUCkB
2011-11-05 00:40 . 2011-11-05 00:40 -------- d-----w- c:\users\nwofan\AppData\Roaming\prrzzONNx
2011-11-05 00:40 . 2011-11-05 01:16 -------- d-----w- c:\users\nwofan\AppData\Roaming\n444pmmG5sQ6
2011-11-05 00:40 . 2011-11-05 00:40 -------- d-----w- c:\users\nwofan\AppData\Roaming\zL8TqCVOxyS1v3F
2011-11-05 00:40 . 2011-11-05 00:40 -------- d-----w- c:\users\nwofan\AppData\Roaming\EibF3na6dWKfL
2011-11-03 08:06 . 2011-11-03 08:06 -------- d-----w- c:\users\nwofan\AppData\Roaming\NVIDIA
2011-11-03 08:05 . 2011-11-03 08:05 -------- d-----w- c:\users\UpdatusUser
2011-10-29 15:30 . 2011-10-29 15:30 -------- d-----w- c:\users\Veronica Valencia\AppData\Local\Winamp Toolbar
2011-10-29 00:39 . 2011-11-12 00:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-29 00:38 . 2011-10-29 00:38 -------- d-----w- c:\windows\system32\Adobe
2011-10-26 09:03 . 2011-10-26 09:03 -------- d-----w- c:\users\nwofan\AppData\Roaming\Media Player Classic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 10:55 . 2011-07-01 05:57 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-08 05:23 . 2011-09-08 05:23 800824 ----a-w- c:\users\Default\AppData\Roaming\DPInst.exe
2011-09-08 05:23 . 2011-09-08 05:23 36352 ----a-w- c:\users\Default\AppData\Roaming\PnPutil.exe
2011-09-08 05:23 . 2011-09-08 05:23 106496 ----a-w- c:\users\Default\AppData\Roaming\gacutil.exe
2011-09-01 00:00 . 2009-11-21 10:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\system32\dnssd.dll
1998-04-27 05:00 . 1998-04-27 05:00 570128 ----a-w- c:\program files\Common Files\DAO350.DLL
2011-11-12 00:03 . 2011-04-02 10:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]
"Pando"="c:\program files\Pando Networks\Pando\Pando.exe" [2010-08-01 4950936]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"AIM"="c:\program files\AIM7\aim.exe" [2011-01-05 4321112]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-26 17764488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-17 2510848]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-09-06 2232752]
.
c:\users\nwofan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MBCameraMonitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MBCameraMonitor.lnk
backup=c:\windows\pss\MBCameraMonitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Registration Tool.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run Registration Tool.lnk
backup=c:\windows\pss\Run Registration Tool.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TunesUp20.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TunesUp20.lnk
backup=c:\windows\pss\TunesUp20.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2011-02-14 03:20 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 08:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 03:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-09-10 14:28 2338656 ----a-w- c:\program files\AVG\AVG10\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2009-08-01 01:38 283792 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2010-11-20 12:17 144384 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2011-06-17 00:53 2510848 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1241069855\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 15:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 22:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2010-06-30 07:14 1689144 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 08:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2008-07-21 13:30 12288 ----a-w- c:\program files\Hewlett-Packard\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2011-03-04 19:45 2741616 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbkbmgr.exe]
2008-02-28 18:57 74408 ----a-w- c:\program files\Lexmark X1100 Series\LXBKbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-09-01 00:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-09-01 00:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2011-01-29 01:36 526336 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2008-09-23 19:03 912688 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 19:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 02:11 210216 ----a-w- c:\program files\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 02:11 210216 ----a-w- c:\program files\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-09-11 23:32 210216 ----a-w- c:\program files\Cyberlink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-10-01 00:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca6243422bd392;Google Update Service (gupdate1ca6243422bd392);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 133104]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6016]
R3 dsiarhwprog;dsiarhwprog;c:\windows\system32\Drivers\dsiarhwprog.sys [2007-02-08 29184]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 133104]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-30 8320]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 81168]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-02-08 11008]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\program files\PC-Doctor for Windows\pcd5srvc.pkms [2008-09-10 20640]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-25 1343400]
R3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys [2006-12-24 27904]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\NServiceEntry.exe [2010-11-05 81920]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [2011-09-06 393648]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 94880]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [2010-09-20 52824]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-07 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 19:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 20:20]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 20:20]
.
2011-10-29 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wwe.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com/?fr=fp-tyc8
uInternet Settings,ProxyOverride = <local>;192.168.*.*
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v420.cab
FF - ProfilePath - c:\users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2878731&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.wwe.com
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-09368001.sys
MSConfigStartUp-SSDMonitor - c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
AddRemove-AIMToolbar - c:\program files\AIM Toolbar\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\program files\PC-Doctor for Windows\pcd5srvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1868571618-3835447236-223175164-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:94,22,3e,75,1a,49,97,e5,88,35,c6,e4,55,54,fe,4f,08,44,c5,99,bd,30,72,
c0,47,7c,53,58,60,ae,e4,34,f1,e9,18,33,bd,04,e3,66,3b,80,ee,8a,15,af,18,1d,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1868571618-3835447236-223175164-1000\Software\SecuROM\License information*]
"datasecu"=hex:9a,f7,6e,4d,b6,50,f9,96,5c,c1,5b,41,bf,f9,ef,d5,ae,23,46,9b,10,
29,32,2b,43,47,9b,93,30,81,02,66,93,47,ec,72,3b,70,61,b1,65,01,d0,99,57,9d,\
"rkeysecu"=hex:a3,55,ea,db,ed,3a,3b,2e,64,c0,1f,5b,8f,6c,dd,1f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(716)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'Explorer.exe'(5796)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\windows\system32\conhost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2011-11-23 14:51:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-23 22:51
ComboFix2.txt 2011-11-23 10:45
.
Pre-Run: 35,992,567,808 bytes free
Post-Run: 35,854,471,168 bytes free
.
- - End Of File - - FB37D44DF3C6E81FBE8054CF7AB48683

