Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer only runs in safe mode - odd behavior and shuts down


  • Please log in to reply

#1
Dynamite1969

Dynamite1969

    Member

  • Member
  • PipPip
  • 62 posts
I posted something in the Windows 7 forum, but I'm starting to think maybe I have a virus or malware.

From that post

Need help with a bit of a mystery.

A few days ago, my computer shut itself off during the night (the beginning of my issues). The next morning I booted up fine and went about my day. Later in the afternoon I fired up a game of Oblivion (while downloading Dragon Age from Amazon) and after about an hr into the game my computer shut itself off without warning again like somebody ripped the cord out of the wall).

I brushed it off and hit the power button and it fired back up, and I resumed my activities (and had to re-start my Dragon Age download).

The next morning, I went to check the status of my download and before I even got the chance to install it it died again with one major difference. IT WOULD NOT START BACK UP. TOTALLY DEAD. I went down to best buy after removing what I was sure was the problem and purchased a new Corsair GS700 power supply.

Installed the PSU, fired it up with a few typical "windows was shut down incorrectly errors" and everything seemed to be working again.

Installed my new game and played for several hours, no issues.

Ok, here is where things get very frustrating.

Next day, my wife goes to fire up the computer and it instantly shuts down as it reaches the log in screen (just after the windows logo). She tried several more times and it would not get past the log in screen. The computer sat for about 9 hrs until I got home from work, turned it on..same thing. Over and over again, a few times I made it past the log in but about 30sec on the desktop and boom, its off again. I even tried the memory check tool in windows recovery, windows repair tool, system restore for 3 different points, and re-setting my BIOS to default settings.

Finally, I tried booting in safe mode and then safe mode w/network which worked and I've been researching on the net for an answer for 4 hrs with no shut down.

I need help, I haven't found anything on the web that has helped. I've read things that sound like a PSU issue (which I just changed, and it works in safe mode). Is this a windows 7 issue? A virus/malware? Other hardware issue? Other software issue?

Sorry for the long winded story, but I wanted to describe exactly what happened since I noticed the problem.

Extremely frustrated and not sure what to do next.

The computer was built less than 2 years ago and I don't push it that hard (no over clocking)

Operating System:
Windows 7 Pro
System Specs:
Gibabyte X58A-UD3R motherboard
i-7 Quad core chipset
12GB Ram (6 sticks)
ATI HD5770 1GB Graphic Card
Solid State 60GB hard drive for operating system
1.5TB drive for data/programs
(new) Corsair GS700 (700W) PSU
Realtek onboard sound



*********************
Tonight, I've been playing around trying to get the dang thing to run again and discovered a few behaviors that are getting me to think I have some malware.

I can get it to run in Safe mode as mentioned above. When I go to the Event viewer I'm getting a ton of strange posts like the following.

Tons of this one:
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Several like this (with different services):
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

And one I had never seen before:
The following boot-start or system-start driver(s) failed to load:
AppleCharger
Avgldx64
Avgmfx64
discache
ElbyCDIO
spldr
vpcvmm
Wanarpv6

And the list goes on

I also tried using my msconfig to boot to the "original configuration" which actually got me into my account. When I typed "msconfig" into the run command (not in safe mode)...INSTANT CRASH.

I booted back up and got into my account, played around with no crashes until I tried to open the Event Viewer...INSTANT CRASH. I tried one more time, but when I just hovered over my AVG to open it...INSTANT CRASH.

I then tried to run an AVG boot disk and could not get it to scan my computer with success.

HELP!!!!!

I'm attaching my OTL reports since my text is getting long winded.

OTL logfile created on: 11/29/2011 9:26:34 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\User\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 10.92 Gb Available Physical Memory | 90.99% Memory free
24.00 Gb Paging File | 22.94 Gb Available in Paging File | 95.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.53 Gb Total Space | 4.79 Gb Free Space | 8.05% Space Free | Partition Type: NTFS
Drive D: | 88.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 938.28 Gb Total Space | 786.27 Gb Free Space | 83.80% Space Free | Partition Type: NTFS
Drive L: | 449.22 Gb Total Space | 398.48 Gb Free Space | 88.71% Space Free | Partition Type: NTFS
Drive M: | 9.76 Gb Total Space | 4.80 Gb Free Space | 49.11% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/29 21:25:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2011/10/06 21:21:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/06 21:21:07 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/29 09:31:43 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/10/02 06:15:49 | 000,246,600 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/26 09:16:02 | 001,025,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/06/08 16:41:35 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Stopped] -- C:\Windows\SysWOW64\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/05 21:51:20 | 000,065,536 | R--- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009/08/04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- L:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/04 13:24:30 | 000,036,864 | ---- | M] (Dassault Systemes) [Disabled | Stopped] -- L:\CATIAV5\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/07 05:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 05:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/19 07:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011/08/08 05:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 00:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 00:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 00:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 00:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 14:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 05:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 05:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 03:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/12 11:21:01 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/03/09 02:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/01 09:35:20 | 000,020,520 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2009/10/29 00:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/10/26 22:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/10/26 22:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/09/11 11:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/09/11 11:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/09/11 11:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/09/11 11:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2009/08/20 08:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/08/19 07:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/04/19 09:17:00 | 000,011,376 | R--- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 00 94 BD 3B 0F CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: L:\Applications\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/09/13 16:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/11/22 09:49:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/06 21:21:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/16 07:54:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/09 14:30:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2011/11/04 07:19:43 | 000,000,000 | ---D | M]

[2010/05/12 09:41:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010/05/12 09:41:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/11/28 20:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\iyqior5t.default\extensions
[2011/11/28 20:03:12 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/10/02 06:15:49 | 000,003,674 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\searchplugins\avg-secure-search.xml
[2011/11/28 20:03:12 | 000,001,945 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\searchplugins\bing-zugo.xml
[2011/06/12 16:11:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/30 15:28:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/12 16:11:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/13 16:03:13 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="[email protected]" em:name="AVG Security Toolbar" em:version="7.008.031.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\[email protected]
[2011/11/22 09:49:45 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011/10/06 21:21:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/08 18:48:24 | 000,064,392 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - L:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - L:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - L:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ames.webex.c...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7B18840-79B9-4512-9BC1-2BFEFC3BE5A6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4f31394c-56e7-11df-821d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4f31394c-56e7-11df-821d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\OblivionLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/29 19:27:11 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/11/28 20:04:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2011/11/28 20:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StartNow Toolbar
[2011/11/27 09:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2011/11/27 09:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/11/27 09:10:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\EA Core
[2011/11/27 09:08:02 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\BioWare
[2011/11/27 09:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/11/27 09:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/11/27 09:06:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2011/11/27 09:06:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2011/11/27 09:06:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/11/27 09:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2011/11/27 09:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Origins
[2011/11/27 08:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2011/11/24 11:29:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\dvdcss
[2011/11/24 11:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinX DVD Ripper
[2011/11/24 11:20:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Digiarty
[2011/11/20 22:07:42 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\temp WII SD
[2011/11/20 16:51:16 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\DS ROMS
[2010/05/12 11:21:01 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\User\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/11/29 21:20:39 | 000,002,072 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/29 21:20:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/29 21:20:15 | 1072,553,982 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/29 20:53:06 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/29 20:53:06 | 000,661,892 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/29 20:53:06 | 000,121,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/27 15:38:57 | 000,015,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 15:38:57 | 000,015,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 15:37:16 | 110,914,329 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/11/27 09:05:45 | 000,000,690 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Age Origins.lnk
[2011/11/24 11:20:03 | 000,000,733 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Ripper.lnk
[2011/11/24 11:20:03 | 000,000,733 | ---- | M] () -- C:\Users\Public\Desktop\WinX DVD Ripper.lnk
[2011/11/23 18:06:41 | 000,365,633 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/11/22 09:49:45 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/20 07:50:05 | 000,661,967 | ---- | M] () -- C:\Users\User\Desktop\MFC_Self_Load_RF_Tube.pdf
[2011/11/10 09:08:13 | 000,352,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/11/27 09:05:45 | 000,000,690 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Age Origins.lnk
[2011/11/24 11:20:03 | 000,000,733 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Ripper.lnk
[2011/11/24 11:20:03 | 000,000,733 | ---- | C] () -- C:\Users\Public\Desktop\WinX DVD Ripper.lnk
[2011/11/20 07:50:05 | 000,661,967 | ---- | C] () -- C:\Users\User\Desktop\MFC_Self_Load_RF_Tube.pdf
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/28 07:40:58 | 000,775,244 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/12 16:07:53 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/05/12 11:57:53 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/05/12 11:21:01 | 000,099,384 | ---- | C] () -- C:\Users\User\AppData\Roaming\inst.exe
[2010/05/12 11:21:01 | 000,007,859 | ---- | C] () -- C:\Users\User\AppData\Roaming\pcouffin.cat
[2010/05/12 11:21:01 | 000,001,167 | ---- | C] () -- C:\Users\User\AppData\Roaming\pcouffin.inf
[2010/05/11 17:49:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/10 18:16:33 | 000,065,536 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2010/05/10 18:12:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/05/09 21:27:24 | 000,007,648 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2010/05/03 08:30:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/08/26 23:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2003/04/19 09:17:00 | 000,011,376 | R--- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS

========== LOP Check ==========

[2011/10/02 06:15:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG2012
[2010/07/12 18:31:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DassaultSystemes
[2011/11/24 11:20:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Digiarty
[2010/06/05 18:32:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2010/08/16 09:04:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MtStudio
[2010/05/28 06:53:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OxelonMC
[2010/05/12 09:41:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird
[2010/12/09 21:20:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vso
[2010/10/04 10:08:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\webex
[2011/07/23 15:41:43 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\User\Documents\Deanna file.avi:TOC.WMV

< End of report >

OTL Extras logfile created on: 11/29/2011 9:26:34 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\User\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 10.92 Gb Available Physical Memory | 90.99% Memory free
24.00 Gb Paging File | 22.94 Gb Available in Paging File | 95.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.53 Gb Total Space | 4.79 Gb Free Space | 8.05% Space Free | Partition Type: NTFS
Drive D: | 88.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 938.28 Gb Total Space | 786.27 Gb Free Space | 83.80% Space Free | Partition Type: NTFS
Drive L: | 449.22 Gb Total Space | 398.48 Gb Free Space | 88.71% Space Free | Partition Type: NTFS
Drive M: | 9.76 Gb Total Space | 4.80 Gb Free Space | 49.11% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "L:\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "L:\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "L:\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "L:\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{576A97E3-1A79-6215-49DE-AA358AF47420}" = ATI Catalyst Install Manager
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{76202DBC-6FDA-47EA-B32F-F88512C03B18}" = AVG 2012
"{82B2394D-F5CC-42F0-8DC1-48B3CAA382CC}" = Dassault Systemes Software Prerequisites x86-x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{96F1BA99-300F-4DD5-A26B-788EF63B53B1}" = Logitech Gaming Software 5.08
"{9DADBA45-2B06-4F7F-970B-E854ABC8917A}" = WBFS Manager 2.5
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF51A2B6-3AAF-46C5-36A7-0E78B2D23E3E}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BEC69493-1732-4F85-B559-CC99CB30665C}" = AVG 2012
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"Dassault Systemes B18_0" = Dassault Systemes Software B18
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{024FDD4C-B4EE-4CFC-696F-9A36B3BE4D41}" = Catalyst Control Center Graphics Previews Vista
"{05BC432D-819E-86AF-74A9-0622CAD08767}" = Catalyst Control Center Graphics Previews Common
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0A477437-2307-018D-3F3A-AFBDE1D4FF7A}" = Catalyst Control Center HydraVision Full
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{217EC467-61C4-1939-3BBF-4FA4CAEA42FF}" = EA Shared Game Component: Activation
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars Knights of the Old Republic
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Cinfigurer
"{3C2739CB-9E0F-8E06-F315-25F9E9AB2763}" = CCC Help English
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0301.1
"{43FC4C9A-9D17-9CAB-FA69-6588AFA5A1B2}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5645BA4F-2BF3-4F31-B3F7-710700C92456}" = Transformers™ - The Game
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{828CFF5D-054C-D04A-3CB1-0788828CA236}" = Catalyst Control Center Graphics Light
"{85B0B11F-7EA3-D9DE-BB18-1B52CE1A3E3B}" = Catalyst Control Center Graphics Full Existing
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90AE0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Organization Chart 2.0
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EEA0ED5-CB59-2F06-84A7-3F7B241521B8}" = Catalyst Control Center InstallProxy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DF9B7D24-4C6E-C773-3E58-D2FEF49ADD74}" = ccc-core-static
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}" = The Matrix - Path of Neo
"{EAD931B5-129D-2A7E-9FD2-522BF504EAF4}" = Catalyst Control Center Graphics Full New
"{EAEDA25D-F718-4436-8413-85529758C205}" = Cisco WebEx Meeting Center for Firefox or Chrome
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"1Click DVD Copy 5_is1" = 1Click DVD Copy 5.9.0.5
"7-Zip" = 7-Zip 9.13 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"DungeonSiege 1.0" = Dungeon Siege
"EA Installer.1608959680" = EA Installer
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{5645BA4F-2BF3-4F31-B3F7-710700C92456}" = Transformers™ - The Game
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (3.0.11)" = Mozilla Thunderbird (3.0.11)
"MultitrackStudio_is1" = MultitrackStudio Lite 6.21
"NiBiRu_is1" = NiBiRu
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"Oxelon Media Converter_is1" = Oxelon Media Converter 1.1
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"Sins of a Solar Empire" = Sins of a Solar Empire
"WinLiveSuite" = Windows Live Essentials
"WinX DVD Ripper_is1" = WinX DVD Ripper 5.5.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/23/2011 12:07:55 PM | Computer Name = User-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/26/2011 3:21:26 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Morrowind.exe, version: 1.2.0.722, time
stamp: 0x3d3c453e Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7ba58 Exception code: 0xc0000005 Fault offset: 0x0005b84b Faulting process
id: 0x1218 Faulting application start time: 0x01ccac69b2e3cef4 Faulting application
path: L:\Games\Morrowind\Morrowind.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: d4f65257-1863-11e1-9290-6cf049e22e93