TDSSKiller

15:01:35.0080 1180 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
15:01:35.0439 1180 ============================================================
15:01:35.0439 1180 Current date / time: 2011/11/23 15:01:35.0439
15:01:35.0439 1180 SystemInfo:
15:01:35.0439 1180
15:01:35.0439 1180 OS Version: 6.1.7601 ServicePack: 1.0
15:01:35.0439 1180 Product type: Workstation
15:01:35.0439 1180 ComputerName: GAMERPC
15:01:35.0439 1180 UserName: nwofan
15:01:35.0439 1180 Windows directory: C:\Windows
15:01:35.0439 1180 System windows directory: C:\Windows
15:01:35.0439 1180 Processor architecture: Intel x86
15:01:35.0439 1180 Number of processors: 2
15:01:35.0439 1180 Page size: 0x1000
15:01:35.0439 1180 Boot type: Normal boot
15:01:35.0439 1180 ============================================================
15:01:37.0623 1180 Initialize success
15:01:39.0651 5820 ============================================================
15:01:39.0651 5820 Scan started
15:01:39.0651 5820 Mode: Manual;
15:01:39.0651 5820 ============================================================
15:01:40.0556 5820 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
15:01:40.0572 5820 1394ohci - ok
15:01:40.0697 5820 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:01:40.0712 5820 ACPI - ok
15:01:41.0133 5820 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:01:41.0149 5820 AcpiPmi - ok
15:01:41.0477 5820 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
15:01:41.0492 5820 adfs - ok
15:01:41.0913 5820 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:01:41.0913 5820 adp94xx - ok
15:01:42.0335 5820 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:01:42.0350 5820 adpahci - ok
15:01:42.0771 5820 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:01:42.0787 5820 adpu320 - ok
15:01:43.0239 5820 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:01:43.0255 5820 AFD - ok
15:01:43.0551 5820 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:01:43.0567 5820 agp440 - ok
15:01:44.0191 5820 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:01:44.0191 5820 aic78xx - ok
15:01:44.0940 5820 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:01:44.0955 5820 aliide - ok
15:01:45.0533 5820 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:01:45.0579 5820 amdagp - ok
15:01:45.0767 5820 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:01:45.0782 5820 amdide - ok
15:01:46.0141 5820 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:01:46.0141 5820 AmdK8 - ok
15:01:46.0406 5820 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:01:46.0422 5820 AmdPPM - ok
15:01:46.0531 5820 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:01:46.0531 5820 amdsata - ok
15:01:46.0671 5820 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:01:46.0687 5820 amdsbs - ok
15:01:46.0796 5820 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:01:46.0796 5820 amdxata - ok
15:01:47.0124 5820 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:01:47.0139 5820 AppID - ok
15:01:47.0654 5820 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:01:47.0654 5820 arc - ok
15:01:47.0685 5820 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:01:47.0685 5820 arcsas - ok
15:01:47.0919 5820 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:01:47.0919 5820 AsyncMac - ok
15:01:47.0982 5820 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:01:47.0982 5820 atapi - ok
15:01:48.0356 5820 AVGIDSDriver (b9acb889ba1e0561868c025f95d63e25) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
15:01:48.0356 5820 AVGIDSDriver - ok
15:01:48.0653 5820 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
15:01:48.0653 5820 AVGIDSEH - ok
15:01:48.0871 5820 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
15:01:48.0871 5820 AVGIDSFilter - ok
15:01:48.0965 5820 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
15:01:48.0965 5820 AVGIDSShim - ok
15:01:49.0136 5820 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
15:01:49.0136 5820 Avgldx86 - ok
15:01:49.0277 5820 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
15:01:49.0277 5820 Avgmfx86 - ok
15:01:49.0433 5820 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
15:01:49.0448 5820 Avgrkx86 - ok
15:01:49.0604 5820 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
15:01:49.0604 5820 Avgtdix - ok
15:01:49.0838 5820 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:01:49.0854 5820 b06bdrv - ok
15:01:49.0947 5820 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:01:49.0963 5820 b57nd60x - ok
15:01:50.0119 5820 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:01:50.0119 5820 Beep - ok
15:01:50.0228 5820 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:01:50.0228 5820 blbdrive - ok
15:01:50.0400 5820 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:01:50.0493 5820 bowser - ok
15:01:50.0587 5820 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:01:50.0587 5820 BrFiltLo - ok
15:01:50.0603 5820 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:01:50.0618 5820 BrFiltUp - ok
15:01:50.0727 5820 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:01:50.0727 5820 Brserid - ok
15:01:50.0759 5820 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:01:50.0759 5820 BrSerWdm - ok
15:01:50.0837 5820 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:01:50.0837 5820 BrUsbMdm - ok
15:01:50.0852 5820 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:01:50.0852 5820 BrUsbSer - ok
15:01:51.0008 5820 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
15:01:51.0008 5820 BTCFilterService - ok
15:01:51.0102 5820 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:01:51.0102 5820 BTHMODEM - ok
15:01:51.0320 5820 catchme - ok
15:01:51.0523 5820 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:01:51.0523 5820 cdfs - ok
15:01:51.0617 5820 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
15:01:51.0632 5820 cdrom - ok
15:01:51.0835 5820 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:01:51.0835 5820 circlass - ok
15:01:51.0897 5820 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:01:51.0897 5820 CLFS - ok
15:01:52.0163 5820 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:01:52.0163 5820 CmBatt - ok
15:01:52.0209 5820 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:01:52.0209 5820 cmdide - ok
15:01:52.0334 5820 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
15:01:52.0334 5820 CNG - ok
15:01:52.0412 5820 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:01:52.0412 5820 Compbatt - ok
15:01:52.0490 5820 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
15:01:52.0506 5820 CompositeBus - ok
15:01:52.0709 5820 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:01:52.0724 5820 crcdisk - ok
15:01:52.0818 5820 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
15:01:52.0818 5820 CSC - ok
15:01:53.0052 5820 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
15:01:53.0067 5820 DfsC - ok
15:01:53.0130 5820 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:01:53.0130 5820 discache - ok
15:01:53.0333 5820 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:01:53.0333 5820 Disk - ok
15:01:53.0457 5820 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:01:53.0473 5820 drmkaud - ok
15:01:53.0551 5820 dsiarhwprog (f35b5d0cc142b87e687fc504baa69d82) C:\Windows\system32\Drivers\dsiarhwprog.sys
15:01:53.0551 5820 dsiarhwprog - ok
15:01:53.0754 5820 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:01:53.0769 5820 DXGKrnl - ok
15:01:53.0941 5820 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:01:53.0988 5820 ebdrv - ok
15:01:54.0175 5820 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
15:01:54.0175 5820 ElbyCDFL - ok
15:01:54.0191 5820 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
15:01:54.0191 5820 ElbyCDIO - ok
15:01:54.0284 5820 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:01:54.0284 5820 elxstor - ok
15:01:54.0440 5820 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:01:54.0440 5820 ErrDev - ok
15:01:54.0565 5820 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:01:54.0565 5820 exfat - ok
15:01:54.0705 5820 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:01:54.0705 5820 fastfat - ok
15:01:54.0830 5820 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:01:54.0830 5820 fdc - ok
15:01:54.0971 5820 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:01:54.0971 5820 FileInfo - ok
15:01:55.0002 5820 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:01:55.0002 5820 Filetrace - ok
15:01:55.0095 5820 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:01:55.0095 5820 flpydisk - ok
15:01:55.0267 5820 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:01:55.0267 5820 FltMgr - ok
15:01:55.0283 5820 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:01:55.0298 5820 FsDepends - ok
15:01:55.0532 5820 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
15:01:55.0532 5820 fssfltr - ok
15:01:55.0735 5820 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:01:55.0735 5820 Fs_Rec - ok
15:01:55.0907 5820 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:01:55.0907 5820 fvevol - ok
15:01:56.0078 5820 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:01:56.0094 5820 gagp30kx - ok
15:01:56.0265 5820 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:01:56.0265 5820 GEARAspiWDM - ok
15:01:56.0484 5820 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:01:56.0484 5820 hcw85cir - ok
15:01:56.0562 5820 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
15:01:56.0562 5820 HDAudBus - ok
15:01:56.0593 5820 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:01:56.0593 5820 HidBatt - ok
15:01:56.0609 5820 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:01:56.0624 5820 HidBth - ok
15:01:56.0827 5820 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:01:56.0827 5820 HidIr - ok
15:01:56.0921 5820 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
15:01:56.0921 5820 HidUsb - ok
15:01:57.0170 5820 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:01:57.0170 5820 HpSAMD - ok
15:01:57.0326 5820 HSF_DP (0f5ed510a6c361420bc319e0cf96c1dc) C:\Windows\system32\DRIVERS\HSX_DP.sys
15:01:57.0342 5820 HSF_DP - ok
15:01:57.0467 5820 HSXHWBS2 (186c11d0ca0e53b1ee266633b9d8b393) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
15:01:57.0467 5820 HSXHWBS2 - ok
15:01:57.0607 5820 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:01:57.0623 5820 HTTP - ok
15:01:57.0685 5820 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:01:57.0701 5820 hwpolicy - ok
15:01:57.0872 5820 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
15:01:57.0888 5820 i8042prt - ok
15:01:57.0981 5820 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
15:01:57.0997 5820 iaStorV - ok
15:01:58.0184 5820 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:01:58.0184 5820 iirsp - ok
15:01:58.0387 5820 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys
15:01:58.0449 5820 IntcAzAudAddService - ok
15:01:58.0605 5820 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:01:58.0605 5820 intelide - ok
15:01:58.0668 5820 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:01:58.0668 5820 intelppm - ok
15:01:58.0699 5820 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:01:58.0699 5820 IpFilterDriver - ok
15:01:58.0871 5820 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:01:58.0871 5820 IPMIDRV - ok
15:01:58.0933 5820 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:01:58.0933 5820 IPNAT - ok
15:01:59.0151 5820 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:01:59.0151 5820 IRENUM - ok
15:01:59.0229 5820 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:01:59.0245 5820 isapnp - ok
15:01:59.0276 5820 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:01:59.0292 5820 iScsiPrt - ok
15:01:59.0510 5820 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) C:\Windows\system32\DRIVERS\ivusb.sys
15:01:59.0510 5820 ivusb - ok
15:01:59.0588 5820 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:01:59.0588 5820 kbdclass - ok
15:01:59.0760 5820 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
15:01:59.0760 5820 kbdhid - ok
15:01:59.0853 5820 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
15:01:59.0853 5820 KSecDD - ok
15:01:59.0931 5820 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
15:01:59.0931 5820 KSecPkg - ok
15:02:00.0165 5820 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:02:00.0165 5820 lltdio - ok
15:02:00.0259 5820 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:02:00.0259 5820 LSI_FC - ok
15:02:00.0587 5820 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:02:00.0587 5820 LSI_SAS - ok
15:02:00.0680 5820 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:02:00.0696 5820 LSI_SAS2 - ok
15:02:00.0977 5820 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:02:00.0977 5820 LSI_SCSI - ok
15:02:01.0289 5820 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:02:01.0335 5820 luafv - ok
15:02:01.0538 5820 ManyCam (c6d085c7045200143528136a43a65fde) C:\Windows\system32\DRIVERS\ManyCam.sys
15:02:01.0538 5820 ManyCam - ok
15:02:01.0788 5820 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
15:02:01.0788 5820 MBAMProtector - ok
15:02:02.0115 5820 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:02:02.0131 5820 mdmxsdk - ok
15:02:02.0318 5820 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:02:02.0318 5820 megasas - ok
15:02:02.0381 5820 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:02:02.0381 5820 MegaSR - ok
15:02:02.0427 5820 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:02:02.0427 5820 Modem - ok
15:02:02.0615 5820 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:02:02.0615 5820 monitor - ok
15:02:02.0755 5820 motccgp (f4ea1193a52c8fe4b8a135e210abe546) C:\Windows\system32\DRIVERS\motccgp.sys
15:02:02.0771 5820 motccgp - ok
15:02:03.0036 5820 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
15:02:03.0051 5820 motccgpfl - ok
15:02:03.0176 5820 MotioninJoyXFilter (61448ba3cca3063541437694a5527af2) C:\Windows\system32\DRIVERS\MijXfilt.sys
15:02:03.0176 5820 MotioninJoyXFilter - ok
15:02:03.0457 5820 motmodem (69814acd50a9d6d28296050ef6215d46) C:\Windows\system32\DRIVERS\motmodem.sys
15:02:03.0457 5820 motmodem - ok
15:02:03.0738 5820 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
15:02:03.0738 5820 MotoSwitchService - ok
15:02:03.0785 5820 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\Windows\system32\DRIVERS\Motousbnet.sys
15:02:03.0785 5820 Motousbnet - ok
15:02:03.0925 5820 motport - ok
15:02:04.0050 5820 motusbdevice (f18898d418f43e74a93edc57e1f28bc9) C:\Windows\system32\DRIVERS\motusbdevice.sys
15:02:04.0050 5820 motusbdevice - ok
15:02:04.0268 5820 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:02:04.0268 5820 mouclass - ok
15:02:04.0549 5820 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:02:04.0549 5820 mouhid - ok
15:02:04.0627 5820 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:02:04.0643 5820 mountmgr - ok
15:02:04.0674 5820 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
15:02:04.0674 5820 mpio - ok
15:02:04.0752 5820 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:02:04.0767 5820 mpsdrv - ok
15:02:04.0955 5820 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
15:02:04.0970 5820 MRxDAV - ok
15:02:05.0048 5820 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:02:05.0048 5820 mrxsmb - ok
15:02:05.0235 5820 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:02:05.0267 5820 mrxsmb10 - ok
15:02:05.0313 5820 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:02:05.0313 5820 mrxsmb20 - ok
15:02:05.0360 5820 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
15:02:05.0360 5820 msahci - ok
15:02:05.0516 5820 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
15:02:05.0532 5820 msdsm - ok
15:02:05.0594 5820 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:02:05.0594 5820 Msfs - ok
15:02:05.0610 5820 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:02:05.0610 5820 mshidkmdf - ok
15:02:05.0625 5820 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:02:05.0625 5820 msisadrv - ok
15:02:05.0906 5820 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:02:05.0906 5820 MSKSSRV - ok
15:02:06.0000 5820 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:02:06.0000 5820 MSPCLOCK - ok
15:02:06.0140 5820 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:02:06.0156 5820 MSPQM - ok
15:02:06.0171 5820 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:02:06.0187 5820 MsRPC - ok
15:02:06.0281 5820 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
15:02:06.0281 5820 mssmbios - ok
15:02:06.0483 5820 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:02:06.0499 5820 MSTEE - ok
15:02:06.0608 5820 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:02:06.0624 5820 MTConfig - ok