Error - 11/26/2011 5:33:04 PM | Computer Name = User-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/27/2011 4:31:15 AM | Computer Name = User-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/27/2011 9:18:58 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe_aepdu.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bc9e0 Faulting module name: aeinv.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c45b Exception code: 0xc0000006 Fault offset: 0x0000000000051811
Faulting
process id: 0xf94 Faulting application start time: 0x01ccad6b92fb52b0 Faulting application
path: C:\Windows\system32\rundll32.exe Faulting module path: C:\Windows\system32\aeinv.dll
Report
Id: f1bf9eff-195e-11e1-a28d-6cf049e22e93

Error - 11/27/2011 9:18:58 PM | Computer Name = User-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file L:\1Click DVD Copy 5\1ClickDvdCopy.exe
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Windows host process (Rundll32)
because of this error. Program: Windows host process (Rundll32) File: L:\1Click DVD
Copy 5\1ClickDvdCopy.exe The error value is listed in the Additional Data section.
User
Action 1. Open the file again. This situation might be a temporary problem that corrects
itself when the program runs again. 2. If the file still cannot be accessed and -
It is on the network, your network administrator should verify that there is not
a problem with the network and that the server can be contacted. - It is on a removable
disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted
into the computer. 3. Check and repair the file system by running CHKDSK. To run
CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt,
type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file
from a backup copy. 5. Determine whether other files on the same disk can be opened.
If not, the disk might be damaged. If it is a hard disk, contact your administrator
or computer hardware vendor for further assistance. Additional Data Error value: C000009D
Disk
type: 3

Error - 11/28/2011 2:39:54 AM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DAOrigins.exe, version: 1.0.9353.0, time
stamp: 0x4ab251ee Faulting module name: DAOrigins.exe, version: 1.0.9353.0, time
stamp: 0x4ab251ee Exception code: 0xc0000005 Fault offset: 0x0006e4ae Faulting process
id: 0x154c Faulting application start time: 0x01ccad9215342fd1 Faulting application
path: L:\Games\Dragon Age\bin_ship\DAOrigins.exe Faulting module path: L:\Games\Dragon
Age\bin_ship\DAOrigins.exe Report Id: c737a13f-198b-11e1-a28d-6cf049e22e93

Error - 11/29/2011 2:50:28 AM | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/30/2011 1:24:26 AM | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 11/30/2011 1:24:29 AM | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
correctly. The malformed string is ????. The first DWORD in the Data section contains
the index value to the malformed string while the second and third DWORDs in the
Data section contain the last valid index values.

[ System Events ]
Error - 11/30/2011 1:25:08 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/30/2011 1:25:20 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/30/2011 1:25:20 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/30/2011 1:25:20 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/30/2011 1:26:54 AM | Computer Name = User-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Operating System.

Error - 11/30/2011 1:26:54 AM | Computer Name = User-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Operating System.

Error - 11/30/2011 1:26:54 AM | Computer Name = User-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Operating System.

Error - 11/30/2011 1:27:34 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/30/2011 1:27:34 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/30/2011 1:27:34 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >


Attached File  OTL TNT69.Txt   64.88KB   41 downloads


Attached File  Extras.Txt   51.81KB   92 downloads
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Error - 11/30/2011 1:26:54 AM | Computer Name = User-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Operating System.


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
Dynamite1969

Dynamite1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Thanks for your reply, I'll do everything when I get home from work (checking this during my lunch break).

Just a quick follow-up question before I get started.

Can this stuff be done in Safe Mode? That is the only stable way I have been able to run my computer for more than 5 min.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Yes. Safe Mode with Networking should work on most PCs. Safe Mode by itself can be used to schedule the disk check.
  • 0

#5
Dynamite1969

Dynamite1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
After a few failed attempts I finally got everything you asked for to work. Here are the results.

CHKDSK did its thing, but went directly to the log in screen so I didn't catch any "results". I didn't log in, instead re-booted to force it into safe-mode (just to be sure)

sfc /scannow result.
"Windows Resource Protection did not find any integrity violations"

sigverif results.
pcouffin.sys C:\windows\system32\drivers
modified 5/12/2010
ver 1.37.0.0

That was the only one that showed up in the summary. It did say 224 files were found, 222 were signed, 1 was unsigned and 1 was not scanned

Results of VEW for system:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/11/2011 7:12:33 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/12/2011 3:08:34 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 3:08:34 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 3:08:34 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 3:06:26 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 3:06:26 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 3:06:26 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 3:01:26 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 3:01:26 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 3:01:26 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 3:00:06 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 3:00:06 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 3:00:06 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 2:59:56 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 2:59:56 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 2:59:56 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 2:59:54 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 2:59:54 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 2:59:54 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 2:59:54 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 01/12/2011 2:59:53 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/12/2011 2:59:18 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 01/12/2011 2:58:00 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 01/12/2011 2:41:41 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Results for VEW on application


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/11/2011 7:16:45 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/12/2011 2:45:44 AM
Type: Error Category: 0
Event: 3001 Source: Microsoft-Windows-LoadPerf
The performance counter name string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/12/2011 2:59:47 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/12/2011 2:47:06 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-3606158676-3858912705-2672546387-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 01/12/2011 2:43:41 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <C:\ProgramData\Microsoft\Windows\Start Menu\> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add. (HRESULT : 0x80040d0d) (0x80040d0d)


Log: 'Application' Date/Time: 01/12/2011 2:29:26 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/12/2011 2:29:26 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Attached Files


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Start, right click on Computer and select Manage (continue) then Services and Applications, then Services. In the right pane find Windows Search and right click and select Properties. Change the Startup Type to Disabled. Apply, OK.

Now find the Server service and right click and select Properties. Verify the Startup Type is set to: Automatic. (If not change it and Apply). Try to START the service. I expect you will get an error message about a dependent service. If it says which service is not running that it needs to have running then go to that service and see if you can get it to start and if not what error does it give you. If it just complains about a service not running but doesn't say what then select the Dependencies tab. Note the services that it depends on. Then go back and see if they are running. If you can't find a service then look in the left pane and click on Device manager, View => Show Hidden Devices, then look in the right pane and see if you see any red or yellow marked devices. What are they?

See if it will run in Regular mode now.

Either way I think we can now run some scans for malware:


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Ron
  • 0

#7
Dynamite1969

Dynamite1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Had some troubles during this round

Start, right click on Computer and select Manage (continue) then Services and Applications, then Services. In the right pane find Windows Search and right click and select Properties. Change the Startup Type to Disabled. Apply, OK.
Now find the Server service and right click and select Properties. Verify the Startup Type is set to: Automatic. (If not change it and Apply). Try to START the service. I expect you will get an error message about a dependent service. If it says which service is not running that it needs to have running then go to that service and see if you can get it to start and if not what error does it give you. If it just complains about a service not running but doesn't say what then select the Dependencies tab. Note the services that it depends on. Then go back and see if they are running. If you can't find a service then look in the left pane and click on Device manager, View => Show Hidden Devices, then look in the right pane and see if you see any red or yellow marked devices. What are they?

See if it will run in Regular mode now.


Start service attempt gave the result "ERROR 1068: The dependency service or group failed to start"
Dependencies were:
Remote Procedure Call (RPC) - was started
DCOM server Process launcher - was started
RPC endpoint mapper - was started
Server SMB 1.xxx Driver - could not find
Server SBB 2.xxx driver - could not find
srvnet - could not find

In Device manager
Yellow! Security processor loader driver in non-plug and play drivers
Blue? pcouffin device for AMD 64-bit systems in VSO devices

Here is where the trouble starts
I booted into normal mode and it felt "stable" so I tried to run combo fix. During the scan (made it past step 32 last time I looked up) it powered off again. Since you said not to run combofix more than once I wasn't sure if I should try again in safe mode.
  • 0

#8
Dynamite1969

Dynamite1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Since I'm off to work, I figured it would be none productive to leave without completing the reports so I ran combofix again from safe mode.

Here are the results from the gambit of scans.

Combofix

ComboFix 11-12-01.01 - User 12/01/2011 6:43.2.8 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12286.11336 [GMT -8:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\users\User\AppData\Roaming\inst.exe
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\searchplugins\bing-zugo.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-12-01 14:46 . 2011-12-01 14:46 -------- d-----w- c:\users\MOM\AppData\Local\temp
2011-12-01 00:37 . 2011-12-01 00:37 -------- d-----w- C:\found.000
2011-11-27 17:15 . 2011-11-27 17:15 -------- d-----w- c:\programdata\BioWare
2011-11-27 17:10 . 2011-11-27 17:10 -------- d-----w- c:\programdata\Electronic Arts
2011-11-27 17:10 . 2011-11-27 17:10 -------- d-----w- c:\users\User\AppData\Local\EA Core
2011-11-27 17:05 . 2011-11-27 17:05 -------- d-----w- c:\programdata\Media Center Programs
2011-11-27 16:58 . 2011-11-27 17:05 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2011-11-24 19:29 . 2011-11-24 19:35 -------- d-----w- c:\users\User\AppData\Roaming\dvdcss
2011-11-24 19:20 . 2011-11-24 19:20 -------- d-----w- c:\users\User\AppData\Roaming\Digiarty
2011-11-09 22:44 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 22:44 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 22:44 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 22:44 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 13:23 . 2011-10-07 13:23 283728 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-10-01 03:25 . 2011-10-11 19:43 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-11 19:43 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-29 17:31 . 2011-07-27 15:48 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-13 13:30 . 2011-09-13 13:30 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 17:15 2532680 ----a-w- c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R4 BBDemon;Backbone Service;l:\catiav5\intel_a\code\bin\CATSysDemon.exe [2007-05-04 36864]
R4 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-05 219360]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;l:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R4 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R4 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-10-02 246600]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - l:\micros~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-01 06:49:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-01 14:49
.
Pre-Run: 5,992,140,800 bytes free
Post-Run: 6,936,907,776 bytes free
.
- - End Of File - - E02E47912F160E0A2041EDC2F10D1EA4