15:02:06.0717 5820 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:02:06.0717 5820 Mup - ok
15:02:06.0764 5820 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:02:06.0764 5820 NativeWifiP - ok
15:02:06.0905 5820 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
15:02:06.0905 5820 NDIS - ok
15:02:07.0014 5820 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:02:07.0014 5820 NdisCap - ok
15:02:07.0123 5820 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:02:07.0123 5820 NdisTapi - ok
15:02:07.0201 5820 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
15:02:07.0201 5820 Ndisuio - ok
15:02:07.0263 5820 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
15:02:07.0263 5820 NdisWan - ok
15:02:07.0388 5820 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
15:02:07.0388 5820 NDProxy - ok
15:02:07.0529 5820 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:02:07.0544 5820 NetBIOS - ok
15:02:07.0607 5820 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:02:07.0622 5820 NetBT - ok
15:02:07.0887 5820 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:02:07.0887 5820 nfrd960 - ok
15:02:07.0981 5820 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:02:07.0981 5820 Npfs - ok
15:02:08.0075 5820 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:02:08.0075 5820 nsiproxy - ok
15:02:08.0184 5820 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
15:02:08.0184 5820 Ntfs - ok
15:02:08.0324 5820 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:02:08.0324 5820 Null - ok
15:02:08.0543 5820 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
15:02:08.0558 5820 NVENETFD - ok
15:02:09.0042 5820 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:02:09.0260 5820 nvlddmkm - ok
15:02:09.0416 5820 NVNET (5bf9c11586f4764446407f509f1beca8) C:\Windows\system32\DRIVERS\nvmf6232.sys
15:02:09.0432 5820 NVNET - ok
15:02:09.0479 5820 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
15:02:09.0494 5820 nvraid - ok
15:02:09.0636 5820 nvrd32 (085e88101d0d4b321abf9c7e2b6ee99d) C:\Windows\system32\drivers\nvrd32.sys
15:02:09.0636 5820 nvrd32 - ok
15:02:09.0682 5820 nvsmu (62754e376185eacbb73d06fea0ffc54a) C:\Windows\system32\drivers\nvsmu.sys
15:02:09.0682 5820 nvsmu - ok
15:02:09.0729 5820 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
15:02:09.0729 5820 nvstor - ok
15:02:09.0916 5820 nvstor32 (01cb6251cb805abec096ef004b2239c5) C:\Windows\system32\DRIVERS\nvstor32.sys
15:02:09.0916 5820 nvstor32 - ok
15:02:10.0026 5820 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
15:02:10.0026 5820 nv_agp - ok
15:02:10.0197 5820 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
15:02:10.0197 5820 ohci1394 - ok
15:02:10.0291 5820 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:02:10.0291 5820 Parport - ok
15:02:10.0338 5820 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
15:02:10.0353 5820 partmgr - ok
15:02:10.0494 5820 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:02:10.0494 5820 Parvdm - ok
15:02:10.0634 5820 PCD5SRVC{BD6912E3-AC9D80E8-05040000} (9489c4cf14126a06b061163d2b261c69) C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms
15:02:10.0634 5820 PCD5SRVC{BD6912E3-AC9D80E8-05040000} - ok
15:02:10.0806 5820 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
15:02:10.0837 5820 pci - ok
15:02:10.0899 5820 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:02:10.0899 5820 pciide - ok
15:02:10.0962 5820 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:02:10.0962 5820 pcmcia - ok
15:02:11.0242 5820 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:02:11.0242 5820 pcw - ok
15:02:11.0274 5820 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:02:11.0274 5820 PEAUTH - ok
15:02:11.0414 5820 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:02:11.0414 5820 PptpMiniport - ok
15:02:11.0726 5820 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:02:11.0726 5820 Processor - ok
15:02:11.0913 5820 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
15:02:11.0929 5820 Ps2 - ok
15:02:11.0991 5820 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:02:11.0991 5820 Psched - ok
15:02:12.0054 5820 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:02:12.0069 5820 ql2300 - ok
15:02:12.0350 5820 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:02:12.0381 5820 ql40xx - ok
15:02:12.0506 5820 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:02:12.0506 5820 QWAVEdrv - ok
15:02:12.0568 5820 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:02:12.0568 5820 RasAcd - ok
15:02:12.0678 5820 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:02:12.0678 5820 RasAgileVpn - ok
15:02:12.0834 5820 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:02:12.0834 5820 Rasl2tp - ok
15:02:12.0927 5820 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:02:12.0943 5820 RasPppoe - ok
15:02:13.0068 5820 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:02:13.0068 5820 RasSstp - ok
15:02:13.0130 5820 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
15:02:13.0146 5820 rdbss - ok
15:02:13.0208 5820 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:02:13.0208 5820 rdpbus - ok
15:02:13.0317 5820 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:02:13.0333 5820 RDPCDD - ok
15:02:13.0458 5820 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
15:02:13.0473 5820 RDPDR - ok
15:02:13.0738 5820 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:02:13.0738 5820 RDPENCDD - ok
15:02:13.0770 5820 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:02:13.0770 5820 RDPREFMP - ok
15:02:14.0113 5820 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
15:02:14.0113 5820 RdpVideoMiniport - ok
15:02:14.0206 5820 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
15:02:14.0206 5820 RDPWD - ok
15:02:14.0596 5820 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
15:02:14.0596 5820 rdyboost - ok
15:02:14.0752 5820 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:02:14.0768 5820 rspndr - ok
15:02:15.0002 5820 RT25USBAP (d3b4872de758efa9e0740694c4461421) C:\Windows\system32\DRIVERS\rt25usbap.sys
15:02:15.0018 5820 RT25USBAP - ok
15:02:15.0096 5820 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
15:02:15.0096 5820 s3cap - ok
15:02:15.0298 5820 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
15:02:15.0298 5820 sbp2port - ok
15:02:15.0454 5820 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
15:02:15.0470 5820 scfilter - ok
15:02:15.0626 5820 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:02:15.0626 5820 secdrv - ok
15:02:16.0033 5820 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:02:16.0033 5820 Serenum - ok
15:02:16.0173 5820 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:02:16.0173 5820 Serial - ok
15:02:16.0220 5820 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:02:16.0220 5820 sermouse - ok
15:02:16.0345 5820 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
15:02:16.0345 5820 sffdisk - ok
15:02:16.0438 5820 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
15:02:16.0438 5820 sffp_mmc - ok
15:02:16.0485 5820 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
15:02:16.0485 5820 sffp_sd - ok
15:02:16.0579 5820 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:02:16.0579 5820 sfloppy - ok
15:02:16.0984 5820 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
15:02:17.0000 5820 sisagp - ok
15:02:17.0078 5820 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:02:17.0078 5820 SiSRaid2 - ok
15:02:17.0140 5820 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:02:17.0156 5820 SiSRaid4 - ok
15:02:17.0249 5820 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:02:17.0249 5820 Smb - ok
15:02:17.0405 5820 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:02:17.0405 5820 spldr - ok
15:02:17.0639 5820 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
15:02:17.0655 5820 srv - ok
15:02:17.0780 5820 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
15:02:17.0795 5820 srv2 - ok
15:02:17.0873 5820 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
15:02:17.0889 5820 srvnet - ok
15:02:18.0092 5820 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
15:02:18.0092 5820 sscdbus - ok
15:02:18.0217 5820 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:02:18.0217 5820 sscdmdfl - ok
15:02:18.0263 5820 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
15:02:18.0263 5820 sscdmdm - ok