TDSSKiller Results
06:53:08.0918 1512 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
06:53:09.0214 1512 ============================================================
06:53:09.0214 1512 Current date / time: 2011/12/01 06:53:09.0214
06:53:09.0214 1512 SystemInfo:
06:53:09.0214 1512
06:53:09.0214 1512 OS Version: 6.1.7601 ServicePack: 1.0
06:53:09.0214 1512 Product type: Workstation
06:53:09.0214 1512 ComputerName: USER-PC
06:53:09.0214 1512 UserName: User
06:53:09.0214 1512 Windows directory: C:\Windows
06:53:09.0214 1512 System windows directory: C:\Windows
06:53:09.0214 1512 Running under WOW64
06:53:09.0214 1512 Processor architecture: Intel x64
06:53:09.0214 1512 Number of processors: 8
06:53:09.0214 1512 Page size: 0x1000
06:53:09.0214 1512 Boot type: Safe boot with network
06:53:09.0214 1512 ============================================================
06:53:09.0480 1512 Initialize success
06:53:39.0229 1628 ============================================================
06:53:39.0229 1628 Scan started
06:53:39.0229 1628 Mode: Manual;
06:53:39.0229 1628 ============================================================
06:53:39.0463 1628 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
06:53:39.0463 1628 1394ohci - ok
06:53:39.0478 1628 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
06:53:39.0494 1628 ACPI - ok
06:53:39.0494 1628 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
06:53:39.0494 1628 AcpiPmi - ok
06:53:39.0525 1628 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
06:53:39.0525 1628 adp94xx - ok
06:53:39.0541 1628 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
06:53:39.0541 1628 adpahci - ok
06:53:39.0556 1628 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
06:53:39.0556 1628 adpu320 - ok
06:53:39.0588 1628 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
06:53:39.0588 1628 AFD - ok
06:53:39.0603 1628 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
06:53:39.0603 1628 agp440 - ok
06:53:39.0619 1628 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
06:53:39.0619 1628 aliide - ok
06:53:39.0634 1628 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
06:53:39.0634 1628 amdide - ok
06:53:39.0634 1628 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
06:53:39.0634 1628 AmdK8 - ok
06:53:39.0728 1628 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
06:53:39.0806 1628 amdkmdag - ok
06:53:39.0837 1628 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
06:53:39.0837 1628 amdkmdap - ok
06:53:39.0837 1628 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
06:53:39.0837 1628 AmdPPM - ok
06:53:39.0853 1628 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
06:53:39.0853 1628 amdsata - ok
06:53:39.0868 1628 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
06:53:39.0868 1628 amdsbs - ok
06:53:39.0900 1628 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
06:53:39.0900 1628 amdxata - ok
06:53:39.0900 1628 AnyDVD (2c4a05fcef72ef614dcd11d0872498c9) C:\Windows\system32\Drivers\AnyDVD.sys
06:53:39.0915 1628 AnyDVD - ok
06:53:39.0915 1628 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
06:53:39.0915 1628 AppID - ok
06:53:39.0931 1628 AppleCharger (ec36746e224a3431463ef8124ebf2fec) C:\Windows\system32\DRIVERS\AppleCharger.sys
06:53:39.0931 1628 AppleCharger - ok
06:53:39.0946 1628 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
06:53:39.0946 1628 arc - ok
06:53:39.0978 1628 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
06:53:39.0978 1628 arcsas - ok
06:53:39.0993 1628 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
06:53:39.0993 1628 AsyncMac - ok
06:53:39.0993 1628 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
06:53:39.0993 1628 atapi - ok
06:53:40.0009 1628 AtiHdmiService (7e2f5a758f63f80f8b03f889b4e6b19f) C:\Windows\system32\drivers\AtiHdmi.sys
06:53:40.0009 1628 AtiHdmiService - ok
06:53:40.0024 1628 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
06:53:40.0024 1628 AVGIDSDriver - ok
06:53:40.0056 1628 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
06:53:40.0056 1628 AVGIDSEH - ok
06:53:40.0056 1628 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
06:53:40.0056 1628 AVGIDSFilter - ok
06:53:40.0071 1628 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
06:53:40.0071 1628 Avgldx64 - ok
06:53:40.0087 1628 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
06:53:40.0087 1628 Avgmfx64 - ok
06:53:40.0102 1628 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
06:53:40.0102 1628 Avgrkx64 - ok
06:53:40.0118 1628 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
06:53:40.0118 1628 Avgtdia - ok
06:53:40.0149 1628 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
06:53:40.0149 1628 b06bdrv - ok
06:53:40.0165 1628 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
06:53:40.0165 1628 b57nd60a - ok
06:53:40.0180 1628 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
06:53:40.0180 1628 Beep - ok
06:53:40.0212 1628 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
06:53:40.0212 1628 blbdrive - ok
06:53:40.0212 1628 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
06:53:40.0227 1628 bowser - ok
06:53:40.0227 1628 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:53:40.0227 1628 BrFiltLo - ok
06:53:40.0243 1628 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:53:40.0243 1628 BrFiltUp - ok
06:53:40.0258 1628 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
06:53:40.0258 1628 Brserid - ok
06:53:40.0258 1628 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
06:53:40.0258 1628 BrSerWdm - ok
06:53:40.0290 1628 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
06:53:40.0290 1628 BrUsbMdm - ok
06:53:40.0290 1628 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
06:53:40.0290 1628 BrUsbSer - ok
06:53:40.0305 1628 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
06:53:40.0305 1628 BTHMODEM - ok
06:53:40.0305 1628 catchme - ok
06:53:40.0321 1628 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
06:53:40.0321 1628 cdfs - ok
06:53:40.0336 1628 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
06:53:40.0336 1628 cdrom - ok
06:53:40.0368 1628 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
06:53:40.0368 1628 circlass - ok
06:53:40.0368 1628 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
06:53:40.0383 1628 CLFS - ok
06:53:40.0399 1628 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
06:53:40.0399 1628 CmBatt - ok
06:53:40.0399 1628 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
06:53:40.0399 1628 cmdide - ok
06:53:40.0414 1628 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
06:53:40.0414 1628 CNG - ok
06:53:40.0446 1628 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
06:53:40.0446 1628 Compbatt - ok
06:53:40.0446 1628 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
06:53:40.0446 1628 CompositeBus - ok
06:53:40.0461 1628 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
06:53:40.0461 1628 crcdisk - ok
06:53:40.0477 1628 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
06:53:40.0477 1628 CSC - ok
06:53:40.0492 1628 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
06:53:40.0508 1628 DfsC - ok
06:53:40.0524 1628 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
06:53:40.0524 1628 discache - ok
06:53:40.0539 1628 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
06:53:40.0539 1628 Disk - ok
06:53:40.0555 1628 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
06:53:40.0555 1628 drmkaud - ok
06:53:40.0570 1628 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
06:53:40.0586 1628 DXGKrnl - ok
06:53:40.0633 1628 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
06:53:40.0664 1628 ebdrv - ok
06:53:40.0680 1628 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
06:53:40.0695 1628 ElbyCDIO - ok
06:53:40.0695 1628 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
06:53:40.0711 1628 elxstor - ok
06:53:40.0711 1628 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
06:53:40.0711 1628 ErrDev - ok
06:53:40.0726 1628 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
06:53:40.0726 1628 exfat - ok
06:53:40.0758 1628 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
06:53:40.0758 1628 fastfat - ok
06:53:40.0773 1628 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
06:53:40.0773 1628 fdc - ok
06:53:40.0773 1628 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
06:53:40.0789 1628 FileInfo - ok
06:53:40.0789 1628 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
06:53:40.0789 1628 Filetrace - ok
06:53:40.0804 1628 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
06:53:40.0804 1628 flpydisk - ok
06:53:40.0820 1628 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
06:53:40.0820 1628 FltMgr - ok
06:53:40.0836 1628 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
06:53:40.0836 1628 FsDepends - ok
06:53:40.0851 1628 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
06:53:40.0851 1628 Fs_Rec - ok
06:53:40.0867 1628 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
06:53:40.0867 1628 fvevol - ok
06:53:40.0882 1628 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
06:53:40.0882 1628 gagp30kx - ok
06:53:40.0882 1628 gdrv - ok
06:53:40.0882 1628 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:53:40.0898 1628 GEARAspiWDM - ok
06:53:40.0914 1628 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
06:53:40.0914 1628 hcw85cir - ok
06:53:40.0929 1628 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
06:53:40.0929 1628 HdAudAddService - ok
06:53:40.0945 1628 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
06:53:40.0945 1628 HDAudBus - ok
06:53:40.0960 1628 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
06:53:40.0960 1628 HidBatt - ok
06:53:40.0960 1628 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
06:53:40.0976 1628 HidBth - ok
06:53:40.0992 1628 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
06:53:40.0992 1628 HidIr - ok
06:53:41.0007 1628 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
06:53:41.0007 1628 HidUsb - ok
06:53:41.0023 1628 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
06:53:41.0023 1628 HpSAMD - ok
06:53:41.0038 1628 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
06:53:41.0038 1628 HTTP - ok
06:53:41.0070 1628 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
06:53:41.0070 1628 hwpolicy - ok
06:53:41.0070 1628 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
06:53:41.0070 1628 i8042prt - ok
06:53:41.0085 1628 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
06:53:41.0101 1628 iaStorV - ok
06:53:41.0101 1628 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
06:53:41.0101 1628 iirsp - ok
06:53:41.0132 1628 IntcAzAudAddService (3edd3ce185da3e6aaec22adcfd7b1d54) C:\Windows\system32\drivers\RTKVHD64.sys
06:53:41.0148 1628 IntcAzAudAddService - ok
06:53:41.0163 1628 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
06:53:41.0163 1628 intelide - ok
06:53:41.0179 1628 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
06:53:41.0179 1628 intelppm - ok
06:53:41.0194 1628 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:53:41.0194 1628 IpFilterDriver - ok
06:53:41.0194 1628 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
06:53:41.0194 1628 IPMIDRV - ok
06:53:41.0226 1628 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
06:53:41.0226 1628 IPNAT - ok
06:53:41.0226 1628 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
06:53:41.0226 1628 IRENUM - ok
06:53:41.0241 1628 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
06:53:41.0241 1628 isapnp - ok
06:53:41.0257 1628 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
06:53:41.0257 1628 iScsiPrt - ok
06:53:41.0272 1628 JRAID (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys
06:53:41.0272 1628 JRAID - ok
06:53:41.0288 1628 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
06:53:41.0288 1628 kbdclass - ok
06:53:41.0304 1628 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
06:53:41.0304 1628 kbdhid - ok
06:53:41.0319 1628 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
06:53:41.0319 1628 KSecDD - ok
06:53:41.0335 1628 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
06:53:41.0335 1628 KSecPkg - ok
06:53:41.0350 1628 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
06:53:41.0350 1628 ksthunk - ok
06:53:41.0350 1628 kxwdmdrv - ok
06:53:41.0382 1628 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
06:53:41.0382 1628 lltdio - ok
06:53:41.0397 1628 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
06:53:41.0397 1628 LSI_FC - ok
06:53:41.0397 1628 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
06:53:41.0397 1628 LSI_SAS - ok
06:53:41.0413 1628 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:53:41.0413 1628 LSI_SAS2 - ok
06:53:41.0428 1628 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:53:41.0428 1628 LSI_SCSI - ok
06:53:41.0428 1628 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
06:53:41.0444 1628 luafv - ok
06:53:41.0460 1628 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
06:53:41.0460 1628 megasas - ok
06:53:41.0475 1628 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
06:53:41.0475 1628 MegaSR - ok
06:53:41.0491 1628 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
06:53:41.0491 1628 Modem - ok
06:53:41.0506 1628 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
06:53:41.0506 1628 monitor - ok
06:53:41.0506 1628 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
06:53:41.0506 1628 mouclass - ok
06:53:41.0538 1628 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
06:53:41.0538 1628 mouhid - ok
06:53:41.0538 1628 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
06:53:41.0538 1628 mountmgr - ok
06:53:41.0553 1628 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
06:53:41.0553 1628 mpio - ok
06:53:41.0569 1628 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
06:53:41.0569 1628 mpsdrv - ok
06:53:41.0584 1628 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
06:53:41.0584 1628 MRxDAV - ok
06:53:41.0616 1628 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:53:41.0616 1628 mrxsmb - ok
06:53:41.0631 1628 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:53:41.0631 1628 mrxsmb10 - ok
06:53:41.0647 1628 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:53:41.0647 1628 mrxsmb20 - ok
06:53:41.0647 1628 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
06:53:41.0647 1628 msahci - ok
06:53:41.0662 1628 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
06:53:41.0662 1628 msdsm - ok
06:53:41.0694 1628 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
06:53:41.0694 1628 Msfs - ok
06:53:41.0694 1628 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
06:53:41.0694 1628 mshidkmdf - ok
06:53:41.0709 1628 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
06:53:41.0709 1628 msisadrv - ok
06:53:41.0725 1628 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
06:53:41.0725 1628 MSKSSRV - ok
06:53:41.0725 1628 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
06:53:41.0725 1628 MSPCLOCK - ok
06:53:41.0740 1628 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
06:53:41.0740 1628 MSPQM - ok
06:53:41.0772 1628 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
06:53:41.0772 1628 MsRPC - ok
06:53:41.0787 1628 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
06:53:41.0787 1628 mssmbios - ok
06:53:41.0787 1628 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
06:53:41.0787 1628 MSTEE - ok
06:53:41.0803 1628 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
06:53:41.0803 1628 MTConfig - ok
06:53:41.0818 1628 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
06:53:41.0818 1628 Mup - ok
06:53:41.0834 1628 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
06:53:41.0834 1628 NativeWifiP - ok
06:53:41.0865 1628 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
06:53:41.0865 1628 NDIS - ok
06:53:41.0881 1628 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
06:53:41.0881 1628 NdisCap - ok
06:53:41.0881 1628 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
06:53:41.0881 1628 NdisTapi - ok
06:53:41.0896 1628 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
06:53:41.0896 1628 Ndisuio - ok
06:53:41.0928 1628 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
06:53:41.0928 1628 NdisWan - ok
06:53:41.0943 1628 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
06:53:41.0943 1628 NDProxy - ok
06:53:41.0943 1628 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
06:53:41.0943 1628 NetBIOS - ok
06:53:41.0959 1628 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
06:53:41.0959 1628 NetBT - ok
06:53:41.0974 1628 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
06:53:41.0974 1628 nfrd960 - ok
06:53:42.0006 1628 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
06:53:42.0006 1628 Npfs - ok
06:53:42.0006 1628 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
06:53:42.0006 1628 nsiproxy - ok
06:53:42.0037 1628 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
06:53:42.0037 1628 Ntfs - ok
06:53:42.0052 1628 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
06:53:42.0052 1628 Null - ok
06:53:42.0084 1628 nusb3hub (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys
06:53:42.0084 1628 nusb3hub - ok
06:53:42.0084 1628 nusb3xhc (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
06:53:42.0099 1628 nusb3xhc - ok
06:53:42.0099 1628 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
06:53:42.0115 1628 nvraid - ok
06:53:42.0115 1628 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
06:53:42.0115 1628 nvstor - ok
06:53:42.0130 1628 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
06:53:42.0130 1628 nv_agp - ok
06:53:42.0162 1628 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
06:53:42.0162 1628 ohci1394 - ok
06:53:42.0177 1628 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
06:53:42.0177 1628 Parport - ok
06:53:42.0177 1628 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
06:53:42.0177 1628 partmgr - ok
06:53:42.0193 1628 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
06:53:42.0193 1628 pci - ok
06:53:42.0208 1628 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
06:53:42.0208 1628 pciide - ok
06:53:42.0240 1628 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
06:53:42.0240 1628 pcmcia - ok
06:53:42.0255 1628 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
06:53:42.0255 1628 pcouffin - ok
06:53:42.0255 1628 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
06:53:42.0255 1628 pcw - ok
06:53:42.0271 1628 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
06:53:42.0286 1628 PEAUTH - ok
06:53:42.0318 1628 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
06:53:42.0318 1628 PptpMiniport - ok
06:53:42.0333 1628 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
06:53:42.0333 1628 Processor - ok
06:53:42.0349 1628 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
06:53:42.0349 1628 Psched - ok
06:53:42.0364 1628 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
06:53:42.0380 1628 ql2300 - ok
06:53:42.0396 1628 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
06:53:42.0396 1628 ql40xx - ok
06:53:42.0411 1628 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
06:53:42.0411 1628 QWAVEdrv - ok
06:53:42.0427 1628 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
06:53:42.0427 1628 RasAcd - ok
06:53:42.0427 1628 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
06:53:42.0427 1628 RasAgileVpn - ok
06:53:42.0442 1628 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:53:42.0442 1628 Rasl2tp - ok
06:53:42.0474 1628 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
06:53:42.0474 1628 RasPppoe - ok
06:53:42.0474 1628 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
06:53:42.0474 1628 RasSstp - ok
06:53:42.0489 1628 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
06:53:42.0505 1628 rdbss - ok
06:53:42.0505 1628 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
06:53:42.0505 1628 rdpbus - ok
06:53:42.0520 1628 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:53:42.0520 1628 RDPCDD - ok
06:53:42.0552 1628 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
06:53:42.0552 1628 RDPDR - ok
06:53:42.0552 1628 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
06:53:42.0567 1628 RDPENCDD - ok
06:53:42.0567 1628 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
06:53:42.0567 1628 RDPREFMP - ok
06:53:42.0583 1628 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
06:53:42.0583 1628 RDPWD - ok
06:53:42.0598 1628 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
06:53:42.0598 1628 rdyboost - ok
06:53:42.0630 1628 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
06:53:42.0630 1628 rspndr - ok
06:53:42.0645 1628 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
06:53:42.0645 1628 RTL8167 - ok
06:53:42.0645 1628 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
06:53:42.0645 1628 s3cap - ok
06:53:42.0661 1628 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
06:53:42.0661 1628 sbp2port - ok
06:53:42.0676 1628 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
06:53:42.0676 1628 scfilter - ok
06:53:42.0708 1628 SecDrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS
06:53:42.0708 1628 SecDrv - ok
06:53:42.0708 1628 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
06:53:42.0723 1628 Serenum - ok
06:53:42.0723 1628 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
06:53:42.0723 1628 Serial - ok
06:53:42.0739 1628 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
06:53:42.0739 1628 sermouse - ok
06:53:42.0754 1628 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
06:53:42.0754 1628 sffdisk - ok
06:53:42.0754 1628 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
06:53:42.0770 1628 sffp_mmc - ok
06:53:42.0786 1628 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
06:53:42.0786 1628 sffp_sd - ok
06:53:42.0801 1628 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
06:53:42.0801 1628 sfloppy - ok
06:53:42.0817 1628 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:53:42.0817 1628 SiSRaid2 - ok
06:53:42.0832 1628 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
06:53:42.0832 1628 SiSRaid4 - ok
06:53:42.0832 1628 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
06:53:42.0832 1628 Smb - ok
06:53:42.0864 1628 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
06:53:42.0864 1628 spldr - ok
06:53:42.0879 1628 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
06:53:42.0895 1628 srv - ok
06:53:42.0910 1628 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
06:53:42.0910 1628 srv2 - ok
06:53:42.0926 1628 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
06:53:42.0926 1628 srvnet - ok
06:53:42.0942 1628 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
06:53:42.0942 1628 stexstor - ok
06:53:42.0957 1628 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
06:53:42.0957 1628 storflt - ok
06:53:42.0973 1628 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
06:53:42.0973 1628 storvsc - ok
06:53:42.0988 1628 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
06:53:42.0988 1628 swenum - ok
06:53:43.0035 1628 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
06:53:43.0035 1628 Tcpip - ok
06:53:43.0066 1628 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
06:53:43.0066 1628 TCPIP6 - ok
06:53:43.0098 1628 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
06:53:43.0098 1628 tcpipreg - ok
06:53:43.0098 1628 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
06:53:43.0098 1628 TDPIPE - ok
06:53:43.0113 1628 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
06:53:43.0113 1628 TDTCP - ok
06:53:43.0129 1628 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
06:53:43.0129 1628 tdx - ok
06:53:43.0144 1628 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
06:53:43.0144 1628 TermDD - ok
06:53:43.0176 1628 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:53:43.0176 1628 tssecsrv - ok
06:53:43.0176 1628 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
06:53:43.0176 1628 TsUsbFlt - ok
06:53:43.0191 1628 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
06:53:43.0191 1628 tunnel - ok
06:53:43.0207 1628 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
06:53:43.0207 1628 uagp35 - ok
06:53:43.0222 1628 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
06:53:43.0222 1628 udfs - ok
06:53:43.0254 1628 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
06:53:43.0254 1628 uliagpkx - ok
06:53:43.0254 1628 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
06:53:43.0254 1628 umbus - ok
06:53:43.0269 1628 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
06:53:43.0269 1628 UmPass - ok
06:53:43.0285 1628 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
06:53:43.0285 1628 usbccgp - ok
06:53:43.0300 1628 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
06:53:43.0300 1628 usbcir - ok
06:53:43.0316 1628 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
06:53:43.0316 1628 usbehci - ok
06:53:43.0332 1628 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
06:53:43.0347 1628 usbhub - ok
06:53:43.0347 1628 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
06:53:43.0347 1628 usbohci - ok
06:53:43.0363 1628 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
06:53:43.0363 1628 usbprint - ok
06:53:43.0378 1628 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
06:53:43.0378 1628 usbscan - ok
06:53:43.0394 1628 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:53:43.0394 1628 USBSTOR - ok
06:53:43.0410 1628 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
06:53:43.0410 1628 usbuhci - ok
06:53:43.0425 1628 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
06:53:43.0425 1628 vdrvroot - ok
06:53:43.0441 1628 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
06:53:43.0441 1628 vga - ok
06:53:43.0441 1628 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
06:53:43.0456 1628 VgaSave - ok
06:53:43.0456 1628 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
06:53:43.0456 1628 vhdmp - ok
06:53:43.0488 1628 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
06:53:43.0488 1628 viaide - ok
06:53:43.0488 1628 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
06:53:43.0503 1628 vmbus - ok
06:53:43.0503 1628 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
06:53:43.0503 1628 VMBusHID - ok
06:53:43.0519 1628 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
06:53:43.0519 1628 volmgr - ok
06:53:43.0534 1628 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
06:53:43.0534 1628 volmgrx - ok
06:53:43.0566 1628 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
06:53:43.0566 1628 volsnap - ok
06:53:43.0581 1628 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
06:53:43.0581 1628 vpcbus - ok
06:53:43.0597 1628 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
06:53:43.0597 1628 vpcnfltr - ok
06:53:43.0612 1628 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
06:53:43.0612 1628 vpcusb - ok
06:53:43.0612 1628 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
06:53:43.0628 1628 vpcvmm - ok
06:53:43.0644 1628 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
06:53:43.0659 1628 vsmraid - ok
06:53:43.0659 1628 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
06:53:43.0659 1628 vwifibus - ok
06:53:43.0675 1628 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
06:53:43.0675 1628 WacomPen - ok
06:53:43.0690 1628 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
06:53:43.0690 1628 WANARP - ok
06:53:43.0690 1628 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
06:53:43.0690 1628 Wanarpv6 - ok
06:53:43.0722 1628 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
06:53:43.0722 1628 Wd - ok
06:53:43.0737 1628 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
06:53:43.0737 1628 Wdf01000 - ok
06:53:43.0753 1628 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
06:53:43.0753 1628 WfpLwf - ok
06:53:43.0784 1628 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
06:53:43.0784 1628 WIMMount - ok
06:53:43.0800 1628 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
06:53:43.0800 1628 WinUsb - ok
06:53:43.0815 1628 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys
06:53:43.0815 1628 WmBEnum - ok
06:53:43.0815 1628 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys
06:53:43.0831 1628 WmFilter - ok
06:53:43.0831 1628 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
06:53:43.0831 1628 WmiAcpi - ok
06:53:43.0862 1628 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys
06:53:43.0862 1628 WmVirHid - ok
06:53:43.0862 1628 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys
06:53:43.0862 1628 WmXlCore - ok
06:53:43.0878 1628 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
06:53:43.0878 1628 ws2ifsl - ok
06:53:43.0893 1628 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
06:53:43.0893 1628 WudfPf - ok
06:53:43.0909 1628 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:53:43.0909 1628 WUDFRd - ok
06:53:43.0940 1628 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
06:53:43.0940 1628 \Device\Harddisk0\DR0 - ok
06:53:43.0940 1628 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
06:53:43.0940 1628 \Device\Harddisk1\DR1 - ok
06:53:43.0940 1628 Boot (0x1200) (c70024bc08d343d3b896a68866f05606) \Device\Harddisk0\DR0\Partition0
06:53:43.0940 1628 \Device\Harddisk0\DR0\Partition0 - ok
06:53:43.0940 1628 Boot (0x1200) (7a52c34bee9b21c51401317c2664e5b7) \Device\Harddisk0\DR0\Partition1
06:53:43.0940 1628 \Device\Harddisk0\DR0\Partition1 - ok
06:53:43.0956 1628 Boot (0x1200) (f1ef913ddbdf010e18960ac69cdb4cdb) \Device\Harddisk1\DR1\Partition0
06:53:43.0956 1628 \Device\Harddisk1\DR1\Partition0 - ok
06:53:43.0956 1628 Boot (0x1200) (e0c5291d9a80b2c2df2d40133db059c3) \Device\Harddisk1\DR1\Partition1
06:53:43.0971 1628 \Device\Harddisk1\DR1\Partition1 - ok
06:53:43.0971 1628 Boot (0x1200) (bbbba7a03007d20ce1b430533db12398) \Device\Harddisk1\DR1\Partition2
06:53:43.0971 1628 \Device\Harddisk1\DR1\Partition2 - ok
06:53:43.0971 1628 ============================================================
06:53:43.0971 1628 Scan finished
06:53:43.0971 1628 ============================================================
06:53:43.0971 1908 Detected object count: 0
06:53:43.0971 1908 Actual detected object count: 0
06:54:55.0092 1332 Deinitialize success


aswMBR results:
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-01 06:55:19
-----------------------------
06:55:19.615 OS Version: Windows x64 6.1.7601 Service Pack 1
06:55:19.615 Number of processors: 8 586 0x1A05
06:55:19.615 ComputerName: USER-PC UserName: User
06:55:19.755 Initialize success
06:57:54.617 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
06:57:54.648 Disk 0 Vendor: KINGSTON_SNV425S264GB C091126a Size: 61057MB BusType: 3
06:57:54.648 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
06:57:54.648 Disk 1 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
06:57:54.648 Disk 0 MBR read successfully
06:57:54.648 Disk 0 MBR scan
06:57:54.648 Disk 0 Windows 7 default MBR code
06:57:54.664 Service scanning
06:57:55.646 Modules scanning
06:57:55.646 Scan finished successfully
06:58:17.845 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
06:58:17.845 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

Mbam results:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8285

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514

12/1/2011 7:02:15 AM
mbam-log-2011-12-01 (07-02-15).txt

Scan type: Quick scan
Objects scanned: 218111
Time elapsed: 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

/md5start
wmplayer.exe
wmploc.DLL
srvsvc.dll
srv.sys
srv2.sys
srvnet.sys
netevent.dll
pcouffin.sys
spldr.sys
/md5stop

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.
  • 0

#10
Dynamite1969

Dynamite1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
OTL Report

OTL logfile created on: 12/1/2011 3:40:15 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\User\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 11.01 Gb Available Physical Memory | 91.77% Memory free
24.00 Gb Paging File | 23.03 Gb Available in Paging File | 95.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.53 Gb Total Space | 6.56 Gb Free Space | 11.02% Space Free | Partition Type: NTFS
Drive D: | 88.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 938.28 Gb Total Space | 786.37 Gb Free Space | 83.81% Space Free | Partition Type: NTFS
Drive L: | 449.22 Gb Total Space | 398.48 Gb Free Space | 88.70% Space Free | Partition Type: NTFS
Drive M: | 9.76 Gb Total Space | 4.80 Gb Free Space | 49.11% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/29 21:25:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2011/10/06 21:21:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/06 21:21:07 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/10/02 06:15:49 | 000,246,600 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/26 09:16:02 | 001,025,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/06/08 16:41:35 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Stopped] -- C:\Windows\SysWOW64\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/05 21:51:20 | 000,065,536 | R--- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009/08/04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- L:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/04 13:24:30 | 000,036,864 | ---- | M] (Dassault Systemes) [Disabled | Stopped] -- L:\CATIAV5\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/07 05:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 05:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/19 07:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011/08/08 05:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 00:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 00:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 00:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 00:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 14:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 05:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 05:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 03:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/12 11:21:01 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/03/09 02:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/01 09:35:20 | 000,020,520 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2009/10/29 00:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/10/26 22:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/10/26 22:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/09/11 11:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/09/11 11:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/09/11 11:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/09/11 11:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2009/08/20 08:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/08/19 07:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/04/19 09:17:00 | 000,011,376 | R--- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 00 94 BD 3B 0F CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: L:\Applications\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/09/13 16:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/11/22 09:49:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/06 21:21:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/16 07:54:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/09 14:30:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2011/11/04 07:19:43 | 000,000,000 | ---D | M]