15:02:18.0404 5820 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
15:02:18.0404 5820 sscdserd - ok
15:02:18.0747 5820 stdriver (8bb19094def583e0eece1830457444ee) C:\Windows\system32\DRIVERS\stdriver32.sys
15:02:18.0747 5820 stdriver - ok
15:02:18.0919 5820 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:02:18.0919 5820 stexstor - ok
15:02:19.0075 5820 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
15:02:19.0090 5820 storflt - ok
15:02:19.0215 5820 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
15:02:19.0215 5820 storvsc - ok
15:02:19.0465 5820 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
15:02:19.0465 5820 swenum - ok
15:02:19.0683 5820 swmsflt (3d4776ab6520240ae06d277ac45bf836) C:\Windows\system32\DRIVERS\swmsflt.sys
15:02:19.0699 5820 swmsflt - ok
15:02:19.0855 5820 SWMX00 (af88ae62b84d016eb5bdc12ddf1005a3) C:\Windows\system32\DRIVERS\swmx00.sys
15:02:19.0855 5820 SWMX00 - ok
15:02:20.0057 5820 SWNC5E00 (68fa9dea71b307210045aea89310ef7f) C:\Windows\system32\DRIVERS\SWNC5E00.sys
15:02:20.0073 5820 SWNC5E00 - ok
15:02:20.0167 5820 Synth3dVsc - ok
15:02:20.0401 5820 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
15:02:20.0416 5820 Tcpip - ok
15:02:20.0650 5820 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
15:02:20.0666 5820 TCPIP6 - ok
15:02:20.0759 5820 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
15:02:20.0759 5820 tcpipreg - ok
15:02:20.0822 5820 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
15:02:20.0822 5820 TDPIPE - ok
15:02:20.0931 5820 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
15:02:20.0931 5820 TDTCP - ok
15:02:21.0009 5820 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
15:02:21.0009 5820 tdx - ok
15:02:21.0071 5820 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
15:02:21.0071 5820 TermDD - ok
15:02:21.0337 5820 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:02:21.0337 5820 tssecsrv - ok
15:02:21.0555 5820 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
15:02:21.0555 5820 TsUsbFlt - ok
15:02:21.0571 5820 tsusbhub - ok
15:02:21.0633 5820 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
15:02:21.0633 5820 tunnel - ok
15:02:21.0695 5820 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:02:21.0695 5820 uagp35 - ok
15:02:22.0101 5820 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
15:02:22.0101 5820 udfs - ok
15:02:22.0210 5820 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
15:02:22.0210 5820 uliagpkx - ok
15:02:22.0507 5820 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
15:02:22.0507 5820 umbus - ok
15:02:22.0616 5820 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:02:22.0616 5820 UmPass - ok
15:02:22.0865 5820 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
15:02:22.0865 5820 USBAAPL - ok
15:02:22.0959 5820 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
15:02:22.0959 5820 usbccgp - ok
15:02:22.0990 5820 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
15:02:23.0006 5820 usbcir - ok
15:02:23.0084 5820 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
15:02:23.0084 5820 usbehci - ok
15:02:23.0287 5820 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
15:02:23.0287 5820 usbhub - ok
15:02:23.0349 5820 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
15:02:23.0365 5820 usbohci - ok
15:02:23.0645 5820 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:02:23.0677 5820 usbprint - ok
15:02:23.0770 5820 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
15:02:23.0770 5820 usbscan - ok
15:02:23.0848 5820 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:02:23.0864 5820 USBSTOR - ok
15:02:23.0942 5820 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
15:02:23.0957 5820 usbuhci - ok
15:02:24.0051 5820 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
15:02:24.0067 5820 VClone - ok
15:02:24.0425 5820 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
15:02:24.0441 5820 vdrvroot - ok
15:02:24.0535 5820 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:02:24.0535 5820 vga - ok
15:02:24.0566 5820 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:02:24.0566 5820 VgaSave - ok
15:02:24.0706 5820 VGPU - ok
15:02:24.0753 5820 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
15:02:24.0753 5820 vhdmp - ok
15:02:24.0862 5820 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
15:02:24.0878 5820 viaagp - ok
15:02:25.0081 5820 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:02:25.0081 5820 ViaC7 - ok
15:02:25.0143 5820 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
15:02:25.0159 5820 viaide - ok
15:02:25.0283 5820 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
15:02:25.0283 5820 vmbus - ok
15:02:25.0330 5820 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
15:02:25.0330 5820 VMBusHID - ok
15:02:25.0361 5820 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
15:02:25.0361 5820 volmgr - ok
15:02:25.0502 5820 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:02:25.0517 5820 volmgrx - ok
15:02:25.0580 5820 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
15:02:25.0580 5820 volsnap - ok
15:02:25.0736 5820 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:02:25.0751 5820 vsmraid - ok
15:02:25.0907 5820 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
15:02:25.0907 5820 VSTHWBS2 - ok
15:02:26.0110 5820 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
15:02:26.0157 5820 VST_DPV - ok
15:02:26.0391 5820 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:02:26.0391 5820 vwifibus - ok
15:02:26.0594 5820 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:02:26.0625 5820 WacomPen - ok
15:02:26.0765 5820 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:02:26.0765 5820 WANARP - ok
15:02:26.0781 5820 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:02:26.0781 5820 Wanarpv6 - ok
15:02:27.0015 5820 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
15:02:27.0015 5820 wanatw - ok
15:02:27.0124 5820 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:02:27.0124 5820 Wd - ok
15:02:27.0374 5820 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
15:02:27.0374 5820 WDC_SAM - ok
15:02:27.0701 5820 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:02:27.0733 5820 Wdf01000 - ok
15:02:28.0091 5820 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:02:28.0091 5820 WfpLwf - ok
15:02:28.0357 5820 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
15:02:28.0419 5820 WimFltr - ok
15:02:28.0544 5820 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:02:28.0559 5820 WIMMount - ok
15:02:28.0934 5820 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:02:28.0965 5820 winachsf - ok
15:02:29.0137 5820 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
15:02:29.0152 5820 WinUsb - ok
15:02:29.0293 5820 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
15:02:29.0293 5820 WmiAcpi - ok
15:02:29.0511 5820 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:02:29.0511 5820 ws2ifsl - ok
15:02:29.0729 5820 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:02:29.0729 5820 WudfPf - ok
15:02:29.0870 5820 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
15:02:29.0885 5820 XAudio - ok
15:02:29.0995 5820 XPADFL02 (6ab0d2d28e2a984fbba5295f2dd81878) C:\Windows\system32\DRIVERS\xpadfl02.sys
15:02:29.0995 5820 XPADFL02 - ok
15:02:30.0229 5820 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
15:02:30.0229 5820 xusb21 - ok
15:02:30.0338 5820 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:02:30.0338 5820 \Device\Harddisk0\DR0 - ok
15:02:30.0338 5820 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
15:02:30.0353 5820 \Device\Harddisk5\DR5 - ok
15:02:30.0353 5820 Boot (0x1200) (c53d9631575fdd4bb83174dd99dcd33a) \Device\Harddisk0\DR0\Partition0
15:02:30.0353 5820 \Device\Harddisk0\DR0\Partition0 - ok
15:02:30.0385 5820 Boot (0x1200) (c96c2a65e55b5d47f1bb124541a0a1d8) \Device\Harddisk0\DR0\Partition1
15:02:30.0385 5820 \Device\Harddisk0\DR0\Partition1 - ok
15:02:30.0400 5820 Boot (0x1200) (74e808ce78b282d4fa4b5d5d5e26c335) \Device\Harddisk5\DR5\Partition0
15:02:30.0400 5820 \Device\Harddisk5\DR5\Partition0 - ok
15:02:30.0400 5820 ============================================================
15:02:30.0400 5820 Scan finished
15:02:30.0400 5820 ============================================================
15:02:30.0416 1192 Detected object count: 0
15:02:30.0416 1192 Actual detected object count: 0