[2010/05/12 09:41:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010/05/12 09:41:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/11/28 20:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\iyqior5t.default\extensions
[2011/10/02 06:15:49 | 000,003,674 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iyqior5t.default\searchplugins\avg-secure-search.xml
[2011/06/12 16:11:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/30 15:28:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/12 16:11:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/13 16:03:13 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="[email protected]" em:name="AVG Security Toolbar" em:version="7.008.031.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\[email protected]
[2011/11/22 09:49:45 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011/10/06 21:21:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/08 18:48:24 | 000,064,392 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/12/01 06:47:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] L:\Utilities\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - L:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - L:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - L:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ames.webex.c...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7B18840-79B9-4512-9BC1-2BFEFC3BE5A6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/01 07:00:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2011/12/01 06:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/01 06:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/01 06:59:46 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/01 06:49:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/01 06:47:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/01 06:41:39 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/01 06:39:13 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2011/12/01 06:38:40 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2011/12/01 06:20:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/01 06:20:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/01 06:20:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/01 06:20:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/01 06:20:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/01 06:17:41 | 004,323,152 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2011/11/30 19:10:52 | 000,061,440 | ---- | C] ( ) -- C:\Users\User\Desktop\VEW.exe
[2011/11/30 16:37:30 | 000,000,000 | ---D | C] -- C:\found.000
[2011/11/29 21:25:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2011/11/29 19:27:11 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/11/28 20:04:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2011/11/27 09:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2011/11/27 09:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/11/27 09:10:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\EA Core
[2011/11/27 09:08:02 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\BioWare
[2011/11/27 09:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/11/27 09:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/11/27 09:06:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2011/11/27 09:06:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2011/11/27 09:06:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/11/27 09:06:21 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2011/11/27 09:06:21 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011/11/27 09:06:21 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2011/11/27 09:06:21 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011/11/27 09:06:21 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2011/11/27 09:06:21 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011/11/27 09:06:20 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2011/11/27 09:06:20 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011/11/27 09:06:20 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2011/11/27 09:06:20 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011/11/27 09:06:20 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2011/11/27 09:06:20 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011/11/27 09:06:20 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2011/11/27 09:06:20 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011/11/27 09:06:19 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2011/11/27 09:06:19 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011/11/27 09:06:19 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011/11/27 09:06:19 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011/11/27 09:06:19 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011/11/27 09:06:19 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011/11/27 09:06:19 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011/11/27 09:06:19 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011/11/27 09:06:19 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011/11/27 09:06:19 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011/11/27 09:06:19 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2011/11/27 09:06:19 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011/11/27 09:06:18 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011/11/27 09:06:18 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011/11/27 09:06:18 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011/11/27 09:06:18 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011/11/27 09:06:18 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011/11/27 09:06:18 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011/11/27 09:06:18 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011/11/27 09:06:18 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011/11/27 09:06:18 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011/11/27 09:06:18 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011/11/27 09:06:18 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2011/11/27 09:06:18 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011/11/27 09:06:17 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011/11/27 09:06:17 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/11/27 09:06:17 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011/11/27 09:06:17 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011/11/27 09:06:17 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011/11/27 09:06:17 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011/11/27 09:06:16 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011/11/27 09:06:16 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011/11/27 09:06:16 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011/11/27 09:06:16 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011/11/27 09:06:16 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011/11/27 09:06:16 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011/11/27 09:06:15 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011/11/27 09:06:15 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011/11/27 09:06:15 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011/11/27 09:06:15 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011/11/27 09:06:15 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011/11/27 09:06:15 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011/11/27 09:06:15 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011/11/27 09:06:15 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011/11/27 09:06:15 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011/11/27 09:06:15 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011/11/27 09:06:11 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011/11/27 09:06:11 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011/11/27 09:06:11 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011/11/27 09:06:11 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011/11/27 09:06:11 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011/11/27 09:06:11 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011/11/27 09:06:10 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011/11/27 09:06:10 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011/11/27 09:06:10 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011/11/27 09:06:10 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011/11/27 09:06:09 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011/11/27 09:06:09 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011/11/27 09:06:08 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011/11/27 09:06:08 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011/11/27 09:06:08 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011/11/27 09:06:08 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011/11/27 09:06:07 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011/11/27 09:06:07 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011/11/27 09:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2011/11/27 09:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Origins
[2011/11/27 08:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2011/11/24 11:29:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\dvdcss
[2011/11/24 11:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinX DVD Ripper
[2011/11/24 11:20:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Digiarty
[2011/11/20 22:07:42 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\temp WII SD
[2011/11/20 16:51:16 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\DS ROMS
[2010/05/12 11:21:01 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\User\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/12/01 15:32:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/01 15:32:39 | 1072,553,982 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/01 06:59:49 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/01 06:58:17 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat
[2011/12/01 06:47:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/01 06:42:27 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/01 06:39:23 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2011/12/01 06:38:48 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2011/12/01 06:20:46 | 000,015,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 06:20:46 | 000,015,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 06:17:58 | 004,323,152 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2011/11/30 19:10:52 | 000,061,440 | ---- | M] ( ) -- C:\Users\User\Desktop\VEW.exe
[2011/11/30 16:38:58 | 000,006,992 | ---- | M] () -- C:\bootsqm.dat
[2011/11/29 21:25:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2011/11/29 21:20:39 | 000,002,072 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/29 20:53:06 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/29 20:53:06 | 000,661,892 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/29 20:53:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/27 15:37:16 | 110,914,329 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/11/27 09:05:45 | 000,000,690 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Age Origins.lnk
[2011/11/24 11:20:03 | 000,000,733 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Ripper.lnk
[2011/11/24 11:20:03 | 000,000,733 | ---- | M] () -- C:\Users\Public\Desktop\WinX DVD Ripper.lnk
[2011/11/23 18:06:41 | 000,365,633 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/11/22 09:49:45 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/20 07:50:05 | 000,661,967 | ---- | M] () -- C:\Users\User\Desktop\MFC_Self_Load_RF_Tube.pdf
[2011/11/10 09:08:13 | 000,352,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/12/01 06:59:49 | 000,000,751 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/01 06:58:17 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat
[2011/12/01 06:20:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/01 06:20:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/01 06:20:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/01 06:20:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/01 06:20:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/30 16:38:58 | 000,006,992 | ---- | C] () -- C:\bootsqm.dat
[2011/11/27 09:05:45 | 000,000,690 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Age Origins.lnk
[2011/11/24 11:20:03 | 000,000,733 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Ripper.lnk
[2011/11/24 11:20:03 | 000,000,733 | ---- | C] () -- C:\Users\Public\Desktop\WinX DVD Ripper.lnk
[2011/11/20 07:50:05 | 000,661,967 | ---- | C] () -- C:\Users\User\Desktop\MFC_Self_Load_RF_Tube.pdf
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/28 07:40:58 | 000,775,244 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/12 16:07:53 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/05/12 11:57:53 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/05/12 11:21:01 | 000,007,859 | ---- | C] () -- C:\Users\User\AppData\Roaming\pcouffin.cat
[2010/05/12 11:21:01 | 000,001,167 | ---- | C] () -- C:\Users\User\AppData\Roaming\pcouffin.inf
[2010/05/11 17:49:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/10 18:16:33 | 000,065,536 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2010/05/10 18:12:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/05/09 21:27:24 | 000,007,648 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2010/05/03 08:30:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/08/26 23:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2003/04/19 09:17:00 | 000,011,376 | R--- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS

========== Custom Scans ==========



< MD5 for: NETEVENT.DLL >
[2009/07/13 17:30:47 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=62CAEC17815F39C2050B24B015AEDF29 -- C:\Windows\SysNative\netevent.dll
[2009/07/13 17:30:47 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=62CAEC17815F39C2050B24B015AEDF29 -- C:\Windows\winsxs\amd64_microsoft-windows-netevent_31bf3856ad364e35_6.1.7600.16385_none_b63b4a28843fd6da\netevent.dll
[2009/07/13 17:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=C7AE262FC7A2AFA9F4192A44466AC5DC -- C:\Windows\SysWOW64\netevent.dll
[2009/07/13 17:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=C7AE262FC7A2AFA9F4192A44466AC5DC -- C:\Windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.1.7600.16385_none_5a1caea4cbe265a4\netevent.dll

< MD5 for: PCOUFFIN.SYS >
[2010/05/12 11:21:01 | 000,082,816 | ---- | M] (VSO Software) MD5=AF7CE12C4F3DC8CB2B07685C916BBCFE -- C:\Users\User\AppData\Roaming\pcouffin.sys
[2010/05/12 11:21:01 | 000,082,816 | ---- | M] (VSO Software) MD5=AF7CE12C4F3DC8CB2B07685C916BBCFE -- C:\Windows\SysNative\drivers\pcouffin.sys
[2010/05/12 11:21:01 | 000,082,816 | ---- | M] (VSO Software) MD5=AF7CE12C4F3DC8CB2B07685C916BBCFE -- C:\Windows\SysNative\DriverStore\FileRepository\pcouffin.inf_amd64_neutral_666aa9544c69fafd\pcouffin.sys

< MD5 for: SPLDR.SYS >
[2009/07/13 17:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- C:\Windows\SysNative\drivers\spldr.sys
[2009/07/13 17:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59\spldr.sys

< MD5 for: SRV.SYS >
[2011/04/28 18:54:02 | 000,467,456 | ---- | M] (Microsoft Corporation) MD5=10586F14752ACE786AB120FF8BB6BDA4 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.21717_none_38aa0e59262e0b0c\srv.sys
[2011/02/22 21:16:28 | 000,461,312 | ---- | M] (Microsoft Corporation) MD5=148D50904D2A0DF29A19778715EB35BB -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16765_none_3602027210145b36\srv.sys
[2010/11/20 01:28:09 | 000,468,992 | ---- | M] (Microsoft Corporation) MD5=2098B8556D1CEC2ACA9A29CD479E3692 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17514_none_381d6eca0d132216\srv.sys
[2011/04/28 19:13:10 | 000,461,312 | ---- | M] (Microsoft Corporation) MD5=2408C0366D96BCDF63E8F1C78E4A29C5 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16806_none_3643e42a0fe2ca0e\srv.sys
[2009/12/08 00:32:59 | 000,464,896 | ---- | M] (Microsoft Corporation) MD5=37C3ABC2338010E110D2A6A3930F3149 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16481_none_35e85bc010283647\srv.sys
[2010/06/21 19:21:15 | 000,463,360 | ---- | M] (Microsoft Corporation) MD5=43067A65522EAEC33D31A12D6FA8E3F4 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16619_none_363c11500fe837b6\srv.sys
[2011/04/28 19:06:10 | 000,467,456 | ---- | M] (Microsoft Corporation) MD5=441FBA48BFF01FDB9D5969EBC1838F0B -- C:\Windows\SysNative\drivers\srv.sys
[2011/04/28 19:06:10 | 000,467,456 | ---- | M] (Microsoft Corporation) MD5=441FBA48BFF01FDB9D5969EBC1838F0B -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17608_none_382c41c40d0768a8\srv.sys
[2011/02/22 19:32:25 | 000,467,456 | ---- | M] (Microsoft Corporation) MD5=65784FF2D21F85A35E2590F65A6B2382 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.21666_none_3872fc8d26578043\srv.sys
[2011/02/22 20:56:27 | 000,467,456 | ---- | M] (Microsoft Corporation) MD5=65BBF4920148C2EE279055DA7228FC7B -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17565_none_37e85f780d3ac722\srv.sys
[2010/06/21 18:48:00 | 000,462,336 | ---- | M] (Microsoft Corporation) MD5=C4757FE6421EB3AFD9FD66592C5BFBE1 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20740_none_369c3bbd29264744\srv.sys
[2011/04/28 19:06:57 | 000,460,800 | ---- | M] (Microsoft Corporation) MD5=CF6EFAEB9EB9823A0D27EDE6D1AF662D -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20956_none_369771592928f58d\srv.sys
[2011/02/22 19:49:08 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=D388EBD2314A31E7BB7474F9C101CD1A -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20907_none_36ce813f28ff832f\srv.sys
[2010/08/26 19:38:04 | 000,463,360 | ---- | M] (Microsoft Corporation) MD5=DE6F5658DA951C4BC8E498570B5B0D5F -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16664_none_36010042101544b8\srv.sys
[2010/08/26 19:39:57 | 000,462,336 | ---- | M] (Microsoft Corporation) MD5=DF128B7DFA3A5E399363B8F83275399D -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20789_none_3679fea7293e9b17\srv.sys
[2009/12/08 00:42:45 | 000,464,896 | ---- | M] (Microsoft Corporation) MD5=E319934627647A6A93B880DDA6B06C5E -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20591_none_3667289f294df202\srv.sys
[2009/07/13 15:25:13 | 000,465,408 | ---- | M] (Microsoft Corporation) MD5=EC8F67289105BF270498095F14963464 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16385_none_35ec5b0210249e7c\srv.sys

< MD5 for: SRV2.SYS >
[2010/06/21 19:20:50 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=03715CF9C30B563DA35FC5F2B8F7B8E0 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.16619_none_363141640ff053a7\srv2.sys
[2010/06/21 18:47:35 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=069A85A39B43C3F2336835CB5E3A0E6D -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.20740_none_36916bd1292e6335\srv2.sys
[2010/08/26 19:39:45 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=17D31E2F7FCCC24C08ECACEA945D3B14 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.20789_none_366f2ebb2946b708\srv2.sys
[2011/02/22 19:31:59 | 000,409,600 | ---- | M] (Microsoft Corporation) MD5=342451BA8549FDBA860CB172549F14CE -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7601.21666_none_38682ca1265f9c34\srv2.sys
[2010/08/26 19:37:48 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4D33D59C0B930C523D29F9BD40CDA9D2 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.16664_none_35f63056101d60a9\srv2.sys
[2011/04/28 19:12:54 | 000,399,872 | ---- | M] (Microsoft Corporation) MD5=76548F7B818881B47D8D1AE1BE9C11F8 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.16806_none_3639143e0feae5ff\srv2.sys
[2011/04/28 19:06:38 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=930113266636C1889B56470A84D8756F -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.20956_none_368ca16d2931117e\srv2.sys
[2011/04/28 19:05:49 | 000,410,112 | ---- | M] (Microsoft Corporation) MD5=B4ADEBBF5E3677CCE9651E0F01F7CC28 -- C:\Windows\SysNative\drivers\srv2.sys
[2011/04/28 19:05:49 | 000,410,112 | ---- | M] (Microsoft Corporation) MD5=B4ADEBBF5E3677CCE9651E0F01F7CC28 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7601.17608_none_382171d80d0f8499\srv2.sys
[2011/02/22 19:48:35 | 000,400,384 | ---- | M] (Microsoft Corporation) MD5=C5CB472BBA74F5CCA93D8A4196D63D0B -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.20907_none_36c3b15329079f20\srv2.sys
[2011/02/22 21:16:01 | 000,401,920 | ---- | M] (Microsoft Corporation) MD5=CE2189FE31D36678AC9EB7DDEE08EC96 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.16765_none_35f73286101c7727\srv2.sys
[2010/11/20 01:27:46 | 000,413,184 | ---- | M] (Microsoft Corporation) MD5=D0F73A42040F21F92FD314B42AC5C9E7 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7601.17514_none_38129ede0d1b3e07\srv2.sys
[2011/02/22 20:56:03 | 000,411,648 | ---- | M] (Microsoft Corporation) MD5=DA939F762A1CCC2D77428621DDBD40A7 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7601.17565_none_37dd8f8c0d42e313\srv2.sys
[2011/04/28 18:53:39 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=E10010AC9A4E8D7676EC89700BB6A24C -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7601.21717_none_389f3e6d263626fd\srv2.sys
[2009/07/13 15:25:04 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=F773D2ED090B7BAA1C1A034F3CA476C8 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.16385_none_35e18b16102cba6d\srv2.sys

< MD5 for: SRVNET.SYS >
[2011/04/28 19:12:37 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=0AF6E19D39C70844C5CAA8FB0183C36E -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16806_none_6022a903299648f0\srvnet.sys
[2011/04/28 19:06:31 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=19E0B9883EE4DB831CD5DD781CBD6498 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20956_none_6076363242dc746f\srvnet.sys
[2009/07/13 15:24:59 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=26E84D3649019C3244622E654DFCD75B -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16385_none_5fcb1fdb29d81d5e\srvnet.sys
[2011/04/28 19:05:37 | 000,168,448 | ---- | M] (Microsoft Corporation) MD5=27E461F0BE5BFF5FC737328F749538C3 -- C:\Windows\SysNative\drivers\srvnet.sys
[2011/04/28 19:05:37 | 000,168,448 | ---- | M] (Microsoft Corporation) MD5=27E461F0BE5BFF5FC737328F749538C3 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.17608_none_620b069d26bae78a\srvnet.sys
[2010/11/20 01:27:21 | 000,167,936 | ---- | M] (Microsoft Corporation) MD5=2BA8F3250828CCDB4204ECF2C6F40B6A -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.17514_none_61fc33a326c6a0f8\srvnet.sys
[2010/08/26 19:39:24 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=3EBBD18201CF162E537217D7C51047F6 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20789_none_6058c38042f219f9\srvnet.sys
[2011/02/22 20:55:47 | 000,167,936 | ---- | M] (Microsoft Corporation) MD5=3F847C9DC87299516F7DC82FB6572865 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.17565_none_61c7245126ee4604\srvnet.sys
[2009/12/08 00:42:06 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=47A7DCDDEA3FC3099A126EB603FEC7A3 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20591_none_6045ed78430170e4\srvnet.sys
[2011/04/28 18:53:17 | 000,168,448 | ---- | M] (Microsoft Corporation) MD5=497BC12BDA57CACB29A6B63C3069A0F5 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.21717_none_6288d3323fe189ee\srvnet.sys
[2011/02/22 19:48:26 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=55BE8EE4C3EC8081E68A8C21BFF94256 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20907_none_60ad461842b30211\srvnet.sys
[2010/08/26 19:37:26 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5A663FD67049267BC5C3F3279E631FFB -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16664_none_5fdfc51b29c8c39a\srvnet.sys
[2010/06/21 18:47:20 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=A2FF8C218D5B62D693658F91B7FBB514 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20740_none_607b009642d9c626\srvnet.sys
[2011/02/22 19:31:48 | 000,167,936 | ---- | M] (Microsoft Corporation) MD5=B3293EB86DE13312DF227D13C54E3B6B -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.21666_none_6251c166400aff25\srvnet.sys
[2011/02/22 21:15:50 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=CB69EDEB069A49577592835659CD0E46 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16765_none_5fe0c74b29c7da18\srvnet.sys
[2009/12/08 00:32:29 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=CCE32BB223E9FF55D241099A858FA889 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16481_none_5fc7209929dbb529\srvnet.sys
[2010/06/21 19:20:34 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=FBD09635227A8026C0F7790F604343C6 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16619_none_601ad629299bb698\srvnet.sys

< MD5 for: SRVSVC.DLL >
[2010/08/26 22:14:02 | 000,236,032 | ---- | M] (Microsoft Corporation) MD5=81F1D04D4D0E433099365127375FD501 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver_31bf3856ad364e35_6.1.7600.16664_none_54fe7fe0047d2a74\srvsvc.dll
[2010/08/26 22:15:56 | 000,236,032 | ---- | M] (Microsoft Corporation) MD5=82DEE681AB043BEF8FACE49628E3C1BE -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver_31bf3856ad364e35_6.1.7600.20789_none_55777e451da680d3\srvsvc.dll
[2009/07/13 17:41:54 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=C926920B8978DE6ACFE9E15C709E9B57 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver_31bf3856ad364e35_6.1.7600.16385_none_54e9daa0048c8438\srvsvc.dll
[2010/11/20 05:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) MD5=D9F42719019740BAA6D1C6D536CBDAA6 -- C:\Windows\SysNative\srvsvc.dll
[2010/11/20 05:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) MD5=D9F42719019740BAA6D1C6D536CBDAA6 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver_31bf3856ad364e35_6.1.7601.17514_none_571aee68017b07d2\srvsvc.dll

< MD5 for: WMPLAYER.EXE >
[2009/07/13 17:39:56 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=11AFC25168CA5D0DED22765D37F4639E -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16385_none_675eb4c668cac03c\wmplayer.exe
[2009/07/13 17:14:47 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=1F0F6AB1808781D2A2C2CA02E712ED8C -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16385_none_71b35f189d2b8237\wmplayer.exe
[2010/11/20 05:25:33 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=322A96BFB36CEAA506F74D5F98CDA723 -- C:\Program Files\Windows Media Player\wmplayer.exe
[2010/11/20 05:25:33 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=322A96BFB36CEAA506F74D5F98CDA723 -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\wmplayer.exe
[2009/08/28 22:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=58F2330B4EFD5D0AFB3916059ADED428 -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16415_none_71ff10729cf2bbc7\wmplayer.exe
[2010/08/31 21:08:55 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=8EB032978DF7AFE71E55B2637DBDDAC3 -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20792_none_67da867981f32767\wmplayer.exe
[2009/08/28 23:49:44 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=913CEBA16F7C22F1AA4F27679ACFE7CC -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20518_none_728bae1bb60da796\wmplayer.exe
[2009/08/28 23:47:41 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=92D52C09D2CD7DB74BAE10AA7C6C4A02 -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16415_none_67aa66206891f9cc\wmplayer.exe
[2010/08/31 20:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=A0F1DFC9E47B2524213AFF32E26BE92D -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16667_none_71cb05369d197478\wmplayer.exe
[2010/11/20 04:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=A80C173AC5C75706BB74AE4D78F2A53D -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
[2010/11/20 04:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=A80C173AC5C75706BB74AE4D78F2A53D -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_73e472e09a1a05d1\wmplayer.exe
[2009/08/29 00:47:23 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=B91D3FB3C84FCE86D43254D676FD75D7 -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20518_none_683703c981ace59b\wmplayer.exe
[2010/08/31 21:14:31 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=CA07A30C2C0F45F4BE22381280A872DD -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16667_none_67765ae468b8b27d\wmplayer.exe
[2010/09/01 00:05:55 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=EFDC66634A7827196567ED82DA0090FA -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20792_none_722f30cbb653e962\wmplayer.exe

< MD5 for: WMPLOC.DLL >
[2010/11/20 04:08:44 | 012,625,408 | ---- | M] (Microsoft Corporation) MD5=0FBC74AA20FE0AE6884279F893169C60 -- C:\Windows\SysWOW64\wmploc.DLL
[2010/11/20 04:08:44 | 012,625,408 | ---- | M] (Microsoft Corporation) MD5=0FBC74AA20FE0AE6884279F893169C60 -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_73e472e09a1a05d1\wmploc.DLL
[2010/09/01 00:03:54 | 012,625,408 | ---- | M] (Microsoft Corporation) MD5=25DA32E8B703A293F4E1F943E68D3BEF -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20792_none_722f30cbb653e962\wmploc.DLL
[2009/08/28 23:48:23 | 012,625,408 | ---- | M] (Microsoft Corporation) MD5=41702513ED2E7E98DE87E508C08491D3 -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20518_none_728bae1bb60da796\wmploc.DLL
[2010/08/31 21:06:55 | 012,625,920 | ---- | M] (Microsoft Corporation) MD5=423DEB0EE3A9B4F4509BA42AF85F0354 -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20792_none_67da867981f32767\wmploc.DLL
[2010/08/31 21:12:09 | 012,625,920 | ---- | M] (Microsoft Corporation) MD5=550BF4ACD6FC3F41DC5A83EF31B9F9B4 -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16667_none_67765ae468b8b27d\wmploc.DLL
[2009/08/28 22:54:52 | 012,625,408 | ---- | M] (Microsoft Corporation) MD5=96B78543ECF4A519B4F65BF7059F4B33 -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16415_none_71ff10729cf2bbc7\wmploc.DLL
[2009/07/13 17:11:17 | 012,625,408 | ---- | M] (Microsoft Corporation) MD5=B315C62E9046BCB58137A49625B6E253 -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16385_none_71b35f189d2b8237\wmploc.DLL
[2009/08/28 23:45:05 | 012,625,920 | ---- | M] (Microsoft Corporation) MD5=D62840B33B87BC2ED8D7060D7C66096C -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16415_none_67aa66206891f9cc\wmploc.DLL
[2009/07/13 17:34:08 | 012,625,920 | ---- | M] (Microsoft Corporation) MD5=D8134F0DB2BD7BB39AB91453E6374BB5 -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16385_none_675eb4c668cac03c\wmploc.DLL
[2010/11/20 05:16:12 | 012,625,920 | ---- | M] (Microsoft Corporation) MD5=E19AD0D49BFF5938B3E374873AC174DE -- C:\Windows\SysNative\wmploc.DLL
[2010/11/20 05:16:12 | 012,625,920 | ---- | M] (Microsoft Corporation) MD5=E19AD0D49BFF5938B3E374873AC174DE -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\wmploc.DLL
[2009/08/29 00:44:41 | 012,625,920 | ---- | M] (Microsoft Corporation) MD5=EEDBD4030BC204311BB858CAE1B02D8B -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20518_none_683703c981ace59b\wmploc.DLL
[2010/08/31 20:23:49 | 012,625,408 | ---- | M] (Microsoft Corporation) MD5=FA05241C7BC7EBCC36AF78299D0D37FE -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16667_none_71cb05369d197478\wmploc.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\User\Documents\Deanna file.avi:TOC.WMV

< End of report >
  • 0

Advertisements


#11
Dynamite1969

Dynamite1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
speccy report:

Summary
Operating System
MS Windows 7 64-bit SP1
CPU
Cannot initialise SPC dll
RAM
Cannot initialise SPC dll
Motherboard
Cannot initialise SPC dll
Graphics
Cannot initialise SPC dll
Hard Drives
Cannot initialise SPC dll
Optical Drives
Optiarc DVD RW AD-7240S ATA Device
HL-DT-ST DVDRAM GH22NS40 ATA Device
Audio
ATI High Definition Audio Device
Operating System
MS Windows 7 64-bit SP1
Installation Date: 03 May 2010, 12:17