Finally aswMBR

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-23 15:03:27
-----------------------------
15:03:27.315 OS Version: Windows 6.1.7601 Service Pack 1
15:03:27.315 Number of processors: 2 586 0x6B02
15:03:27.331 ComputerName: GAMERPC UserName: nwofan
15:03:35.490 Initialize success
15:04:15.544 AVAST engine defs: 11112302
15:04:21.363 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
15:04:21.363 Disk 0 Vendor: Hitachi_ GM3O Size: 305245MB BusType: 3
15:04:23.391 Disk 0 MBR read successfully
15:04:23.391 Disk 0 MBR scan
15:04:23.407 Disk 0 Windows 7 default MBR code
15:04:23.407 Disk 0 scanning sectors +625137345
15:04:23.656 Disk 0 scanning C:\Windows\system32\drivers
15:04:58.637 Service scanning
15:05:00.365 Modules scanning
15:05:16.257 Scan finished successfully
15:06:48.524 Disk 0 MBR has been saved successfully to "C:\Users\nwofan\Desktop\MBR.dat"
15:06:48.525 The log file has been saved successfully to "C:\Users\nwofan\Desktop\aswMBR.txt"

and Internet browser is working again ^^ Thanks that did the trick.

#6
RKinner

Posted 23 November 2011 - 07:37 PM

Malware Expert

Expert
24,623 posts

I didn't notice that some of the malware were folders and combofix is picky so it didn't remove them. One more time with combofix:

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

Folder::
c:\users\nwofan\AppData\Roaming\CC4AC
c:\users\nwofan\AppData\Roaming\BCCCC
c:\users\nwofan\AppData\Roaming\liivvD33onFa
c:\users\nwofan\AppData\Roaming\bwwwkUUVrlOtx0c
c:\users\nwofan\AppData\Roaming\oyxxA00uvS2iF3n
c:\users\nwofan\AppData\Roaming\QpmmmG5sQJ6dE8R
c:\users\nwofan\AppData\Roaming\dPPNNyccA
c:\users\nwofan\AppData\Roaming\VrlOBtxP0SiDnHs
c:\users\nwofan\AppData\Roaming\lfEL8gTZqYwU
c:\users\nwofan\AppData\Roaming\tOOONyxAuvS2i
c:\users\nwofan\AppData\Roaming\aRRLL9hhTXjUCkB
c:\users\nwofan\AppData\Roaming\prrzzONNx
c:\users\nwofan\AppData\Roaming\n444pmmG5sQ6
c:\users\nwofan\AppData\Roaming\zL8TqCVOxyS1v3F
c:\users\nwofan\AppData\Roaming\EibF3na6dWKfL