Windows Security Center
User Account Control (UAC) Enabled
Notify level 2 - Default
Firewall Enabled
Antivirus Disabled
Windows Update
AutoUpdate Download Automatically and Install at Set Scheduled time
Schedule Frequency Every day
Schedule Time 3 am
Windows Defender
Windows Defender Disabled
Environment Variables
USERPROFILE C:\Users\User
SystemRoot C:\Windows
User Variables
TEMP C:\Users\User\AppData\Local\Temp
TMP C:\Users\User\AppData\Local\Temp
Machine Variables
ComSpec C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK NO
OS Windows_NT
Path C:\Windows\system32
C:\Windows
C:\Windows\system32\wbem
C:\Program Files\Common Files\Microsoft Shared\Windows Live
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live
%SYSTEMROOT%\System32\WindowsPowerShell\v1.0
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
C:\Program Files (x86)\QuickTime\QTSystem
C:\Program Files (x86)\Windows Live\Shared
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE AMD64
TEMP C:\Windows\TEMP
TMP C:\Windows\TEMP
USERNAME SYSTEM
windir C:\Windows
PSModulePath C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
NUMBER_OF_PROCESSORS 8
PROCESSOR_LEVEL 6
PROCESSOR_IDENTIFIER Intel64 Family 6 Model 26 Stepping 5, GenuineIntel
PROCESSOR_REVISION 1a05
asl.log Destination=file;OnFirstLog=command,environment
CLASSPATH .;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
QTJAVA C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
SAFEBOOT_OPTION NETWORK
Power Profile
Active power scheme Home/Office Desk
Hibernation Disabled
Power Shutdown Enabled
Power Suspend Disabled
Turn Off Monitor after: (On AC Power) 20 min
Turn Off Hard Disk after: (On AC Power) Never
Suspend after: (On AC Power) Never
Screen saver Enabled
Uptime
Current Session
Current Time 12/1/2011 3:50:58 PM
Current Uptime 1114 sec (0 d, 00 h, 18 m, 34 s)
Last Boot Time 12/1/2011 3:32:24 PM
TimeZone
TimeZone GMT -8 Hours
Language English
Country United States
Currency $
Date Format M/d/yyyy
Time Format h:mm:ss tt
Scheduler
Process List
csrss.exe
Process ID 408
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\csrss.exe
Memory Usage 4.02 MB
Peak Memory Usage 4.02 MB
csrss.exe
Process ID 452
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\csrss.exe
Memory Usage 6.57 MB
Peak Memory Usage 11 MB
ctfmon.exe
Process ID 1392
User User
Domain User-PC
Path C:\Windows\system32\ctfmon.exe
Memory Usage 3.95 MB
Peak Memory Usage 3.99 MB
explorer.exe
Process ID 1328
User User
Domain User-PC
Path C:\Windows\Explorer.EXE
Memory Usage 50 MB
Peak Memory Usage 52 MB
firefox.exe
Process ID 1252
User User
Domain User-PC
Path C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Memory Usage 125 MB
Peak Memory Usage 189 MB
lsass.exe
Process ID 504
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\lsass.exe
Memory Usage 11 MB
Peak Memory Usage 11 MB
lsm.exe
Process ID 528
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\lsm.exe
Memory Usage 4.57 MB
Peak Memory Usage 4.58 MB
otl.exe
Process ID 808
User User
Domain User-PC
Path C:\Users\User\Desktop\OTL.exe
Memory Usage 19 MB
Peak Memory Usage 23 MB
plugin-container.exe
Process ID 1480
User User
Domain User-PC
Path C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Memory Usage 13 MB
Peak Memory Usage 15 MB
services.exe
Process ID 496
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\services.exe
Memory Usage 8.27 MB
Peak Memory Usage 8.52 MB
smss.exe
Process ID 292
User SYSTEM
Domain NT AUTHORITY
Path \SystemRoot\System32\smss.exe
Memory Usage 1.36 MB
Peak Memory Usage 1.39 MB
speccy64.exe
Process ID 928
User User
Domain User-PC
Path C:\Program Files\Speccy\Speccy64.exe
Memory Usage 24 MB
Peak Memory Usage 24 MB
svchost.exe
Process ID 656
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 9.84 MB
Peak Memory Usage 10 MB
svchost.exe
Process ID 732
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 7.30 MB
Peak Memory Usage 7.31 MB
svchost.exe
Process ID 828
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 12 MB
Peak Memory Usage 12 MB
svchost.exe
Process ID 864
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 16 MB
Peak Memory Usage 16 MB
svchost.exe
Process ID 920
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 11 MB
Peak Memory Usage 12 MB
svchost.exe
Process ID 968
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 7.42 MB
Peak Memory Usage 7.54 MB
svchost.exe
Process ID 996
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 16 MB
Peak Memory Usage 16 MB
svchost.exe
Process ID 344
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 14 MB
Peak Memory Usage 14 MB
svchost.exe
Process ID 1180
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 6.26 MB
Peak Memory Usage 6.59 MB
system
Process ID 4
system idle process
Process ID 0
wininit.exe
Process ID 444
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\wininit.exe
Memory Usage 5.35 MB
Peak Memory Usage 5.45 MB
winlogon.exe
Process ID 536
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\winlogon.exe
Memory Usage 6.18 MB
Peak Memory Usage 6.26 MB
wmiprvse.exe
Process ID 1164
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\wbem\wmiprvse.exe
Memory Usage 8.86 MB
Peak Memory Usage 8.86 MB
Hotfixes
System Folders
Path for burning CD C:\Users\User\AppData\Local\Microsoft\Windows\Burn\Burn
Application Data C:\ProgramData
Public Desktop C:\Users\Public\Desktop
Documents C:\Users\Public\Documents
Global Favorites C:\Users\User\Favorites
Music C:\Users\Public\Music
Pictures C:\Users\Public\Pictures
Start Menu Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs
Start Menu C:\ProgramData\Microsoft\Windows\Start Menu
Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Templates C:\ProgramData\Microsoft\Windows\Templates
Videos C:\Users\Public\Videos
Cookies C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies
Desktop C:\Users\User\Desktop
Physical Desktop C:\Users\User\Desktop
User Favorites C:\Users\User\Favorites
Fonts C:\Windows\Fonts
Internet History C:\Users\User\AppData\Local\Microsoft\Windows\History
Temporary Internet Files C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files
Local Application Data C:\Users\User\AppData\Local
Windows directory C:\Windows
Windows/System C:\Windows\system32
Program Files C:\Program Files
Device Tree
ACPI x64-based PC
Microsoft ACPI-Compliant System
Intel® Core™ i7 CPU 930 @ 2.80GHz
Intel® Core™ i7 CPU 930 @ 2.80GHz
Intel® Core™ i7 CPU 930 @ 2.80GHz
Intel® Core™ i7 CPU 930 @ 2.80GHz
Intel® Core™ i7 CPU 930 @ 2.80GHz
Intel® Core™ i7 CPU 930 @ 2.80GHz
Intel® Core™ i7 CPU 930 @ 2.80GHz
Intel® Core™ i7 CPU 930 @ 2.80GHz
ACPI Power Button
System board
Intel® 82802 Firmware Hub Device
ACPI Fixed Feature Button
PCI bus
Intel® 5520/5500/X58 I/O Hub to ESI Port - 3405
Intel® 5520/X58 I/O Hub PCI Express Root Port 5 - 340C
Intel® 5520/5500/X58 I/O Hub PCI Express Root Port 7 - 340E
Intel® 5520/5500/X58 I/O Hub PCI Express Root Port 9 - 3410
Intel® 5520/5500/X58 Physical and Link Layer Registers Port 0 - 3425
Intel® 5520/5500/X58 Routing and Protocol Layer Registers Port 0 - 3426
Intel® 5520/5500 Physical and Link Layer Registers Port 1 - 3427
Intel® 5520/5500 Routing and Protocol Layer Register Port 1 - 3428
Intel® 5520/5500/X58 I/O Hub I/OxAPIC Interrupt Controller - 342D
Intel® 5520/5500/X58 I/O Hub System Management Registers - 342E
Intel® 5520/5500/X58 I/O Hub GPIO and Scratch Pad Registers - 3422
Intel® 5520/5500/X58 I/O Hub Control Status and RAS Registers - 3423
Intel® 5520/5500/X58 Trusted Execution Technology Registers - 342F
Intel® ICH10 Family PCI Express Root Port 1 - 3A40
Intel® ICH10 Family SMBus Controller - 3A30
Microsoft Windows Management Interface for ACPI
Motherboard resources
Intel® 5520/5500/X58 I/O Hub PCI Express Root Port 1 - 3408
Standard Dual Channel PCI IDE Controller
ATA Channel 0
ATA Channel 1
Marvell 91xx Config Device
Intel® 5520/5500/X58 I/O Hub PCI Express Root Port 2 - 3409
NEC Electronics USB 3.0 Host Controller
NEC Electronics USB 3.0 Root Hub
Intel® 5520/5500/X58 I/O Hub PCI Express Root Port 3 - 340A
ATI Radeon HD 5700 Series
High Definition Audio Controller
ATI High Definition Audio Device
Intel® ICH10 Family USB Universal Host Controller - 3A37
USB Root Hub
Generic USB Hub
USB Composite Device
USB Input Device
HID Keyboard Device
USB Input Device
HID-compliant consumer control device
HID-compliant device
HID-compliant consumer control device
Logitech USB WheelMouse
Logitech USB WheelMouse
Intel® ICH10 Family USB Universal Host Controller - 3A38
USB Root Hub
Intel® ICH10 Family USB Universal Host Controller - 3A39
USB Root Hub
Intel® ICH10 Family USB Enhanced Host Controller - 3A3C
USB Root Hub
High Definition Audio Controller
Realtek High Definition Audio
Intel® ICH10 Family PCI Express Root Port 2 - 3A42
GIGABYTE GBB36X Controller
Intel® ICH10 Family PCI Express Root Port 4 - 3A46
GIGABYTE GBB36X Controller
Intel® ICH10 Family PCI Express Root Port 5 - 3A48
Realtek PCIe GBE Family Controller
Intel® ICH10 Family USB Universal Host Controller - 3A34
USB Root Hub
Intel® ICH10 Family USB Universal Host Controller - 3A35
USB Root Hub
Intel® ICH10 Family USB Universal Host Controller - 3A36
USB Root Hub
Intel® ICH10 Family USB Enhanced Host Controller - 3A3A
USB Root Hub
USB Mass Storage Device
Generic STORAGE DEVICE USB Device
Generic STORAGE DEVICE USB Device
Generic STORAGE DEVICE USB Device
Generic STORAGE DEVICE USB Device
Generic STORAGE DEVICE USB Device
Intel® 82801 PCI Bridge - 244E
Texas Instruments 1394 OHCI Compliant Host Controller
Intel® ICH10R LPC Interface Controller - 3A16
Motherboard resources
Programmable interrupt controller
Direct memory access controller
System timer
High precision event timer
System CMOS/real time clock
System speaker
Numeric data processor
Standard PS/2 Keyboard
Motherboard resources
Standard floppy disk controller
Floppy disk drive
Intel® ICH10 Family 4 port Serial ATA Storage Controller 1 - 3A20
ATA Channel 0
KINGSTON SNV425S264GB ATA Device
ST31500341AS ATA Device
ATA Channel 1
Optiarc DVD RW AD-7240S ATA Device
HL-DT-ST DVDRAM GH22NS40 ATA Device
Intel® ICH10 Family 2 port Serial ATA Storage Controller 2 - 3A26
ATA Channel 0
ATA Channel 1
Services
Running Base Filtering Engine
Running Cryptographic Services
Running DCOM Server Process Launcher
Running DHCP Client
Running DNS Client
Running Encrypting File System (EFS)
Running IKE and AuthIP IPsec Keying Modules
Running IPsec Policy Agent
Running Network Connections
Running Network List Service
Running Network Location Awareness
Running Network Store Interface Service
Running Plug and Play
Running Power
Running Remote Procedure Call (RPC)
Running RPC Endpoint Mapper
Running TCP/IP NetBIOS Helper
Running User Profile Service
Running Windows Driver Foundation - User-mode Driver Framework
Running Windows Event Log
Running Windows Firewall
Running Windows Management Instrumentation
Running Workstation
Stopped ActiveX Installer (AxInstSV)
Stopped Adaptive Brightness
Stopped AMD External Events Utility
Stopped Apple Mobile Device
Stopped Application Experience
Stopped Application Identity
Stopped Application Information
Stopped Application Layer Gateway Service
Stopped Application Management
Stopped ASP.NET State Service
Stopped AVG Security Toolbar Service
Stopped AVG WatchDog
Stopped AVGIDSAgent
Stopped Backbone Service
Stopped Background Intelligent Transfer Service
Stopped BitLocker Drive Encryption Service
Stopped Block Level Backup Engine Service
Stopped Bluetooth Support Service
Stopped Bonjour Service
Stopped BranchCache
Stopped Browser Configuration Utility Service
Stopped C-DillaCdaC11BA
Stopped Certificate Propagation
Stopped CNG Key Isolation
Stopped COM+ Event System
Stopped COM+ System Application
Stopped Computer Browser
Stopped Credential Manager
Stopped Desktop Window Manager Session Manager
Stopped Diagnostic Policy Service
Stopped Diagnostic Service Host
Stopped Diagnostic System Host
Stopped Disk Defragmenter
Stopped Distributed Link Tracking Client
Stopped Distributed Transaction Coordinator
Stopped Dragon Age: Origins - Content Updater
Stopped Extensible Authentication Protocol
Stopped Fax