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron

#7
Lucky Dearly

Posted 23 November 2011 - 09:27 PM

Member

Topic Starter
Member
349 posts

here's the log

ComboFix 11-11-23.03 - nwofan 11/23/2011 18:01:27.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2943.1575 [GMT -8:00]
Running from: c:\users\nwofan\Desktop\ComboFix.exe
Command switches used :: c:\users\nwofan\Desktop\cfscript.txt
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\nwofan\AppData\Roaming\aRRLL9hhTXjUCkB
c:\users\nwofan\AppData\Roaming\BCCCC
c:\users\nwofan\AppData\Roaming\BCCCC\C4AC.CCC
c:\users\nwofan\AppData\Roaming\bwwwkUUVrlOtx0c
c:\users\nwofan\AppData\Roaming\CC4AC
c:\users\nwofan\AppData\Roaming\dPPNNyccA
c:\users\nwofan\AppData\Roaming\EibF3na6dWKfL
c:\users\nwofan\AppData\Roaming\lfEL8gTZqYwU
c:\users\nwofan\AppData\Roaming\liivvD33onFa
c:\users\nwofan\AppData\Roaming\liivvD33onFa\AV Protection 2011.ico
c:\users\nwofan\AppData\Roaming\n444pmmG5sQ6
c:\users\nwofan\AppData\Roaming\oyxxA00uvS2iF3n
c:\users\nwofan\AppData\Roaming\prrzzONNx
c:\users\nwofan\AppData\Roaming\QpmmmG5sQJ6dE8R
c:\users\nwofan\AppData\Roaming\tOOONyxAuvS2i
c:\users\nwofan\AppData\Roaming\tOOONyxAuvS2i\System Security 2012.ico
c:\users\nwofan\AppData\Roaming\VrlOBtxP0SiDnHs
c:\users\nwofan\AppData\Roaming\VrlOBtxP0SiDnHs\System Security 2012.ico
c:\users\nwofan\AppData\Roaming\zL8TqCVOxyS1v3F
.
.
((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 02:34 . 2011-11-24 02:34 -------- d-----w- c:\users\Veronica Valencia\AppData\Local\temp
2011-11-24 02:34 . 2011-11-24 02:34 -------- d-----w- c:\users\Mario Valencia\AppData\Local\temp
2011-11-24 02:34 . 2011-11-24 02:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-24 01:50 . 2011-11-24 01:50 -------- d-----w- c:\users\Veronica Valencia\AppData\Roaming\AVG10
2011-11-23 22:32 . 2011-11-24 03:06 -------- d-----w- c:\users\nwofan\AppData\Local\temp
2011-11-23 11:06 . 2011-11-23 11:06 -------- d-----w- C:\_OTL
2011-11-21 11:45 . 2011-11-21 11:45 -------- d-----w- c:\programdata\Yahoo! Companion
2011-11-21 11:24 . 2011-11-21 11:45 -------- d-----w- c:\users\nwofan\AppData\Roaming\Yahoo!
2011-11-21 01:40 . 2011-11-21 02:23 -------- d-----w- c:\program files\PC Tools Security
2011-11-21 01:39 . 2011-11-21 01:49 -------- d-----w- c:\programdata\PC Tools
2011-11-20 09:40 . 2011-11-20 09:40 -------- d-----w- c:\program files\Common Files\BOSS
2011-11-20 09:32 . 2011-11-20 09:32 -------- d-----w- c:\program files\Common Files\Wrye Bash
2011-11-19 16:38 . 2011-11-19 16:38 -------- d-----w- c:\users\Alex Valencia\AppData\Roaming\Malwarebytes
2011-11-15 13:31 . 2011-11-15 13:31 -------- d-----w- c:\program files\iPod
2011-11-15 11:59 . 2011-11-15 11:59 -------- d-----w- c:\users\nwofan\AppData\Local\eSupport.com
2011-11-12 18:42 . 2011-11-12 18:42 -------- d-----w- c:\users\Mario Valencia\AppData\Roaming\NVIDIA
2011-11-09 09:07 . 2011-11-09 09:07 -------- d-----w- c:\program files\Futuremark
2011-11-09 05:23 . 2011-11-13 23:47 -------- d-----w- c:\programdata\NVIDIA
2011-11-09 05:23 . 2011-10-15 08:53 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2011-11-09 05:23 . 2011-10-15 08:53 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2011-11-09 05:23 . 2011-10-15 08:53 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-11-09 05:23 . 2011-10-15 08:53 123712 ----a-w- c:\windows\system32\nvshext.dll
2011-11-09 05:23 . 2011-10-15 08:53 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2011-11-09 05:23 . 2011-10-15 08:53 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-11-07 09:36 . 2011-11-07 09:36 -------- d-----w- C:\New folder
2011-11-03 08:06 . 2011-11-03 08:06 -------- d-----w- c:\users\nwofan\AppData\Roaming\NVIDIA
2011-11-03 08:05 . 2011-11-03 08:05 -------- d-----w- c:\users\UpdatusUser
2011-10-29 15:30 . 2011-10-29 15:30 -------- d-----w- c:\users\Veronica Valencia\AppData\Local\Winamp Toolbar
2011-10-29 00:39 . 2011-11-12 00:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-29 00:38 . 2011-10-29 00:38 -------- d-----w- c:\windows\system32\Adobe
2011-10-26 09:03 . 2011-10-26 09:03 -------- d-----w- c:\users\nwofan\AppData\Roaming\Media Player Classic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 10:55 . 2011-07-01 05:57 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-08 05:23 . 2011-09-08 05:23 800824 ----a-w- c:\users\Default\AppData\Roaming\DPInst.exe
2011-09-08 05:23 . 2011-09-08 05:23 36352 ----a-w- c:\users\Default\AppData\Roaming\PnPutil.exe
2011-09-08 05:23 . 2011-09-08 05:23 106496 ----a-w- c:\users\Default\AppData\Roaming\gacutil.exe
2011-09-01 00:00 . 2009-11-21 10:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\system32\dnssd.dll
1998-04-27 05:00 . 1998-04-27 05:00 570128 ----a-w- c:\program files\Common Files\DAO350.DLL
2011-11-12 00:03 . 2011-04-02 10:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]
"Pando"="c:\program files\Pando Networks\Pando\Pando.exe" [2010-08-01 4950936]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"AIM"="c:\program files\AIM7\aim.exe" [2011-01-05 4321112]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-26 17764488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-17 2510848]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-09-06 2232752]
.
c:\users\nwofan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MBCameraMonitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MBCameraMonitor.lnk
backup=c:\windows\pss\MBCameraMonitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Registration Tool.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run Registration Tool.lnk
backup=c:\windows\pss\Run Registration Tool.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TunesUp20.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TunesUp20.lnk
backup=c:\windows\pss\TunesUp20.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2011-02-14 03:20 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 08:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 03:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-09-10 14:28 2338656 ----a-w- c:\program files\AVG\AVG10\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2009-08-01 01:38 283792 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2010-11-20 12:17 144384 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2011-06-17 00:53 2510848 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1241069855\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 15:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 22:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2010-06-30 07:14 1689144 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 08:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2008-07-21 13:30 12288 ----a-w- c:\program files\Hewlett-Packard\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2011-03-04 19:45 2741616 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbkbmgr.exe]
2008-02-28 18:57 74408 ----a-w- c:\program files\Lexmark X1100 Series\LXBKbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-09-01 00:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-09-01 00:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2011-01-29 01:36 526336 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2008-09-23 19:03 912688 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 19:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 02:11 210216 ----a-w- c:\program files\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 02:11 210216 ----a-w- c:\program files\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-09-11 23:32 210216 ----a-w- c:\program files\Cyberlink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-10-01 00:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca6243422bd392;Google Update Service (gupdate1ca6243422bd392);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 133104]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6016]
R3 dsiarhwprog;dsiarhwprog;c:\windows\system32\Drivers\dsiarhwprog.sys [2007-02-08 29184]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 133104]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-30 8320]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 81168]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-02-08 11008]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\program files\PC-Doctor for Windows\pcd5srvc.pkms [2008-09-10 20640]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-25 1343400]
R3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys [2006-12-24 27904]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\NServiceEntry.exe [2010-11-05 81920]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [2011-09-06 393648]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 94880]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [2010-09-20 52824]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-07 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 19:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 20:20]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 20:20]
.
2011-10-29 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wwe.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com/?fr=fp-tyc8
uInternet Settings,ProxyOverride = <local>;192.168.*.*
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v420.cab
FF - ProfilePath - c:\users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2878731&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.wwe.com
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\program files\PC-Doctor for Windows\pcd5srvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1868571618-3835447236-223175164-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:94,22,3e,75,1a,49,97,e5,88,35,c6,e4,55,54,fe,4f,08,44,c5,99,bd,30,72,
c0,47,7c,53,58,60,ae,e4,34,f1,e9,18,33,bd,04,e3,66,3b,80,ee,8a,15,af,18,1d,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1868571618-3835447236-223175164-1000\Software\SecuROM\License information*]
"datasecu"=hex:9a,f7,6e,4d,b6,50,f9,96,5c,c1,5b,41,bf,f9,ef,d5,ae,23,46,9b,10,
29,32,2b,43,47,9b,93,30,81,02,66,93,47,ec,72,3b,70,61,b1,65,01,d0,99,57,9d,\
"rkeysecu"=hex:a3,55,ea,db,ed,3a,3b,2e,64,c0,1f,5b,8f,6c,dd,1f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(724)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'Explorer.exe'(3860)
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\windows\system32\conhost.exe
c:\windows\system32\rundll32.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-11-23 19:18:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-24 03:18
ComboFix2.txt 2011-11-23 22:51
ComboFix3.txt 2011-11-23 10:45
.
Pre-Run: 35,882,020,864 bytes free
Post-Run: 35,918,397,440 bytes free
.
- - End Of File - - 50120425EDA95333489DD57E088DB448

Hmm now I have another problem, windows can't detect any upgrades, it gives me error code 80096001 and reports it as an unknown eerror

Edited by Lucky Dearly, 23 November 2011 - 09:37 PM.

#8
RKinner

Posted 23 November 2011 - 10:08 PM

Malware Expert

Expert
24,623 posts

Malware appears to be gone but it is common for it to do nasty things to windows update. There is a fix it from Microsoft that you should probably try first.

http://support.microsoft.com/kb/971058

Also sometimes we can see what is wrong in the event logs. We can also run sfc and see if it fixes something:

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#9
Lucky Dearly

Posted 23 November 2011 - 10:12 PM

Member

Topic Starter
Member
349 posts

okay, I'll give the fix a try first, if nothing happens I'll do the other solution

#10
RKinner

Posted 23 November 2011 - 10:20 PM

Malware Expert

Expert
24,623 posts

Run the second solution regardless. It's part of my final check for problems caused by malware.

#11
Lucky Dearly

Posted 24 November 2011 - 12:29 AM

Member

Topic Starter
Member
349 posts

okay here goes

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 23/11/2011 10:28:28 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/11/2011 5:13:47 AM
Type: Error Category: 0
Event: 14349 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 24/11/2011 5:13:47 AM
Type: Error Category: 0
Event: 14353 Source: Microsoft-Windows-WMPNSS-Service
A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/1238381221/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 24/11/2011 5:13:47 AM
Type: Error Category: 0
Event: 14349 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 24/11/2011 5:13:47 AM
Type: Error Category: 0
Event: 14353 Source: Microsoft-Windows-WMPNSS-Service
A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/1238381221/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 24/11/2011 5:13:47 AM
Type: Error Category: 0
Event: 14349 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 24/11/2011 5:13:47 AM
Type: Error Category: 0
Event: 14353 Source: Microsoft-Windows-WMPNSS-Service
A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/1238381221/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 24/11/2011 5:13:47 AM
Type: Error Category: 0
Event: 14349 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 24/11/2011 5:13:47 AM
Type: Error Category: 0
Event: 14353 Source: Microsoft-Windows-WMPNSS-Service
A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/1238381221/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 24/11/2011 5:13:47 AM
Type: Error Category: 0
Event: 14349 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 24/11/2011 5:13:47 AM
Type: Error Category: 0
Event: 14353 Source: Microsoft-Windows-WMPNSS-Service
A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/1238381221/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 24/11/2011 5:13:47 AM
Type: Error Category: 0
Event: 14349 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 24/11/2011 5:13:47 AM
Type: Error Category: 0
Event: 14353 Source: Microsoft-Windows-WMPNSS-Service
A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/1238381221/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 24/11/2011 5:12:24 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The AVGIDSAgent service hung on starting.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#12
Lucky Dearly

Posted 27 November 2011 - 07:46 PM

Member

Topic Starter
Member
349 posts

also wanna add my windows update is disabled as well, I get error code 80096001

#13
RKinner

Posted 27 November 2011 - 10:13 PM

Malware Expert

Expert
24,623 posts

Did you try the Fix IT from MS on the link I gave you earlier?

There is also this page:

http://www.winvistaclub.com/t4.html

I would skip down to where it says:
If you still cannot Update Windows Vista or Windows 7 using WindowsUpdate, try this :

Uninstall Windows Media Player - it's causing errors. Then download and install the latest version.

http://windows.micro...ws-media-player

Or use the free VLC instead: http://www.videolan.org/vlc/
It seems to be able to play anything.

Your AVG is having problems starting. Probably should uninstall it and reinstall:

Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe
Download the free AVG
http://free.avg.com/...ivirus-download
Uninstall AVG
Run the removal tool
Reboot
Reinstall AVG

#14
Lucky Dearly

Posted 27 November 2011 - 10:15 PM

Member

Topic Starter
Member
349 posts

tried the ms fix and nothing happened.

I'll give this a try.

problem: windows media player is part of Windows 7 (since I run Windows 7 Ultimate) so how would I go about uninstalling it?

Edited by Lucky Dearly, 27 November 2011 - 11:42 PM.

#15
Lucky Dearly

Posted 12 December 2011 - 08:28 PM

Member

Topic Starter
Member
349 posts

been doing alot more research and now I find that I can't install updates for itunes or safari. Also tried to run msfix in agressive mode but I get an error that another application is installing and it won't run, I'm positive I wasn't installing anything and I find that Windows installer appears twice in my task manager obviously blocking any attempts to fix windows update.

any ideas?