Stopped Function Discovery Provider Host
Stopped Function Discovery Resource Publication
Stopped Group Policy Client
Stopped Health Key and Certificate Management
Stopped HomeGroup Listener
Stopped HomeGroup Provider
Stopped Human Interface Device Access
Stopped Interactive Services Detection
Stopped Internet Connection Sharing (ICS)
Stopped IP Helper
Stopped iPod Service
Stopped JMB36X
Stopped KtmRm for Distributed Transaction Coordinator
Stopped Link-Layer Topology Discovery Mapper
Stopped Machine Debug Manager
Stopped Media Center Extender Service
Stopped Microsoft .NET Framework NGEN v2.0.50727_X64
Stopped Microsoft .NET Framework NGEN v2.0.50727_X86
Stopped Microsoft .NET Framework NGEN v4.0.30319_X64
Stopped Microsoft .NET Framework NGEN v4.0.30319_X86
Stopped Microsoft iSCSI Initiator Service
Stopped Microsoft Software Shadow Copy Provider
Stopped Multimedia Class Scheduler
Stopped Nero Update
Stopped Net.Msmq Listener Adapter
Stopped Net.Pipe Listener Adapter
Stopped Net.Tcp Listener Adapter
Stopped Net.Tcp Port Sharing Service
Stopped Netlogon
Stopped Network Access Protection Agent
Stopped Office Source Engine
Stopped Offline Files
Stopped Parental Controls
Stopped Peer Name Resolution Protocol
Stopped Peer Networking Grouping
Stopped Peer Networking Identity Manager
Stopped Performance Counter DLL Host
Stopped Performance Logs & Alerts
Stopped PnP-X IP Bus Enumerator
Stopped PNRP Machine Name Publication Service
Stopped Portable Device Enumerator Service
Stopped Print Spooler
Stopped Problem Reports and Solutions Control Panel Support
Stopped Program Compatibility Assistant Service
Stopped Protected Storage
Stopped Quality Windows Audio Video Experience
Stopped Remote Access Auto Connection Manager
Stopped Remote Access Connection Manager
Stopped Remote Desktop Configuration
Stopped Remote Desktop Services
Stopped Remote Desktop Services UserMode Port Redirector
Stopped Remote Procedure Call (RPC) Locator
Stopped Remote Registry
Stopped Routing and Remote Access
Stopped Secondary Logon
Stopped Secure Socket Tunneling Protocol Service
Stopped Security Accounts Manager
Stopped Security Center
Stopped Server
Stopped Shell Hardware Detection
Stopped Smart Card
Stopped Smart Card Removal Policy
Stopped SNMP Trap
Stopped Software Protection
Stopped SPP Notification Service
Stopped SSDP Discovery
Stopped Storage Service
Stopped Superfetch
Stopped System Event Notification Service
Stopped Tablet PC Input Service
Stopped Task Scheduler
Stopped Telephony
Stopped Themes
Stopped Thread Ordering Server
Stopped TPM Base Services
Stopped UPnP Device Host
Stopped Virtual Disk
Stopped Volume Shadow Copy
Stopped vToolbarUpdater
Stopped WebClient
Stopped Windows Activation Technologies Service
Stopped Windows Audio
Stopped Windows Audio Endpoint Builder
Stopped Windows Backup
Stopped Windows Biometric Service
Stopped Windows CardSpace
Stopped Windows Color System
Stopped Windows Connect Now - Config Registrar
Stopped Windows Defender
Stopped Windows Error Reporting Service
Stopped Windows Event Collector
Stopped Windows Font Cache Service
Stopped Windows Image Acquisition (WIA)
Stopped Windows Installer
Stopped Windows Live ID Sign-in Assistant
Stopped Windows Media Center Receiver Service
Stopped Windows Media Center Scheduler Service
Stopped Windows Media Player Network Sharing Service
Stopped Windows Modules Installer
Stopped Windows Presentation Foundation Font Cache 3.0.0.0
Stopped Windows Remote Management (WS-Management)
Stopped Windows Search
Stopped Windows Time
Stopped Windows Update
Stopped WinHTTP Web Proxy Auto-Discovery Service
Stopped Wired AutoConfig
Stopped WLAN AutoConfig
Stopped WMI Performance Adapter
Stopped WWAN AutoConfig
CPU
Cannot initialise SPC dll
RAM
Cannot initialise SPC dll
Motherboard
Cannot initialise SPC dll
Graphics
Cannot initialise SPC dll
Hard Drives
Cannot initialise SPC dll
Optical Drives
Optiarc DVD RW AD-7240S ATA Device
Media Type DVD Writer
Name Optiarc DVD RW AD-7240S ATA Device
Availability Running/Full Power
Capabilities Random Access, Supports Writing, Supports Removable Media
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive D:
Media Loaded TRUE
SCSI Bus 1
SCSI Logical Unit 0
SCSI Port 5
SCSI Target Id 0
Size 88.5 MB
Status OK
Volume Name 111129_2108
Volume Serial Number 3705C311
HL-DT-ST DVDRAM GH22NS40 ATA Device
Media Type DVD Writer
Name HL-DT-ST DVDRAM GH22NS40 ATA Device
Availability Running/Full Power
Capabilities Random Access, Supports Writing, Supports Removable Media
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive E:
Media Loaded FALSE
SCSI Bus 1
SCSI Logical Unit 0
SCSI Port 5
SCSI Target Id 1
Status OK
Audio
Sound Cards
ATI High Definition Audio Device
Realtek High Definition Audio
Speaker Configuration
Speaker type Stereo
Peripherals
Standard PS/2 Keyboard
Device Kind Keyboard
Device Name Standard PS/2 Keyboard
Location plugged into keyboard port
Driver
Date 6-21-2006
Version 6.1.7601.17514
File C:\Windows\system32\DRIVERS\i8042prt.sys
File C:\Windows\system32\DRIVERS\kbdclass.sys
HID Keyboard Device
Device Kind Keyboard
Device Name HID Keyboard Device
Vendor Unknown
Location USB Input Device
Driver
Date 6-21-2006
Version 6.1.7601.17514
File C:\Windows\system32\DRIVERS\kbdhid.sys
File C:\Windows\system32\DRIVERS\kbdclass.sys
Logitech USB WheelMouse
Device Kind Mouse
Device Name Logitech USB WheelMouse
Vendor Logitech
Location Logitech USB WheelMouse
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\mouhid.sys
File C:\Windows\system32\DRIVERS\mouclass.sys
Disk drive
Device Kind USB storage
Device Name Disk drive
Vendor GENERIC
Comment Generic STORAGE DEVICE USB Device
Location USB Mass Storage Device
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\disk.sys
Disk drive
Device Kind USB storage
Device Name Disk drive
Vendor GENERIC
Comment Generic STORAGE DEVICE USB Device
Location USB Mass Storage Device
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\disk.sys
Disk drive
Device Kind USB storage
Device Name Disk drive
Vendor GENERIC
Comment Generic STORAGE DEVICE USB Device
Location USB Mass Storage Device
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\disk.sys
Disk drive
Device Kind USB storage
Device Name Disk drive
Vendor GENERIC
Comment Generic STORAGE DEVICE USB Device
Location USB Mass Storage Device
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\disk.sys
Disk drive
Device Kind USB storage
Device Name Disk drive
Vendor GENERIC
Comment Generic STORAGE DEVICE USB Device
Location USB Mass Storage Device
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\disk.sys
Printers
Network
You are connected to the internet
Connected through Realtek PCIe GBE Family Controller
IP Address 192.168.1.100
Subnet mask 255.255.255.0
Gateway server 192.168.1.1
Preferred DNS server 192.168.1.1
DHCP Enabled
DHCP server 192.168.1.1
External IP Address 24.18.68.133
Adapter Type Ethernet
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Hybrid node
Link Speed 0 kbps
Computer Name
NetBIOS Name USER-PC
DNS Name User-PC
Domain Name User-PC
Remote Desktop
Console
State Active
Domain User-PC
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Wi-Fi not enabled
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout 60000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout 30000
IEProxy Auto Detect No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Sharing and Discovery
Network Discovery Enabled
File and Printer Sharing Enabled
Media Sharing Enabled
Adapters List
Realtek PCIe GBE Family Controller
IP Address 192.168.1.100
Subnet mask 255.255.255.0
Gateway server 192.168.1.1
Network Shares
Users C:\Users
Canon Inkjet MP160 Printer Canon Inkjet MP160 Printer,LocalsplOnly
Current TCP Connections
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (1252)
Local 127.0.0.1:49160 ESTABLISHED Remote 127.0.0.1:49159 (Querying... )
Local 127.0.0.1:49159 ESTABLISHED Remote 127.0.0.1:49160 (Querying... )
Local 127.0.0.1:49158 ESTABLISHED Remote 127.0.0.1:49157 (Querying... )
Local 127.0.0.1:49157 ESTABLISHED Remote 127.0.0.1:49158 (Querying... )
Local 192.168.1.100:49185 ESTABLISHED Remote 74.125.224.156:80 (Querying... ) (HTTP)
Local 192.168.1.100:49202 ESTABLISHED Remote 174.133.98.146:80 (Querying... ) (HTTP)
Local 192.168.1.100:49189 ESTABLISHED Remote 74.125.224.122:80 (Querying... ) (HTTP)
Local 192.168.1.100:49180 ESTABLISHED Remote 216.137.35.75:80 (Querying... ) (HTTP)
Local 192.168.1.100:49179 ESTABLISHED Remote 216.137.35.75:80 (Querying... ) (HTTP)
Local 192.168.1.100:49192 ESTABLISHED Remote 74.125.224.156:80 (Querying... ) (HTTP)
Local 192.168.1.100:49187 ESTABLISHED Remote 173.194.33.13:80 (Querying... ) (HTTP)
System Process
Local 192.168.1.100:49199 TIME-WAIT Remote 96.17.236.20:80 (Querying... ) (HTTP)
Local 192.168.1.100:49198 TIME-WAIT Remote 184.28.63.55:80 (Querying... ) (HTTP)
Local 192.168.1.100:49196 TIME-WAIT Remote 23.49.37.115:80 (Querying... ) (HTTP)
Local 192.168.1.100:49195 TIME-WAIT Remote 74.125.224.116:80 (Querying... ) (HTTP)
Local 192.168.1.100:49194 TIME-WAIT Remote 23.49.44.20:80 (Querying... ) (HTTP)
Local 192.168.1.100:49177 TIME-WAIT Remote 74.54.247.132:80 (Querying... ) (HTTP)
Local 192.168.1.100:49178 TIME-WAIT Remote 216.137.35.75:80 (Querying... ) (HTTP)
Local 192.168.1.100:49191 TIME-WAIT Remote 74.125.224.122:80 (Querying... ) (HTTP)
Local 192.168.1.100:49190 TIME-WAIT Remote 69.171.228.39:80 (Querying... ) (HTTP)
Local 192.168.1.100:49181 TIME-WAIT Remote 216.137.35.75:80 (Querying... ) (HTTP)
Local 192.168.1.100:49182 TIME-WAIT Remote 216.137.35.75:80 (Querying... ) (HTTP)
Local 192.168.1.100:49183 TIME-WAIT Remote 216.137.35.75:80 (Querying... ) (HTTP)
Local 192.168.1.100:49184 TIME-WAIT Remote 23.49.44.20:80 (Querying... ) (HTTP)
Local 192.168.1.100:49188 TIME-WAIT Remote 173.194.33.13:80 (Querying... ) (HTTP)
Local 192.168.1.100:49186 TIME-WAIT Remote 184.28.63.55:80 (Querying... ) (HTTP)
Local 192.168.1.100:49200 TIME-WAIT Remote 74.125.224.122:443 (Querying... ) (HTTPS)
Local 192.168.1.100:49203 TIME-WAIT Remote 199.7.59.72:80 (Querying... ) (HTTP)
System Process
Local 192.168.1.100:139 (NetBIOS session service) LISTEN
lsass.exe (504)
Local [00:00:00:00:00:00:00:00]:49155 LISTEN
Local 0.0.0.0:49155 LISTEN
services.exe (496)
Local 0.0.0.0:49154 LISTEN
Local [00:00:00:00:00:00:00:00]:49154 LISTEN
svchost.exe (732)
Local 0.0.0.0:135 (DCE) LISTEN
Local [00:00:00:00:00:00:00:00]:135 LISTEN
svchost.exe (828)
Local 0.0.0.0:49153 LISTEN
Local [00:00:00:00:00:00:00:00]:49153 LISTEN
svchost.exe (996)
Local 192.168.1.100:49204 ESTABLISHED Remote 96.17.111.17:80 (Querying... ) (HTTP)
wininit.exe (444)
Local 0.0.0.0:49152 LISTEN
Local [00:00:00:00:00:00:00:00]:49152 LISTEN
  • 0

#12
Dynamite1969

Dynamite1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
NOTE: I tried to get the speccy program to run from normal mode and it did show the temps were all good. When I tried to save, it crashed again.

I might have been able to save the file just before it crashed so I'll re-post if the .txt file is good.
  • 0

#13
Dynamite1969

Dynamite1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
new report from normal mode (saved just before it crashed)

Edited by Dynamite1969, 01 December 2011 - 06:22 PM.

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Let's see if we can get it to run in regular mode:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after the line:
msconfig

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot into regular mode.

If it runs OK in this mode then go back into msconfig and check about half of the items and reboot. See if one of the ones you just checked is the culprit. This may take a while but if a certain program is causing the problem then eventually you should be able to locate it and uninstall it.

Ron
  • 0

#15
Dynamite1969

Dynamite1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
I already have it setup that way and it still crashes with everything but microsoft services unchecked.

I even tried the "boot to original boot configuration" check box
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP