Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

URL Redirecting Virus


  • Please log in to reply

#1
nacholas

nacholas

    New Member

  • Member
  • Pip
  • 7 posts
Hi I am having a URL Redirecting virus and can't quite seem to be able to find a fix. I have produced an OTL file as below; any help will be much appreciated.

OTL logfile created on: 12/16/2011 11:37:43 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nick\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 62.82% Memory free
5.99 Gb Paging File | 4.67 Gb Available in Paging File | 77.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.44 Gb Total Space | 16.24 Gb Free Space | 5.63% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 85.62 Gb Free Space | 28.72% Space Free | Partition Type: NTFS
Drive E: | 9.65 Gb Total Space | 1.65 Gb Free Space | 17.06% Space Free | Partition Type: NTFS

Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/12/16 11:12:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Downloads\OTL.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/10 18:50:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/24 14:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/16 12:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/03/23 14:53:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/03/23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
PRC - [2009/07/14 11:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/14 11:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
PRC - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
PRC - [2008/04/27 22:26:44 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 18:50:10 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/22 10:33:12 | 000,421,888 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\sw4ta9li.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/20 22:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (astcc)
SRV - [2011/12/08 19:12:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/23 06:43:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe -- (STacSV)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 11:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe -- (AESTFilters)
SRV - [2008/04/27 22:26:44 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/05/13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/11/20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/17 04:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/09/08 06:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/07/14 21:42:23 | 006,814,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel®
DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/03/29 17:30:12 | 000,122,752 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tinspusb.sys -- (USBTINSP) TI-Nspire™
DRV - [2010/03/23 14:53:06 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/01/13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2009/07/14 08:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 08:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008/07/20 19:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/04/25 12:50:02 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 DE 1C D6 CC A6 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/14 19:16:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 18:50:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/03 16:02:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\firefoxext

[2010/11/23 20:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions
[2011/12/04 14:07:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\sw4ta9li.default\extensions
[2011/10/04 17:29:31 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\sw4ta9li.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011/09/01 16:24:11 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\sw4ta9li.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/06/03 14:40:49 | 000,000,000 | ---D | M] (English (Australian) Dictionary) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\sw4ta9li.default\extensions\[email protected]
[2011/11/10 18:50:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/14 19:16:43 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\NICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SW4TA9LI.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011/11/10 18:50:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 16:02:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 00:35:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 18:50:10 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FBAE0A4-8EC7-4562-BE76-CA706C4327FE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79EC2CF-8A0F-4055-BD7B-C59804E3E3FA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/08/17 21:15:00 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{14e63296-d430-11e0-a30d-002186ca4382}\Shell - "" = AutoRun
O33 - MountPoints2\{14e63296-d430-11e0-a30d-002186ca4382}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{2cc2384d-be25-11e0-b03d-002186ca4382}\Shell - "" = AutoRun
O33 - MountPoints2\{2cc2384d-be25-11e0-b03d-002186ca4382}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/16 10:42:12 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{48D75184-2B8E-4B16-9AF7-C79ABE75291C}
[2011/12/16 10:41:57 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{FE02CC75-DBE5-4A56-A324-A5C53440E09D}
[2011/12/15 18:25:29 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{7A5FCCE5-9EB7-40DE-87BE-DA5AA071391A}
[2011/12/15 18:24:55 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{AF82CAE7-D883-4CE8-BF53-A5879430E792}
[2011/12/14 23:01:28 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\SanctionedMedia
[2011/12/14 22:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows
[2011/12/14 19:25:53 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{FFA55B6A-9010-4922-9D70-AB4AE8A0EFD2}
[2011/12/14 19:25:40 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{D4A6B5F5-E8E8-4BF8-9E14-B30F38B2A46A}
[2011/12/13 12:16:47 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{740AC092-3343-4221-BC5D-DF81B73B6FAE}
[2011/12/13 12:16:10 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{0E94561E-2ED7-4844-B136-6198A2621031}
[2011/12/12 11:51:24 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{6B607323-C1CE-4CC5-A477-48C61EC5ECED}
[2011/12/12 11:51:08 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{CF53FC55-7068-481E-BE87-A00D4DFC70BF}
[2011/12/11 16:17:46 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{89F83E36-9C05-40F3-B260-1B94A21D56BA}
[2011/12/11 16:17:16 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{94943753-A654-4ECF-939E-8AA08BEDB4B5}
[2011/12/10 11:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LIMBO
[2011/12/10 11:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\LIMBO
[2011/12/10 09:21:41 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{AD310D49-43B3-421B-8FA6-43B41A2D82A2}
[2011/12/10 09:21:24 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{23526FC1-921F-4627-827E-F18AB800B3A8}
[2011/12/09 17:01:47 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{B32F5469-25CC-4C73-A628-DAA0F2C07F5A}
[2011/12/09 17:01:34 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{0F122BCC-ED5A-45E2-A872-CEB13AFFEB0F}
[2011/12/08 22:47:04 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{98B804AF-5B79-412A-9B66-9BA2DF159843}
[2011/12/08 22:46:49 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{7E5065D3-ED9D-43B1-BBF6-6009D0FCA67A}
[2011/12/08 10:46:34 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{6A85A87F-16FC-4891-A0E8-62C2199B1F9D}
[2011/12/08 10:46:20 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{CDF2A01B-7F33-4EA1-B731-B998C4FA3876}
[2011/12/07 08:32:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{16152AEC-52C1-4D85-B447-A691C4598FF4}
[2011/12/07 08:32:00 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{F00EAF10-61B7-496F-8428-CC5EC20EF57C}
[2011/12/05 21:16:02 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Skyrim
[2011/12/05 21:13:58 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\My Games
[2011/12/05 14:03:10 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{004FF11D-F95A-493B-8573-CD65AA203F95}
[2011/12/05 14:02:57 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{B68F7580-203F-45F3-955D-163A8C055AF3}
[2011/12/04 20:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\RNDIS
[2011/12/04 17:50:10 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\TI-Nspire
[2011/12/04 17:49:36 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Texas Instruments
[2011/12/04 17:48:54 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\TI-Nspire
[2011/12/04 17:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TI Shared
[2011/12/04 17:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\TI Education
[2011/12/04 06:25:04 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{80FD7530-EF1D-4EE9-82E1-B2A0CA87BA33}
[2011/12/04 06:24:49 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{FCA2DC27-8FA9-4062-9E1B-464AAC9F7B9A}
[2011/12/03 00:25:50 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{9AA02FFF-723C-48C2-9FE1-6918D2BA616D}
[2011/12/03 00:25:38 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{DF53E1F9-80B5-4108-85C3-078555A9F666}
[2011/12/02 12:25:23 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{DB15A032-484A-458A-ABD1-B19826404010}
[2011/12/02 12:24:57 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{D198C4F0-F69F-4B78-B055-B6D6818C884E}
[2011/12/01 23:29:49 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{49A0E981-59BD-463C-8B04-974FAD4E0343}
[2011/12/01 23:29:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{6C0B0417-2459-4928-AA31-F5F4D6061BC3}
[2011/12/01 11:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{15B628D0-B56A-458B-8BDE-B195582D3FE7}
[2011/12/01 11:28:51 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{DDB1A744-6E86-4209-B42A-D954EFBE512A}
[2011/11/30 21:33:20 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{E11FA90D-119B-4DC5-826E-5BEFB332D88F}
[2011/11/30 21:33:08 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{279FC59A-5E80-4CC7-8C73-64E730EE5DA5}
[2011/11/30 09:32:54 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{FBE03DA2-C5B2-4FDB-94A8-480C986C87DC}
[2011/11/30 09:32:39 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{8D7A1E88-1FDA-4383-A96E-C4D2C1B60090}
[2011/11/29 11:23:52 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{4177E9FE-350F-468B-968B-19CDB5E9BF99}
[2011/11/29 11:23:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{DD2D2EEE-DED7-4048-BE0B-CD4BD1BADF9B}
[2011/11/28 11:20:14 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{55487F4C-2DC8-40BD-990A-7187D1A6D35C}
[2011/11/28 11:19:55 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{AA54AA68-C615-4E5F-857E-F0954A53DDE5}
[2011/11/27 19:48:19 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{6F07536F-0CC0-46F5-AC12-5CB1AF23032D}
[2011/11/27 19:48:05 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{9949994F-3DD3-4A71-830F-BCB0AADADC20}
[2011/11/26 09:26:52 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{5A7B00E4-9822-4EFE-B671-0C521FFF478B}
[2011/11/26 09:26:34 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{63060751-046E-4D17-AD2F-0204F29F9491}
[2011/11/25 09:47:42 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{0D6E2C36-9005-490A-9532-ADB8B487FE1F}
[2011/11/25 09:47:23 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{E7AD65BB-0556-4E7B-8CED-A13052BA62A1}
[2011/11/24 13:33:59 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{351DF586-AB10-4009-8F56-46ED8CB29CCD}
[2011/11/24 13:33:46 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{421C76D6-139B-4C9A-BACC-7E38F67E688D}
[2011/11/23 21:41:25 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{9351924D-8F47-45CD-96EC-929A0C86A4B6}
[2011/11/23 21:41:13 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{AA9235BB-8428-4B47-927E-2AED5F4B1270}
[2011/11/23 09:40:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{133B9EBD-23D2-431C-B451-B063B841701B}
[2011/11/23 09:40:18 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{22CB549D-35A8-406C-824C-99B598F99A09}
[2011/11/22 20:37:49 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{E40FB2A8-BD3B-4E0E-89C7-16CFD1EE6D04}
[2011/11/22 20:37:32 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{5CAABB68-85A1-4264-A69D-2DD2086DC4E8}
[2011/11/21 12:05:40 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ApnoeTrainer
[2011/11/21 12:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ApnoeTrainer
[2011/11/21 12:05:40 | 000,000,000 | ---D | C] -- C:\ApnoeTrainer
[2011/11/21 10:33:39 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{15177C02-4970-4CC2-8FB1-E80B16BC5186}
[2011/11/21 10:33:23 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{E8073CB3-F9E6-404F-9C2F-66E3D818CF6F}
[2011/11/20 12:44:58 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{EC29DBE5-8D1C-42B3-8201-3DBD154297BF}
[2011/11/20 12:44:46 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{607A4B90-270E-406F-8F21-96D6758C34BE}
[2011/11/20 00:44:33 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{02BE4623-0255-4265-BDD9-5D130C2DD7EF}
[2011/11/20 00:44:20 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{461F3D5A-F51C-46B0-AD02-76E6C040714C}
[2011/11/19 12:44:06 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{FDB317EB-7F7E-435B-BC63-1A37D920988C}
[2011/11/19 12:43:53 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{C9ED9716-8A1D-449F-AF72-410372928EEA}
[2011/11/18 18:04:16 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{DFCA0339-FE3F-4527-B4FE-EE1405C5D640}
[2011/11/18 18:03:36 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{66C4DB57-BDE6-42DF-A51F-0FB9FB6687C3}

========== Files - Modified Within 30 Days ==========

[2011/12/16 10:48:47 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 10:48:47 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 10:46:36 | 112,228,896 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/12/16 10:40:34 | 003,765,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/16 10:40:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/16 10:39:25 | 2413,531,136 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/15 23:20:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/15 23:20:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/12/15 18:26:10 | 000,326,831 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/12/14 19:16:43 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/12/13 21:26:16 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/13 21:26:16 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/21 12:05:40 | 000,000,656 | ---- | M] () -- C:\Users\Nick\Desktop\ApnoeTrainer 1.0.lnk

========== Files Created - No Company Name ==========

[2011/12/16 11:36:06 | 000,000,215 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Black Ops - Multiplayer (2).url
[2011/12/15 23:20:46 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/12/15 23:20:46 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/11/21 12:05:40 | 000,000,656 | ---- | C] () -- C:\Users\Nick\Desktop\ApnoeTrainer 1.0.lnk
[2011/06/07 16:46:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/19 11:06:43 | 000,007,168 | ---- | C] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/28 15:10:29 | 000,000,000 | ---- | C] () -- C:\Users\Nick\AppData\Local\prvlcl.dat
[2010/12/22 15:54:27 | 000,140,024 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/12/22 15:54:27 | 000,138,056 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\PnkBstrK.sys
[2010/12/22 15:54:03 | 000,280,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/12/22 15:54:01 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/12/22 15:54:01 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/12/05 13:36:49 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 14:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 14:33:53 | 003,765,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 12:05:48 | 000,628,460 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 12:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 12:05:48 | 000,110,612 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 12:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 12:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 12:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 09:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/13 08:39:12 | 000,020,480 | ---- | C] () -- C:\Windows\System32\wbvfsinst.dll
[2007/11/14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll

========== LOP Check ==========

[2011/10/20 12:26:51 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\AVG2012
[2011/08/17 15:32:53 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Efofex
[2011/09/01 10:31:53 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\EPANET
[2011/06/30 20:19:19 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\fdrtools.com
[2011/06/30 20:39:55 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\IrfanView
[2011/03/14 19:05:16 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\NCH Swift Sound
[2011/06/30 20:34:58 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\PhotoScape
[2011/12/04 20:16:27 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Texas Instruments
[2011/12/04 17:50:10 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\TI-Nspire
[2011/12/14 20:48:36 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\uTorrent
[2011/03/04 15:40:27 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Xilisoft
[2011/08/20 10:49:38 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BC359956

< End of report >

Attached Files

  • Attached File  OTL.Txt   75.32KB   19 downloads

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Ron
  • 0

#3
nacholas

nacholas

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi, thanks for your assistance it is much appreciated.

TDDS Report:

10:50:45.0698 2648 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
10:50:46.0649 2648 ============================================================
10:50:46.0649 2648 Current date / time: 2011/12/18 10:50:46.0649
10:50:46.0649 2648 SystemInfo:
10:50:46.0649 2648
10:50:46.0649 2648 OS Version: 6.1.7601 ServicePack: 1.0
10:50:46.0649 2648 Product type: Workstation
10:50:46.0649 2648 ComputerName: NICK-PC
10:50:46.0649 2648 UserName: Nick
10:50:46.0649 2648 Windows directory: C:\Windows
10:50:46.0649 2648 System windows directory: C:\Windows
10:50:46.0649 2648 Processor architecture: Intel x86
10:50:46.0649 2648 Number of processors: 2
10:50:46.0649 2648 Page size: 0x1000
10:50:46.0649 2648 Boot type: Normal boot
10:50:46.0649 2648 ============================================================
10:50:48.0006 2648 Initialize success
10:50:59.0488 2284 ============================================================
10:50:59.0488 2284 Scan started
10:50:59.0488 2284 Mode: Manual;
10:50:59.0488 2284 ============================================================
10:51:00.0362 2284 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:51:00.0362 2284 1394ohci - ok
10:51:00.0424 2284 Accelerometer (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
10:51:00.0424 2284 Accelerometer - ok
10:51:00.0518 2284 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:51:00.0518 2284 ACPI - ok
10:51:00.0705 2284 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:51:00.0705 2284 AcpiPmi - ok
10:51:00.0861 2284 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:51:00.0861 2284 adp94xx - ok
10:51:00.0923 2284 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:51:00.0923 2284 adpahci - ok
10:51:01.0095 2284 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:51:01.0095 2284 adpu320 - ok
10:51:01.0220 2284 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:51:01.0220 2284 AFD - ok
10:51:01.0313 2284 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
10:51:01.0344 2284 AgereSoftModem - ok
10:51:01.0532 2284 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:51:01.0532 2284 agp440 - ok
10:51:01.0641 2284 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:51:01.0641 2284 aic78xx - ok
10:51:01.0703 2284 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:51:01.0703 2284 aliide - ok
10:51:01.0875 2284 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:51:01.0890 2284 amdagp - ok
10:51:01.0953 2284 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:51:01.0953 2284 amdide - ok
10:51:02.0031 2284 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:51:02.0031 2284 AmdK8 - ok
10:51:02.0078 2284 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:51:02.0078 2284 AmdPPM - ok
10:51:02.0249 2284 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:51:02.0265 2284 amdsata - ok
10:51:02.0374 2284 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:51:02.0390 2284 amdsbs - ok
10:51:02.0421 2284 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:51:02.0421 2284 amdxata - ok
10:51:02.0624 2284 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:51:02.0624 2284 AppID - ok
10:51:02.0795 2284 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:51:02.0795 2284 arc - ok
10:51:02.0826 2284 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:51:02.0842 2284 arcsas - ok
10:51:03.0045 2284 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:51:03.0045 2284 AsyncMac - ok
10:51:03.0123 2284 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:51:03.0123 2284 atapi - ok
10:51:03.0248 2284 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:51:03.0263 2284 b06bdrv - ok
10:51:03.0435 2284 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:51:03.0435 2284 b57nd60x - ok
10:51:03.0528 2284 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:51:03.0528 2284 Beep - ok
10:51:03.0606 2284 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:51:03.0606 2284 blbdrive - ok
10:51:03.0794 2284 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:51:03.0794 2284 bowser - ok
10:51:03.0825 2284 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:51:03.0825 2284 BrFiltLo - ok
10:51:03.0950 2284 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:51:03.0950 2284 BrFiltUp - ok
10:51:03.0996 2284 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:51:03.0996 2284 Brserid - ok
10:51:04.0215 2284 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:51:04.0215 2284 BrSerWdm - ok
10:51:04.0433 2284 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:51:04.0433 2284 BrUsbMdm - ok
10:51:04.0496 2284 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:51:04.0496 2284 BrUsbSer - ok
10:51:04.0558 2284 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
10:51:04.0558 2284 BthEnum - ok
10:51:04.0714 2284 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:51:04.0714 2284 BTHMODEM - ok
10:51:04.0823 2284 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
10:51:04.0823 2284 BthPan - ok
10:51:04.0886 2284 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
10:51:04.0886 2284 BTHPORT - ok
10:51:04.0964 2284 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
10:51:04.0964 2284 BTHUSB - ok
10:51:05.0166 2284 catchme - ok
10:51:05.0385 2284 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:51:05.0385 2284 cdfs - ok
10:51:05.0494 2284 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
10:51:05.0494 2284 cdrom - ok
10:51:05.0712 2284 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:51:05.0712 2284 circlass - ok
10:51:05.0790 2284 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:51:05.0790 2284 CLFS - ok
10:51:05.0884 2284 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:51:05.0884 2284 CmBatt - ok
10:51:06.0009 2284 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:51:06.0009 2284 cmdide - ok
10:51:06.0149 2284 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
10:51:06.0149 2284 CNG - ok
10:51:06.0243 2284 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:51:06.0243 2284 Compbatt - ok
10:51:06.0383 2284 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
10:51:06.0383 2284 CompositeBus - ok
10:51:06.0508 2284 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:51:06.0508 2284 crcdisk - ok
10:51:06.0633 2284 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
10:51:06.0648 2284 CSC - ok
10:51:06.0805 2284 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:51:06.0805 2284 DfsC - ok
10:51:06.0929 2284 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:51:06.0929 2284 discache - ok
10:51:07.0023 2284 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:51:07.0023 2284 Disk - ok
10:51:07.0195 2284 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:51:07.0195 2284 drmkaud - ok
10:51:07.0257 2284 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:51:07.0273 2284 DXGKrnl - ok
10:51:07.0460 2284 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:51:07.0553 2284 ebdrv - ok
10:51:07.0725 2284 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:51:07.0725 2284 elxstor - ok
10:51:07.0803 2284 enecir (29dcaeb81dde6f154aa4d36b18ecbb1f) C:\Windows\system32\DRIVERS\enecir.sys
10:51:07.0803 2284 enecir - ok
10:51:07.0928 2284 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:51:07.0928 2284 ErrDev - ok
10:51:08.0131 2284 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:51:08.0131 2284 exfat - ok
10:51:08.0162 2284 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:51:08.0177 2284 fastfat - ok
10:51:08.0255 2284 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:51:08.0255 2284 fdc - ok
10:51:08.0302 2284 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:51:08.0302 2284 FileInfo - ok
10:51:08.0474 2284 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:51:08.0474 2284 Filetrace - ok
10:51:08.0521 2284 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:51:08.0521 2284 flpydisk - ok
10:51:08.0567 2284 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:51:08.0567 2284 FltMgr - ok
10:51:08.0661 2284 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:51:08.0661 2284 FsDepends - ok
10:51:08.0692 2284 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
10:51:08.0692 2284 Fs_Rec - ok
10:51:08.0879 2284 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:51:08.0879 2284 fvevol - ok
10:51:08.0942 2284 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:51:08.0942 2284 gagp30kx - ok
10:51:09.0035 2284 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:51:09.0035 2284 GEARAspiWDM - ok
10:51:09.0082 2284 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:51:09.0082 2284 hcw85cir - ok
10:51:09.0254 2284 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
10:51:09.0254 2284 HdAudAddService - ok
10:51:09.0301 2284 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
10:51:09.0301 2284 HDAudBus - ok
10:51:09.0379 2284 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:51:09.0379 2284 HidBatt - ok
10:51:09.0503 2284 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:51:09.0503 2284 HidBth - ok
10:51:09.0675 2284 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:51:09.0675 2284 HidIr - ok
10:51:09.0737 2284 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
10:51:09.0737 2284 HidUsb - ok
10:51:09.0831 2284 hpdskflt (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
10:51:09.0831 2284 hpdskflt - ok
10:51:10.0049 2284 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:51:10.0049 2284 HpqKbFiltr - ok
10:51:10.0112 2284 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:51:10.0112 2284 HpSAMD - ok
10:51:10.0268 2284 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:51:10.0268 2284 HTTP - ok
10:51:10.0455 2284 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:51:10.0455 2284 hwpolicy - ok
10:51:10.0517 2284 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:51:10.0517 2284 i8042prt - ok
10:51:10.0627 2284 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:51:10.0627 2284 iaStorV - ok
10:51:10.0829 2284 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:51:10.0829 2284 iirsp - ok
10:51:10.0876 2284 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:51:10.0876 2284 intelide - ok
10:51:10.0970 2284 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:51:10.0970 2284 intelppm - ok
10:51:11.0063 2284 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:51:11.0063 2284 IpFilterDriver - ok
10:51:11.0188 2284 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:51:11.0188 2284 IPMIDRV - ok
10:51:11.0266 2284 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:51:11.0266 2284 IPNAT - ok
10:51:11.0375 2284 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:51:11.0375 2284 IRENUM - ok
10:51:11.0563 2284 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:51:11.0563 2284 isapnp - ok
10:51:11.0625 2284 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:51:11.0625 2284 iScsiPrt - ok
10:51:11.0765 2284 JMCR (ed9103e5b70761ebc9809f4bd9673bb2) C:\Windows\system32\DRIVERS\jmcr.sys
10:51:11.0765 2284 JMCR - ok
10:51:11.0937 2284 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
10:51:11.0937 2284 kbdclass - ok
10:51:11.0999 2284 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
10:51:11.0999 2284 kbdhid - ok
10:51:12.0077 2284 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
10:51:12.0077 2284 KSecDD - ok
10:51:12.0155 2284 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
10:51:12.0155 2284 KSecPkg - ok
10:51:12.0343 2284 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:51:12.0343 2284 lltdio - ok
10:51:12.0389 2284 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:51:12.0389 2284 LSI_FC - ok
10:51:12.0467 2284 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:51:12.0467 2284 LSI_SAS - ok
10:51:12.0561 2284 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:51:12.0561 2284 LSI_SAS2 - ok
10:51:12.0592 2284 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:51:12.0592 2284 LSI_SCSI - ok
10:51:12.0764 2284 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:51:12.0764 2284 luafv - ok
10:51:12.0795 2284 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:51:12.0795 2284 megasas - ok
10:51:12.0873 2284 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:51:12.0873 2284 MegaSR - ok
10:51:12.0967 2284 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:51:12.0967 2284 Modem - ok
10:51:13.0123 2284 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:51:13.0123 2284 monitor - ok
10:51:13.0185 2284 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
10:51:13.0185 2284 mouclass - ok
10:51:13.0263 2284 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:51:13.0263 2284 mouhid - ok
10:51:13.0357 2284 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:51:13.0357 2284 mountmgr - ok
10:51:13.0528 2284 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:51:13.0528 2284 mpio - ok
10:51:13.0606 2284 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:51:13.0606 2284 mpsdrv - ok
10:51:13.0684 2284 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:51:13.0684 2284 MRxDAV - ok
10:51:13.0762 2284 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:51:13.0762 2284 mrxsmb - ok
10:51:13.0949 2284 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:51:13.0949 2284 mrxsmb10 - ok
10:51:13.0981 2284 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:51:13.0981 2284 mrxsmb20 - ok
10:51:14.0059 2284 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:51:14.0059 2284 msahci - ok
10:51:14.0137 2284 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:51:14.0137 2284 msdsm - ok
10:51:14.0324 2284 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:51:14.0324 2284 Msfs - ok
10:51:14.0355 2284 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:51:14.0355 2284 mshidkmdf - ok
10:51:14.0433 2284 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:51:14.0433 2284 msisadrv - ok
10:51:14.0589 2284 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:51:14.0589 2284 MSKSSRV - ok
10:51:15.0026 2284 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:51:15.0026 2284 MSPCLOCK - ok
10:51:15.0057 2284 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:51:15.0073 2284 MSPQM - ok
10:51:15.0135 2284 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:51:15.0135 2284 MsRPC - ok
10:51:15.0213 2284 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
10:51:15.0213 2284 mssmbios - ok
10:51:15.0353 2284 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:51:15.0353 2284 MSTEE - ok
10:51:15.0416 2284 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:51:15.0416 2284 MTConfig - ok
10:51:15.0463 2284 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:51:15.0463 2284 Mup - ok
10:51:15.0572 2284 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:51:15.0572 2284 NativeWifiP - ok
10:51:15.0790 2284 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:51:15.0821 2284 NDIS - ok
10:51:15.0946 2284 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:51:15.0946 2284 NdisCap - ok
10:51:16.0009 2284 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:51:16.0009 2284 NdisTapi - ok
10:51:16.0196 2284 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:51:16.0196 2284 Ndisuio - ok
10:51:16.0274 2284 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:51:16.0274 2284 NdisWan - ok
10:51:16.0336 2284 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:51:16.0336 2284 NDProxy - ok
10:51:16.0461 2284 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys
10:51:16.0461 2284 Netaapl - ok
10:51:16.0633 2284 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:51:16.0633 2284 NetBIOS - ok
10:51:16.0711 2284 NetBT (83f9a7e8439f2cb0a9173e2b55559f6e) C:\Windows\system32\DRIVERS\netbt.sys
10:51:16.0711 2284 NetBT ( Rootkit.Win32.ZAccess.h ) - infected
10:51:16.0711 2284 NetBT - detected Rootkit.Win32.ZAccess.h (0)
10:51:17.0023 2284 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
10:51:17.0194 2284 NETw5s32 - ok
10:51:17.0491 2284 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
10:51:17.0584 2284 netw5v32 - ok
10:51:17.0803 2284 NETwNs32 (29e4f23d31fb66c7bf0014d36cf5af2a) C:\Windows\system32\DRIVERS\NETwNs32.sys
10:51:17.0943 2284 NETwNs32 - ok
10:51:18.0068 2284 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:51:18.0068 2284 nfrd960 - ok
10:51:18.0224 2284 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:51:18.0224 2284 Npfs - ok
10:51:18.0271 2284 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:51:18.0271 2284 nsiproxy - ok
10:51:18.0349 2284 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:51:18.0380 2284 Ntfs - ok
10:51:18.0505 2284 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:51:18.0505 2284 Null - ok
10:51:18.0707 2284 NVHDA (0e40ef12bc029ff8b13043f157452c47) C:\Windows\system32\drivers\nvhda32v.sys
10:51:18.0707 2284 NVHDA - ok
10:51:19.0004 2284 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:51:19.0222 2284 nvlddmkm - ok
10:51:19.0316 2284 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:51:19.0316 2284 nvraid - ok
10:51:19.0472 2284 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:51:19.0487 2284 nvstor - ok
10:51:19.0550 2284 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:51:19.0550 2284 nv_agp - ok
10:51:19.0597 2284 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:51:19.0597 2284 ohci1394 - ok
10:51:19.0737 2284 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:51:19.0737 2284 Parport - ok
10:51:19.0924 2284 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
10:51:19.0924 2284 partmgr - ok
10:51:19.0955 2284 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:51:19.0955 2284 Parvdm - ok
10:51:20.0002 2284 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:51:20.0002 2284 pci - ok
10:51:20.0174 2284 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:51:20.0174 2284 pciide - ok
10:51:20.0345 2284 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:51:20.0345 2284 pcmcia - ok
10:51:20.0423 2284 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:51:20.0423 2284 pcw - ok
10:51:20.0455 2284 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:51:20.0501 2284 PEAUTH - ok
10:51:20.0767 2284 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:51:20.0767 2284 PptpMiniport - ok
10:51:20.0845 2284 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:51:20.0845 2284 Processor - ok
10:51:20.0907 2284 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:51:20.0907 2284 Psched - ok
10:51:20.0969 2284 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:51:21.0016 2284 ql2300 - ok
10:51:21.0219 2284 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:51:21.0219 2284 ql40xx - ok
10:51:21.0297 2284 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:51:21.0297 2284 QWAVEdrv - ok
10:51:21.0344 2284 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:51:21.0344 2284 RasAcd - ok
10:51:21.0437 2284 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:51:21.0437 2284 RasAgileVpn - ok
10:51:21.0547 2284 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:51:21.0547 2284 Rasl2tp - ok
10:51:21.0687 2284 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:51:21.0687 2284 RasPppoe - ok
10:51:21.0765 2284 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:51:21.0765 2284 RasSstp - ok
10:51:21.0843 2284 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:51:21.0843 2284 rdbss - ok
10:51:21.0874 2284 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:51:21.0874 2284 rdpbus - ok
10:51:22.0030 2284 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:51:22.0030 2284 RDPCDD - ok
10:51:22.0155 2284 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
10:51:22.0155 2284 RDPDR - ok
10:51:22.0280 2284 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:51:22.0280 2284 RDPENCDD - ok
10:51:22.0311 2284 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:51:22.0311 2284 RDPREFMP - ok
10:51:22.0467 2284 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
10:51:22.0467 2284 RDPWD - ok
10:51:22.0592 2284 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:51:22.0592 2284 rdyboost - ok
10:51:22.0717 2284 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
10:51:22.0717 2284 RFCOMM - ok
10:51:22.0795 2284 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:51:22.0795 2284 rspndr - ok
10:51:22.0951 2284 RTL8167 (9c5da0bc3301dfca399056fd9adca413) C:\Windows\system32\DRIVERS\Rt86win7.sys
10:51:22.0966 2284 RTL8167 - ok
10:51:23.0060 2284 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
10:51:23.0060 2284 s3cap - ok
10:51:23.0153 2284 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:51:23.0153 2284 sbp2port - ok
10:51:23.0247 2284 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:51:23.0247 2284 scfilter - ok
10:51:23.0356 2284 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
10:51:23.0356 2284 sdbus - ok
10:51:23.0497 2284 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:51:23.0497 2284 secdrv - ok
10:51:23.0575 2284 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:51:23.0575 2284 Serenum - ok
10:51:23.0637 2284 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:51:23.0637 2284 Serial - ok
10:51:23.0762 2284 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:51:23.0762 2284 sermouse - ok
10:51:23.0855 2284 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:51:23.0855 2284 sffdisk - ok
10:51:23.0918 2284 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:51:23.0918 2284 sffp_mmc - ok
10:51:23.0949 2284 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:51:23.0949 2284 sffp_sd - ok
10:51:24.0011 2284 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:51:24.0011 2284 sfloppy - ok
10:51:24.0152 2284 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:51:24.0152 2284 sisagp - ok
10:51:24.0261 2284 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:51:24.0261 2284 SiSRaid2 - ok
10:51:24.0370 2284 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:51:24.0370 2284 SiSRaid4 - ok
10:51:24.0511 2284 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:51:24.0511 2284 Smb - ok
10:51:24.0573 2284 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:51:24.0573 2284 spldr - ok
10:51:24.0682 2284 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:51:24.0682 2284 srv - ok
10:51:24.0760 2284 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:51:24.0776 2284 srv2 - ok
10:51:24.0807 2284 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:51:24.0807 2284 srvnet - ok
10:51:25.0041 2284 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:51:25.0041 2284 stexstor - ok
10:51:25.0166 2284 STHDA (dadb74bf26766757dbba9c5912969ebf) C:\Windows\system32\DRIVERS\stwrt.sys
10:51:25.0181 2284 STHDA - ok
10:51:25.0228 2284 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
10:51:25.0228 2284 storflt - ok
10:51:25.0400 2284 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
10:51:25.0400 2284 storvsc - ok
10:51:25.0447 2284 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
10:51:25.0447 2284 swenum - ok
10:51:25.0556 2284 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
10:51:25.0571 2284 SynTP - ok
10:51:25.0790 2284 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
10:51:25.0821 2284 Tcpip - ok
10:51:25.0883 2284 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
10:51:25.0899 2284 TCPIP6 - ok
10:51:26.0008 2284 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:51:26.0008 2284 tcpipreg - ok
10:51:26.0211 2284 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:51:26.0211 2284 TDPIPE - ok
10:51:26.0273 2284 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
10:51:26.0273 2284 TDTCP - ok
10:51:26.0351 2284 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:51:26.0351 2284 tdx - ok
10:51:26.0398 2284 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
10:51:26.0398 2284 TermDD - ok
10:51:26.0539 2284 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:51:26.0539 2284 tssecsrv - ok
10:51:26.0695 2284 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:51:26.0695 2284 TsUsbFlt - ok
10:51:26.0788 2284 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:51:26.0788 2284 tunnel - ok
10:51:26.0866 2284 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:51:26.0866 2284 uagp35 - ok
10:51:27.0053 2284 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:51:27.0053 2284 udfs - ok
10:51:27.0178 2284 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:51:27.0178 2284 uliagpkx - ok
10:51:27.0241 2284 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
10:51:27.0256 2284 umbus - ok
10:51:27.0412 2284 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:51:27.0412 2284 UmPass - ok
10:51:27.0553 2284 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
10:51:27.0553 2284 USBAAPL - ok
10:51:27.0615 2284 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
10:51:27.0615 2284 usbccgp - ok
10:51:27.0724 2284 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:51:27.0724 2284 usbcir - ok
10:51:27.0787 2284 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
10:51:27.0787 2284 usbehci - ok
10:51:27.0818 2284 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:51:27.0818 2284 usbhub - ok
10:51:27.0927 2284 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
10:51:27.0927 2284 usbohci - ok
10:51:28.0005 2284 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:51:28.0005 2284 usbprint - ok
10:51:28.0145 2284 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
10:51:28.0145 2284 USBSTOR - ok
10:51:28.0223 2284 USBTINSP (f9288b919ea3065ad65f33d971604696) C:\Windows\system32\DRIVERS\tinspusb.sys
10:51:28.0223 2284 USBTINSP - ok
10:51:28.0333 2284 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
10:51:28.0333 2284 usbuhci - ok
10:51:28.0504 2284 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
10:51:28.0504 2284 usbvideo - ok
10:51:28.0551 2284 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:51:28.0551 2284 vdrvroot - ok
10:51:28.0691 2284 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:51:28.0707 2284 vga - ok
10:51:28.0738 2284 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:51:28.0738 2284 VgaSave - ok
10:51:28.0879 2284 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:51:28.0879 2284 vhdmp - ok
10:51:28.0941 2284 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:51:28.0941 2284 viaagp - ok
10:51:29.0081 2284 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:51:29.0081 2284 ViaC7 - ok
10:51:29.0222 2284 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:51:29.0222 2284 viaide - ok
10:51:29.0284 2284 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
10:51:29.0284 2284 vmbus - ok
10:51:29.0315 2284 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
10:51:29.0331 2284 VMBusHID - ok
10:51:29.0425 2284 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:51:29.0425 2284 volmgr - ok
10:51:29.0612 2284 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:51:29.0612 2284 volmgrx - ok
10:51:29.0674 2284 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:51:29.0674 2284 volsnap - ok
10:51:29.0799 2284 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:51:29.0799 2284 vsmraid - ok
10:51:29.0971 2284 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
10:51:29.0971 2284 vwifibus - ok
10:51:30.0017 2284 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
10:51:30.0017 2284 vwififlt - ok
10:51:30.0049 2284 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:51:30.0064 2284 WacomPen - ok
10:51:30.0205 2284 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:51:30.0205 2284 WANARP - ok
10:51:30.0205 2284 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:51:30.0205 2284 Wanarpv6 - ok
10:51:30.0392 2284 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:51:30.0392 2284 Wd - ok
10:51:30.0454 2284 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
10:51:30.0454 2284 WDC_SAM - ok
10:51:30.0517 2284 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:51:30.0532 2284 Wdf01000 - ok
10:51:30.0641 2284 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:51:30.0641 2284 WfpLwf - ok
10:51:30.0813 2284 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:51:30.0813 2284 WIMMount - ok
10:51:30.0891 2284 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
10:51:30.0891 2284 WinUsb - ok
10:51:31.0000 2284 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:51:31.0000 2284 WmiAcpi - ok
10:51:31.0203 2284 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:51:31.0203 2284 ws2ifsl - ok
10:51:31.0312 2284 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:51:31.0312 2284 WudfPf - ok
10:51:31.0453 2284 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:51:31.0453 2284 WUDFRd - ok
10:51:31.0484 2284 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:51:31.0499 2284 \Device\Harddisk0\DR0 - ok
10:51:31.0499 2284 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
10:51:31.0499 2284 \Device\Harddisk1\DR1 - ok
10:51:31.0499 2284 Boot (0x1200) (84efb03ef1bc975d8a58e2485ee7fad1) \Device\Harddisk0\DR0\Partition0
10:51:31.0499 2284 \Device\Harddisk0\DR0\Partition0 - ok
10:51:31.0546 2284 Boot (0x1200) (4737dbf1d424e8e08735f87377c3e429) \Device\Harddisk0\DR0\Partition1
10:51:31.0546 2284 \Device\Harddisk0\DR0\Partition1 - ok
10:51:31.0562 2284 Boot (0x1200) (235c8f692d52dc9154381f414029ea43) \Device\Harddisk1\DR1\Partition0
10:51:31.0562 2284 \Device\Harddisk1\DR1\Partition0 - ok
10:51:31.0562 2284 ============================================================
10:51:31.0562 2284 Scan finished
10:51:31.0562 2284 ============================================================
10:51:31.0562 1108 Detected object count: 1
10:51:31.0562 1108 Actual detected object count: 1
10:51:44.0354 1108 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\netbt.sys) error 1813
10:51:45.0586 1108 Backup copy found, using it..
10:51:45.0602 1108 C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot
10:51:54.0322 1108 NetBT ( Rootkit.Win32.ZAccess.h ) - User select action: Cure
10:51:59.0392 3416 Deinitialize success

asw Report:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-18 10:49:01
-----------------------------
10:49:01.700 OS Version: Windows 6.1.7601 Service Pack 1
10:49:01.700 Number of processors: 2 586 0x1706
10:49:01.700 ComputerName: NICK-PC UserName: Nick
10:49:18.673 Initialize success
10:49:55.645 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:49:55.661 Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 8909 Size: 305245MB BusType: 11
10:49:55.661 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
10:49:55.661 Disk 1 Vendor: FUJITSU_MHZ2320BH_G2 8909 Size: 305245MB BusType: 11
10:49:57.689 Disk 0 MBR read successfully
10:49:57.689 Disk 0 MBR scan
10:49:57.689 Disk 0 Windows 7 default MBR code
10:49:57.689 Disk 0 scanning sectors +625135616
10:49:57.767 Disk 0 scanning C:\Windows\system32\drivers
10:50:05.426 Service scanning
10:50:06.768 Modules scanning
10:50:10.013 Module: C:\Windows\System32\DRIVERS\netbt.sys **SUSPICIOUS**
10:50:21.260 Scan finished successfully
10:50:31.681 Disk 0 MBR has been saved successfully to "C:\Users\Nick\Documents\MBR.dat"
10:50:31.681 The log file has been saved successfully to "C:\Users\Nick\Documents\aswMBR.txt"


Malware Bytes Report:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8390

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

18/12/2011 11:31:15 AM
mbam-log-2011-12-18 (11-31-15).txt

Scan type: Quick scan
Objects scanned: 60025
Time elapsed: 8 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Nick\AppData\Local\Temp\msimg32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

OTL Report:

OTL logfile created on: 12/18/2011 11:13:10 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nick\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 62.09% Memory free
5.99 Gb Paging File | 4.75 Gb Available in Paging File | 79.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.44 Gb Total Space | 42.48 Gb Free Space | 14.73% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 85.62 Gb Free Space | 28.72% Space Free | Partition Type: NTFS
Drive E: | 9.65 Gb Total Space | 1.65 Gb Free Space | 17.06% Space Free | Partition Type: NTFS

Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/16 11:12:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Downloads\OTL.exe
PRC - [2011/11/10 18:50:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/16 12:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/03/23 14:53:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/03/23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
PRC - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 18:50:10 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/22 10:33:12 | 000,421,888 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\sw4ta9li.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (astcc)
SRV - [2011/12/08 19:12:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/23 06:43:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe -- (STacSV)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 11:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe -- (AESTFilters)
SRV - [2008/04/27 22:26:44 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/11/20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/17 04:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/09/08 06:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/07/14 21:42:23 | 006,814,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel®
DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/03/29 17:30:12 | 000,122,752 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tinspusb.sys -- (USBTINSP) TI-Nspire™
DRV - [2010/03/23 14:53:06 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/01/13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2009/07/14 08:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 08:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008/07/20 19:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/04/25 12:50:02 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 DE 1C D6 CC A6 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 18:50:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/03 16:02:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\firefoxext

[2010/11/23 20:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions
[2011/12/17 16:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\sw4ta9li.default\extensions
[2011/10/04 17:29:31 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\sw4ta9li.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011/09/01 16:24:11 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\sw4ta9li.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/06/03 14:40:49 | 000,000,000 | ---D | M] (English (Australian) Dictionary) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\sw4ta9li.default\extensions\[email protected]
[2011/12/16 12:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/16 12:21:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\NICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SW4TA9LI.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011/11/10 18:50:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/16 12:21:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 00:35:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 18:50:10 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FBAE0A4-8EC7-4562-BE76-CA706C4327FE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79EC2CF-8A0F-4055-BD7B-C59804E3E3FA}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/08/17 21:15:00 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{14e63296-d430-11e0-a30d-002186ca4382}\Shell - "" = AutoRun
O33 - MountPoints2\{14e63296-d430-11e0-a30d-002186ca4382}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{2cc2384d-be25-11e0-b03d-002186ca4382}\Shell - "" = AutoRun
O33 - MountPoints2\{2cc2384d-be25-11e0-b03d-002186ca4382}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/18 10:54:54 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/12/18 10:54:06 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Malwarebytes
[2011/12/18 10:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/18 10:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/18 10:53:58 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/18 10:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/18 00:03:06 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/12/17 23:55:08 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nick\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/17 23:51:31 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Nick\Desktop\aswMBR.exe
[2011/12/17 23:51:08 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nick\Desktop\tdsskiller.exe
[2011/12/17 18:04:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/17 18:04:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/17 18:04:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/17 18:04:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/17 18:04:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/17 18:02:19 | 004,341,424 | R--- | C] (Swearware) -- C:\Users\Nick\Desktop\ComboFix.exe
[2011/12/17 11:07:53 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{E4C4B250-4AAF-446E-81BE-739D2E49FD96}
[2011/12/17 11:07:36 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{0D3F720A-5024-4F1C-927E-7064279053EF}
[2011/12/16 22:43:04 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{455C78E1-3572-4450-945E-369651D50872}
[2011/12/16 22:42:44 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{46A23D57-D678-4046-B041-E65879FD261A}
[2011/12/16 12:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/16 12:21:32 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/16 12:21:32 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/16 12:21:32 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/16 12:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/16 10:42:12 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{48D75184-2B8E-4B16-9AF7-C79ABE75291C}
[2011/12/16 10:41:57 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{FE02CC75-DBE5-4A56-A324-A5C53440E09D}
[2011/12/15 21:54:59 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/15 21:54:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/15 21:54:59 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/15 21:54:59 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/15 21:54:58 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/15 20:44:11 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 20:44:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/15 20:43:39 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 20:43:35 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/15 20:39:08 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 20:39:08 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/15 18:25:29 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{7A5FCCE5-9EB7-40DE-87BE-DA5AA071391A}
[2011/12/15 18:24:55 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{AF82CAE7-D883-4CE8-BF53-A5879430E792}
[2011/12/14 23:01:28 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\SanctionedMedia
[2011/12/14 22:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows
[2011/12/14 19:25:53 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{FFA55B6A-9010-4922-9D70-AB4AE8A0EFD2}
[2011/12/14 19:25:40 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{D4A6B5F5-E8E8-4BF8-9E14-B30F38B2A46A}
[2011/12/13 12:16:47 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{740AC092-3343-4221-BC5D-DF81B73B6FAE}
[2011/12/13 12:16:10 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{0E94561E-2ED7-4844-B136-6198A2621031}
[2011/12/12 11:51:24 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{6B607323-C1CE-4CC5-A477-48C61EC5ECED}
[2011/12/12 11:51:08 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{CF53FC55-7068-481E-BE87-A00D4DFC70BF}
[2011/12/11 16:17:46 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{89F83E36-9C05-40F3-B260-1B94A21D56BA}
[2011/12/11 16:17:16 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{94943753-A654-4ECF-939E-8AA08BEDB4B5}
[2011/12/10 11:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LIMBO
[2011/12/10 11:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\LIMBO
[2011/12/10 09:21:41 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{AD310D49-43B3-421B-8FA6-43B41A2D82A2}
[2011/12/10 09:21:24 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{23526FC1-921F-4627-827E-F18AB800B3A8}
[2011/12/09 17:01:47 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{B32F5469-25CC-4C73-A628-DAA0F2C07F5A}
[2011/12/09 17:01:34 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{0F122BCC-ED5A-45E2-A872-CEB13AFFEB0F}
[2011/12/08 22:47:04 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{98B804AF-5B79-412A-9B66-9BA2DF159843}
[2011/12/08 22:46:49 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{7E5065D3-ED9D-43B1-BBF6-6009D0FCA67A}
[2011/12/08 10:46:34 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{6A85A87F-16FC-4891-A0E8-62C2199B1F9D}
[2011/12/08 10:46:20 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{CDF2A01B-7F33-4EA1-B731-B998C4FA3876}
[2011/12/07 08:32:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{16152AEC-52C1-4D85-B447-A691C4598FF4}
[2011/12/07 08:32:00 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{F00EAF10-61B7-496F-8428-CC5EC20EF57C}
[2011/12/05 21:16:02 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Skyrim
[2011/12/05 21:13:58 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\My Games
[2011/12/05 14:03:10 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{004FF11D-F95A-493B-8573-CD65AA203F95}
[2011/12/05 14:02:57 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{B68F7580-203F-45F3-955D-163A8C055AF3}
[2011/12/04 20:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\RNDIS
[2011/12/04 17:50:10 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\TI-Nspire
[2011/12/04 17:49:36 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Texas Instruments
[2011/12/04 17:48:54 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\TI-Nspire
[2011/12/04 17:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TI Shared
[2011/12/04 17:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\TI Education
[2011/12/04 06:25:04 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{80FD7530-EF1D-4EE9-82E1-B2A0CA87BA33}
[2011/12/04 06:24:49 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{FCA2DC27-8FA9-4062-9E1B-464AAC9F7B9A}
[2011/12/03 00:25:50 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{9AA02FFF-723C-48C2-9FE1-6918D2BA616D}
[2011/12/03 00:25:38 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{DF53E1F9-80B5-4108-85C3-078555A9F666}
[2011/12/02 12:25:23 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{DB15A032-484A-458A-ABD1-B19826404010}
[2011/12/02 12:24:57 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{D198C4F0-F69F-4B78-B055-B6D6818C884E}
[2011/12/01 23:29:49 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{49A0E981-59BD-463C-8B04-974FAD4E0343}
[2011/12/01 23:29:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{6C0B0417-2459-4928-AA31-F5F4D6061BC3}
[2011/12/01 11:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{15B628D0-B56A-458B-8BDE-B195582D3FE7}
[2011/12/01 11:28:51 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{DDB1A744-6E86-4209-B42A-D954EFBE512A}
[2011/11/30 21:33:20 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{E11FA90D-119B-4DC5-826E-5BEFB332D88F}
[2011/11/30 21:33:08 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{279FC59A-5E80-4CC7-8C73-64E730EE5DA5}
[2011/11/30 09:32:54 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{FBE03DA2-C5B2-4FDB-94A8-480C986C87DC}
[2011/11/30 09:32:39 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{8D7A1E88-1FDA-4383-A96E-C4D2C1B60090}
[2011/11/29 11:23:52 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{4177E9FE-350F-468B-968B-19CDB5E9BF99}
[2011/11/29 11:23:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{DD2D2EEE-DED7-4048-BE0B-CD4BD1BADF9B}
[2011/11/28 11:20:14 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{55487F4C-2DC8-40BD-990A-7187D1A6D35C}
[2011/11/28 11:19:55 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{AA54AA68-C615-4E5F-857E-F0954A53DDE5}
[2011/11/27 19:48:19 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{6F07536F-0CC0-46F5-AC12-5CB1AF23032D}
[2011/11/27 19:48:05 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{9949994F-3DD3-4A71-830F-BCB0AADADC20}
[2011/11/26 09:26:52 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{5A7B00E4-9822-4EFE-B671-0C521FFF478B}
[2011/11/26 09:26:34 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{63060751-046E-4D17-AD2F-0204F29F9491}
[2011/11/25 09:47:42 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{0D6E2C36-9005-490A-9532-ADB8B487FE1F}
[2011/11/25 09:47:23 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{E7AD65BB-0556-4E7B-8CED-A13052BA62A1}
[2011/11/24 13:33:59 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{351DF586-AB10-4009-8F56-46ED8CB29CCD}
[2011/11/24 13:33:46 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{421C76D6-139B-4C9A-BACC-7E38F67E688D}
[2011/11/23 21:41:25 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{9351924D-8F47-45CD-96EC-929A0C86A4B6}
[2011/11/23 21:41:13 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{AA9235BB-8428-4B47-927E-2AED5F4B1270}
[2011/11/23 09:40:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{133B9EBD-23D2-431C-B451-B063B841701B}
[2011/11/23 09:40:18 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{22CB549D-35A8-406C-824C-99B598F99A09}
[2011/11/22 20:37:49 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{E40FB2A8-BD3B-4E0E-89C7-16CFD1EE6D04}
[2011/11/22 20:37:32 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{5CAABB68-85A1-4264-A69D-2DD2086DC4E8}
[2011/11/21 12:05:40 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2011/11/21 12:05:40 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ApnoeTrainer
[2011/11/21 12:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ApnoeTrainer
[2011/11/21 12:05:40 | 000,000,000 | ---D | C] -- C:\ApnoeTrainer
[2011/11/21 10:33:39 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{15177C02-4970-4CC2-8FB1-E80B16BC5186}
[2011/11/21 10:33:23 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{E8073CB3-F9E6-404F-9C2F-66E3D818CF6F}
[2011/11/20 12:44:58 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{EC29DBE5-8D1C-42B3-8201-3DBD154297BF}
[2011/11/20 12:44:46 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{607A4B90-270E-406F-8F21-96D6758C34BE}
[2011/11/20 00:44:33 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{02BE4623-0255-4265-BDD9-5D130C2DD7EF}
[2011/11/20 00:44:20 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{461F3D5A-F51C-46B0-AD02-76E6C040714C}
[2011/11/19 12:44:06 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{FDB317EB-7F7E-435B-BC63-1A37D920988C}
[2011/11/19 12:43:53 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{C9ED9716-8A1D-449F-AF72-410372928EEA}
[2011/11/18 18:04:16 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{DFCA0339-FE3F-4527-B4FE-EE1405C5D640}
[2011/11/18 18:03:36 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{66C4DB57-BDE6-42DF-A51F-0FB9FB6687C3}

========== Files - Modified Within 30 Days ==========

[2011/12/18 11:00:16 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 11:00:16 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 10:55:08 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/12/18 10:54:02 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/18 10:53:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/18 10:52:56 | 2413,531,136 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/18 10:50:31 | 000,000,512 | ---- | M] () -- C:\Users\Nick\Documents\MBR.dat
[2011/12/17 23:56:19 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nick\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/17 23:52:08 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nick\Desktop\tdsskiller.exe
[2011/12/17 23:52:03 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Nick\Desktop\aswMBR.exe
[2011/12/17 18:02:48 | 004,341,424 | R--- | M] (Swearware) -- C:\Users\Nick\Desktop\ComboFix.exe
[2011/12/16 21:42:19 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/16 21:42:19 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/16 14:50:34 | 000,001,996 | ---- | M] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/16 12:21:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/12/16 12:21:12 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/16 12:21:12 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/16 12:21:12 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/16 10:40:34 | 003,765,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/15 23:20:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/15 23:20:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/11/24 14:25:27 | 002,342,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/21 12:05:40 | 000,000,656 | ---- | M] () -- C:\Users\Nick\Desktop\ApnoeTrainer 1.0.lnk
[2011/11/21 10:33:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/12/18 10:54:02 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/18 10:50:31 | 000,000,512 | ---- | C] () -- C:\Users\Nick\Documents\MBR.dat
[2011/12/17 18:04:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/17 18:04:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/17 18:04:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/17 18:04:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/17 18:04:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/15 23:20:46 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/12/15 23:20:46 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/11/21 12:05:40 | 000,000,656 | ---- | C] () -- C:\Users\Nick\Desktop\ApnoeTrainer 1.0.lnk
[2011/06/07 16:46:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/19 11:06:43 | 000,007,168 | ---- | C] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/28 15:10:29 | 000,000,000 | ---- | C] () -- C:\Users\Nick\AppData\Local\prvlcl.dat
[2010/12/22 15:54:27 | 000,140,024 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/12/22 15:54:27 | 000,138,056 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\PnkBstrK.sys
[2010/12/22 15:54:03 | 000,280,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/12/22 15:54:01 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/12/22 15:54:01 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/12/05 13:36:49 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 14:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 14:33:53 | 003,765,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 12:05:48 | 000,628,460 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 12:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 12:05:48 | 000,110,612 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 12:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 12:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 12:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 09:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/13 08:39:12 | 000,020,480 | ---- | C] () -- C:\Windows\System32\wbvfsinst.dll
[2007/11/14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BC359956

< End of report >

OTL Extras:

OTL Extras logfile created on: 12/18/2011 11:13:10 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nick\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 62.09% Memory free
5.99 Gb Paging File | 4.75 Gb Available in Paging File | 79.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.44 Gb Total Space | 42.48 Gb Free Space | 14.73% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 85.62 Gb Free Space | 28.72% Space Free | Partition Type: NTFS
Drive E: | 9.65 Gb Total Space | 1.65 Gb Free Space | 17.06% Space Free | Partition Type: NTFS

Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61FFBE12-E3AD-442A-B261-A086041DB37A}" = Validity WinBio DDK
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BBF5B57A-3A78-4A46-855C-766EB333F989}" = DigitalPersona Enrollment 1.0.0
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPANET 2.0" = EPANET 2.0
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"FX Graph 4_is1" = FX Graph 4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 24980" = Mass Effect 2
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smad" = SanctionedMedia

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2011 4:39:52 AM | Computer Name = Nick-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 8.0.0.4325 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 18e0 Start
Time: 01ccbb0513fada65 Termination Time: 96 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 5976380b-26f8-11e1-bfc2-002186ca4382

Error - 12/15/2011 7:07:45 AM | Computer Name = Nick-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....0D92D84979.crt>
with error: 12030 (0x2efe).

Error - 12/15/2011 7:07:45 AM | Computer Name = Nick-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....0D92D84979.crt>
with error: 12030 (0x2efe).

Error - 12/15/2011 8:48:06 AM | Computer Name = Nick-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 8.0.0.4325 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 580 Start
Time: 01ccbb27ba134ece Termination Time: 142 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 068408f1-271b-11e1-b9da-002186ca4382

Error - 12/15/2011 10:25:44 AM | Computer Name = Nick-PC | Source = Windows Search Service | ID = 3007
Description =

Error - 12/15/2011 11:37:21 PM | Computer Name = Nick-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 8.0.0.4325 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 12b8 Start
Time: 01ccbba3de69dd80 Termination Time: 95 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 3b1e57fb-2797-11e1-a4ca-002186ca4382

Error - 12/17/2011 4:08:15 AM | Computer Name = Nick-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 8.0.0.4325 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 9fc Start
Time: 01ccbc92fae940cb Termination Time: 78 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 4294da03-2886-11e1-aac9-002186ca4382

Error - 12/17/2011 9:21:40 AM | Computer Name = Nick-PC | Source = System Restore | ID = 8206
Description =

Error - 12/17/2011 9:41:10 AM | Computer Name = Nick-PC | Source = System Restore | ID = 8206
Description =

Error - 12/17/2011 2:44:55 PM | Computer Name = Nick-PC | Source = Application Error | ID = 1000
Description = Faulting application name: swxcacls.3XE, version: 1.0.1.1, time stamp:
0x2a425e19 Faulting module name: swxcacls.3XE, version: 1.0.1.1, time stamp: 0x2a425e19
Exception
code: 0xc0000005 Fault offset: 0x00004b2a Faulting process id: 0xa6c Faulting application
start time: 0x01ccbcc4bded3eaf Faulting application path: C:\ComboFix\swxcacls.3XE
Faulting
module path: C:\ComboFix\swxcacls.3XE Report Id: 36108c5f-28df-11e1-bc3e-002186ca4382

[ System Events ]
Error - 7/26/2011 2:10:08 AM | Computer Name = Nick-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 7/27/2011 7:35:44 AM | Computer Name = Nick-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 8/2/2011 4:48:34 AM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 8/2/2011 4:56:54 AM | Computer Name = Nick-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\DR0.

Error - 8/2/2011 7:33:41 AM | Computer Name = Nick-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:41:03 PM on ?2/?08/?2011 was unexpected.

Error - 8/2/2011 8:31:18 PM | Computer Name = Nick-PC | Source = bowser | ID = 8003
Description =

Error - 8/3/2011 11:20:19 PM | Computer Name = Nick-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 8/11/2011 4:54:12 AM | Computer Name = Nick-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 8/11/2011 5:18:16 AM | Computer Name = Nick-PC | Source = DCOM | ID = 10010
Description =

Error - 8/11/2011 9:03:29 PM | Computer Name = Nick-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >

ComboFix Report:

ComboFix 11-12-16.03 - Nick 18/12/2011 12:01:18.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3069.2234 [GMT 10:00]
Running from: c:\users\Nick\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Windows
c:\programdata\windows\dumd.dat
c:\programdata\Windows\xdor.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-18 02:11 . 2011-12-18 02:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-18 00:54 . 2011-12-18 00:54 -------- d-----w- c:\users\Nick\AppData\Roaming\Malwarebytes
2011-12-18 00:54 . 2011-12-18 00:54 -------- d-----w- c:\programdata\Malwarebytes
2011-12-18 00:53 . 2011-12-18 00:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-18 00:53 . 2011-08-31 07:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-16 02:22 . 2011-12-16 02:22 -------- d-----w- c:\program files\Common Files\Java
2011-12-16 02:21 . 2011-12-16 02:21 -------- d-----w- c:\program files\Java
2011-12-15 11:55 . 2011-11-05 04:35 981504 ----a-w- c:\windows\system32\wininet.dll
2011-12-15 11:54 . 2011-11-05 04:30 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-12-15 11:54 . 2011-11-05 04:30 860672 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-12-15 11:54 . 2011-11-05 02:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-15 10:44 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 10:44 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 10:43 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 10:43 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 10:39 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 10:39 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 13:01 . 2011-12-14 13:01 -------- d-----w- c:\users\Nick\AppData\Local\SanctionedMedia
2011-12-10 01:07 . 2011-12-15 13:20 -------- d-----w- c:\program files\LIMBO
2011-12-05 11:16 . 2011-12-05 11:16 -------- d-----w- c:\users\Nick\AppData\Local\Skyrim
2011-12-04 10:15 . 2011-12-04 10:15 -------- d-----w- c:\programdata\RNDIS
2011-12-04 07:50 . 2011-12-04 07:50 -------- d-----w- c:\users\Nick\AppData\Roaming\TI-Nspire
2011-12-04 07:49 . 2011-12-04 10:16 -------- d-----w- c:\users\Nick\AppData\Roaming\Texas Instruments
2011-12-04 07:48 . 2011-12-04 07:48 -------- d-----w- c:\program files\Common Files\TI Shared
2011-12-04 07:48 . 2011-12-16 01:23 -------- d-----w- c:\program files\TI Education
2011-11-21 02:05 . 2011-11-21 02:05 -------- d-----w- C:\ApnoeTrainer
2011-11-21 02:05 . 2004-03-09 06:45 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 00:52 . 2011-06-07 06:46 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-16 02:21 . 2011-10-03 06:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-21 00:33 . 2011-05-29 01:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-18 00:45 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-10-06 20:23 . 2011-10-06 20:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-03 20:21 . 2011-10-03 20:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-29 16:03 . 2011-11-09 02:19 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 08:50 . 2011-03-24 09:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-02 2415456]
.
c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [2011-11-22 2391832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-11 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-27 599344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 USBTINSP;TI-Nspire™ Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2010-03-29 122752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-22 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-10 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-12 32592]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-22 47968]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-06 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-10 295248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-02 81920]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-01 192776]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-10 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-10 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-03 16720]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-04 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-04-25 32256]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-20 100184]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-07-14 6814720]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-10-26 322664]
.
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\sw4ta9li.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-02897406.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-18 12:13:34
ComboFix-quarantined-files.txt 2011-12-18 02:13
.
Pre-Run: 47,642,796,032 bytes free
Post-Run: 48,585,981,952 bytes free
.
- - End Of File - - B6344502F4F1F7174015AA3153B959D5
  • 0

#4
nacholas

nacholas

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Disk Management Attached.

Attached Thumbnails

  • diskman.JPG

  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Uninstall
Adobe Reader 9.4.6 - obsolete get latest at adobe.com
Adobe Flash Player 10 ActiveX - obsolete get latest at adobe.com


Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
[2011/12/15 21:25:53 | 000,011,630 | -HS- | M] () -- C:\Users\Lawrence\AppData\Local\657405y0j711t125n073v2rlu0r2
[2011/12/15 21:25:53 | 000,011,630 | -HS- | M] () -- C:\ProgramData\657405y0j711t125n073v2rlu0r2

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config astcc start= disabled /c
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c

     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. This will also create a program winsock2.reg on your desktop. Just leave it for now. It is backup insurance for the next step.


Run OTL again, Quickscan and post the log.
  • 0

#6
nacholas

nacholas

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hey sorry about the late reply have been away on work. Thanks again for your assistance. So far everything seems to be in working order and the problems have stopped.

SigVerif

dpsetup.exe - Modifided - 15/04/2009 - Application
wbvfinst.dll - Modified - 13/05/2009 - Application
wbvfs201.dll - Modified - 15/05/2009 - Application

VEW

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 22/12/2011 7:05:08 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/12/2011 10:01:59 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/12/2011 8:22:55 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/11/2011 2:10:50 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/09/2011 12:27:53 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 14/09/2011 5:09:18 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 08/09/2011 12:47:29 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 02/09/2011 12:59:04 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 22/08/2011 5:14:08 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 02/08/2011 11:33:09 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 05/06/2011 9:58:19 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/12/2011 1:12:06 AM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Log: 'System' Date/Time: 22/12/2011 1:11:13 AM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 22/12/2011 1:11:13 AM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 22/12/2011 1:11:13 AM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 22/12/2011 1:11:13 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

Log: 'System' Date/Time: 22/12/2011 1:11:11 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Validity Fingerprint Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 22/12/2011 1:11:11 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Validity Fingerprint Service service to connect.

Log: 'System' Date/Time: 21/12/2011 10:08:21 AM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Log: 'System' Date/Time: 21/12/2011 10:02:38 AM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 21/12/2011 10:02:38 AM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 21/12/2011 10:02:35 AM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 21/12/2011 10:02:33 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

Log: 'System' Date/Time: 21/12/2011 10:02:32 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Validity Fingerprint Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 21/12/2011 10:02:32 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Validity Fingerprint Service service to connect.

Log: 'System' Date/Time: 18/12/2011 7:03:26 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 18/12/2011 2:11:39 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 18/12/2011 2:07:42 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 18/12/2011 2:01:11 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 18/12/2011 1:58:30 AM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Log: 'System' Date/Time: 18/12/2011 1:58:23 AM
Type: Error Category: 0
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/12/2011 8:15:35 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name bguru.avg.cz timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 22/12/2011 1:10:56 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0001\5&106f631a&0&2.

Log: 'System' Date/Time: 21/12/2011 10:41:08 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 21/12/2011 10:06:32 AM
Type: Warning Category: 2
Event: 16 Source: Microsoft-Windows-WindowsUpdateClient
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Log: 'System' Date/Time: 21/12/2011 10:02:25 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0001\5&106f631a&0&2.

Log: 'System' Date/Time: 18/12/2011 7:09:59 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 18/12/2011 1:58:00 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0001\5&106f631a&0&2.

Log: 'System' Date/Time: 18/12/2011 1:56:22 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 18/12/2011 1:36:47 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0001\5&106f631a&0&2.

Log: 'System' Date/Time: 18/12/2011 1:35:43 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 18/12/2011 12:53:02 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0001\5&106f631a&0&2.

Log: 'System' Date/Time: 18/12/2011 12:52:02 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/12/2011 9:09:03 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/12/2011 1:58:35 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0001\5&106f631a&0&2.

Log: 'System' Date/Time: 17/12/2011 1:57:36 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/12/2011 1:48:59 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name google.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/12/2011 1:33:21 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0001\5&106f631a&0&2.

Log: 'System' Date/Time: 17/12/2011 1:28:17 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/12/2011 8:43:26 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0001\5&106f631a&0&2.

Log: 'System' Date/Time: 17/12/2011 8:40:18 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

VEW Application

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 22/12/2011 7:06:24 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/12/2011 9:06:35 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:06:32 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:06:30 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:06:28 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:06:27 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:06:24 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:06:22 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:06:21 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:06:19 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:06:17 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:06:16 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:06:13 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:06:10 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:06:09 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:06:07 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:06:05 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:06:03 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:06:02 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:06:00 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

Log: 'Application' Date/Time: 22/12/2011 9:05:59 AM
Type: Error Category: 0
Event: 11330 Source: MsiInstaller
SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2012\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24577 was returned by WinVerifyTrust.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/12/2011 1:56:15 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3891164568-2960901751-742592403-1000:
Process 3740 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3891164568-2960901751-742592403-1000\Software\Microsoft\Windows\CurrentVersion\Explorer


Log: 'Application' Date/Time: 18/12/2011 1:52:23 AM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 18/12/2011 1:51:53 AM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 18/12/2011 1:44:10 AM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 18/12/2011 1:44:01 AM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0


TDDSKiller

19:07:12.0381 5320 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
19:07:14.0382 5320 ============================================================
19:07:14.0382 5320 Current date / time: 2011/12/22 19:07:14.0382
19:07:14.0382 5320 SystemInfo:
19:07:14.0382 5320
19:07:14.0383 5320 OS Version: 6.1.7601 ServicePack: 1.0
19:07:14.0383 5320 Product type: Workstation
19:07:14.0383 5320 ComputerName: NICK-PC
19:07:14.0383 5320 UserName: Nick
19:07:14.0383 5320 Windows directory: C:\Windows
19:07:14.0383 5320 System windows directory: C:\Windows
19:07:14.0383 5320 Processor architecture: Intel x86
19:07:14.0383 5320 Number of processors: 2
19:07:14.0383 5320 Page size: 0x1000
19:07:14.0383 5320 Boot type: Normal boot
19:07:14.0383 5320 ============================================================
19:07:17.0856 5320 Initialize success
19:07:41.0781 3352 ============================================================
19:07:41.0781 3352 Scan started
19:07:41.0781 3352 Mode: Manual; SigCheck; TDLFS;
19:07:41.0781 3352 ============================================================
19:07:43.0480 3352 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:07:43.0528 3352 1394ohci - ok
19:07:43.0585 3352 Accelerometer (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
19:07:43.0594 3352 Accelerometer - ok
19:07:43.0643 3352 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:07:43.0658 3352 ACPI - ok
19:07:43.0884 3352 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:07:43.0919 3352 AcpiPmi - ok
19:07:44.0030 3352 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:07:44.0048 3352 adp94xx - ok
19:07:44.0098 3352 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:07:44.0113 3352 adpahci - ok
19:07:44.0320 3352 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:07:44.0333 3352 adpu320 - ok
19:07:44.0407 3352 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:07:44.0425 3352 AFD - ok
19:07:44.0692 3352 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
19:07:44.0715 3352 AgereSoftModem - ok
19:07:44.0766 3352 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:07:44.0776 3352 agp440 - ok
19:07:44.0844 3352 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:07:44.0856 3352 aic78xx - ok
19:07:45.0103 3352 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:07:45.0112 3352 aliide - ok
19:07:45.0155 3352 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:07:45.0166 3352 amdagp - ok
19:07:45.0195 3352 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:07:45.0205 3352 amdide - ok
19:07:45.0286 3352 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:07:45.0326 3352 AmdK8 - ok
19:07:45.0523 3352 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:07:45.0558 3352 AmdPPM - ok
19:07:45.0630 3352 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:07:45.0641 3352 amdsata - ok
19:07:45.0732 3352 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:07:45.0744 3352 amdsbs - ok
19:07:45.0944 3352 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:07:45.0954 3352 amdxata - ok
19:07:46.0035 3352 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:07:46.0084 3352 AppID - ok
19:07:46.0385 3352 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:07:46.0396 3352 arc - ok
19:07:46.0439 3352 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:07:46.0451 3352 arcsas - ok
19:07:46.0536 3352 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:07:46.0588 3352 AsyncMac - ok
19:07:46.0801 3352 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:07:46.0811 3352 atapi - ok
19:07:46.0909 3352 Avgfwfd (c46ba2c177df0b84f9c0bfc1e4574dc7) C:\Windows\system32\DRIVERS\avgfwd6x.sys
19:07:46.0916 3352 Avgfwfd - ok
19:07:47.0146 3352 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
19:07:47.0167 3352 AVGIDSDriver - ok
19:07:47.0209 3352 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
19:07:47.0217 3352 AVGIDSEH - ok
19:07:47.0270 3352 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
19:07:47.0278 3352 AVGIDSFilter - ok
19:07:47.0323 3352 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
19:07:47.0330 3352 AVGIDSShim - ok
19:07:47.0556 3352 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
19:07:47.0568 3352 Avgldx86 - ok
19:07:47.0621 3352 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
19:07:47.0629 3352 Avgmfx86 - ok
19:07:47.0697 3352 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
19:07:47.0705 3352 Avgrkx86 - ok
19:07:47.0935 3352 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
19:07:47.0948 3352 Avgtdix - ok
19:07:48.0057 3352 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:07:48.0086 3352 b06bdrv - ok
19:07:48.0303 3352 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:07:48.0338 3352 b57nd60x - ok
19:07:48.0435 3352 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:07:48.0479 3352 Beep - ok
19:07:48.0530 3352 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:07:48.0545 3352 blbdrive - ok
19:07:48.0719 3352 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:07:48.0761 3352 bowser - ok
19:07:48.0883 3352 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:07:48.0941 3352 BrFiltLo - ok
19:07:48.0994 3352 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:07:49.0028 3352 BrFiltUp - ok
19:07:49.0180 3352 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:07:49.0197 3352 Brserid - ok
19:07:49.0316 3352 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:07:49.0353 3352 BrSerWdm - ok
19:07:49.0399 3352 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:07:49.0439 3352 BrUsbMdm - ok
19:07:49.0486 3352 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:07:49.0521 3352 BrUsbSer - ok
19:07:49.0771 3352 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
19:07:49.0790 3352 BthEnum - ok
19:07:49.0862 3352 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:07:49.0908 3352 BTHMODEM - ok
19:07:50.0175 3352 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
19:07:50.0189 3352 BthPan - ok
19:07:50.0262 3352 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
19:07:50.0281 3352 BTHPORT - ok
19:07:50.0326 3352 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
19:07:50.0340 3352 BTHUSB - ok
19:07:50.0558 3352 catchme - ok
19:07:50.0778 3352 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:07:50.0824 3352 cdfs - ok
19:07:50.0940 3352 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
19:07:50.0954 3352 cdrom - ok
19:07:51.0171 3352 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:07:51.0185 3352 circlass - ok
19:07:51.0266 3352 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:07:51.0280 3352 CLFS - ok
19:07:51.0375 3352 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:07:51.0389 3352 CmBatt - ok
19:07:51.0465 3352 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:07:51.0475 3352 cmdide - ok
19:07:51.0665 3352 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
19:07:51.0699 3352 CNG - ok
19:07:51.0790 3352 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:07:51.0800 3352 Compbatt - ok
19:07:51.0937 3352 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:07:51.0972 3352 CompositeBus - ok
19:07:52.0115 3352 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:07:52.0125 3352 crcdisk - ok
19:07:52.0343 3352 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
19:07:52.0421 3352 CSC - ok
19:07:52.0547 3352 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:07:52.0598 3352 DfsC - ok
19:07:52.0806 3352 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:07:52.0850 3352 discache - ok
19:07:52.0918 3352 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:07:52.0928 3352 Disk - ok
19:07:53.0073 3352 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:07:53.0086 3352 drmkaud - ok
19:07:53.0260 3352 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:07:53.0297 3352 DXGKrnl - ok
19:07:53.0439 3352 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:07:53.0568 3352 ebdrv - ok
19:07:53.0682 3352 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:07:53.0717 3352 elxstor - ok
19:07:53.0913 3352 enecir (29dcaeb81dde6f154aa4d36b18ecbb1f) C:\Windows\system32\DRIVERS\enecir.sys
19:07:53.0932 3352 enecir - ok
19:07:53.0983 3352 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:07:53.0995 3352 ErrDev - ok
19:07:54.0133 3352 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:07:54.0160 3352 exfat - ok
19:07:54.0319 3352 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:07:54.0376 3352 fastfat - ok
19:07:54.0434 3352 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:07:54.0487 3352 fdc - ok
19:07:54.0634 3352 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:07:54.0645 3352 FileInfo - ok
19:07:54.0797 3352 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:07:54.0844 3352 Filetrace - ok
19:07:54.0896 3352 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:07:54.0931 3352 flpydisk - ok
19:07:55.0082 3352 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:07:55.0095 3352 FltMgr - ok
19:07:55.0273 3352 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:07:55.0283 3352 FsDepends - ok
19:07:55.0318 3352 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:07:55.0328 3352 Fs_Rec - ok
19:07:55.0452 3352 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:07:55.0468 3352 fvevol - ok
19:07:55.0664 3352 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:07:55.0675 3352 gagp30kx - ok
19:07:55.0747 3352 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:07:55.0755 3352 GEARAspiWDM - ok
19:07:55.0844 3352 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:07:55.0904 3352 hcw85cir - ok
19:07:56.0088 3352 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:07:56.0103 3352 HdAudAddService - ok
19:07:56.0224 3352 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:07:56.0244 3352 HDAudBus - ok
19:07:56.0307 3352 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:07:56.0348 3352 HidBatt - ok
19:07:56.0494 3352 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:07:56.0530 3352 HidBth - ok
19:07:56.0634 3352 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:07:56.0650 3352 HidIr - ok
19:07:56.0718 3352 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
19:07:56.0731 3352 HidUsb - ok
19:07:56.0955 3352 hpdskflt (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
19:07:56.0961 3352 hpdskflt - ok
19:07:57.0041 3352 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
19:07:57.0092 3352 HpqKbFiltr - ok
19:07:57.0330 3352 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:07:57.0341 3352 HpSAMD - ok
19:07:57.0427 3352 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:07:57.0484 3352 HTTP - ok
19:07:57.0566 3352 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:07:57.0576 3352 hwpolicy - ok
19:07:57.0813 3352 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:07:57.0825 3352 i8042prt - ok
19:07:57.0893 3352 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:07:57.0909 3352 iaStorV - ok
19:07:58.0148 3352 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:07:58.0159 3352 iirsp - ok
19:07:58.0211 3352 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:07:58.0221 3352 intelide - ok
19:07:58.0269 3352 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:07:58.0281 3352 intelppm - ok
19:07:58.0531 3352 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:07:58.0579 3352 IpFilterDriver - ok
19:07:58.0643 3352 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:07:58.0685 3352 IPMIDRV - ok
19:07:58.0806 3352 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:07:58.0849 3352 IPNAT - ok
19:07:58.0996 3352 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:07:59.0027 3352 IRENUM - ok
19:07:59.0218 3352 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:07:59.0228 3352 isapnp - ok
19:07:59.0288 3352 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:07:59.0300 3352 iScsiPrt - ok
19:07:59.0432 3352 JMCR (ed9103e5b70761ebc9809f4bd9673bb2) C:\Windows\system32\DRIVERS\jmcr.sys
19:07:59.0491 3352 JMCR - ok
19:07:59.0657 3352 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
19:07:59.0666 3352 kbdclass - ok
19:07:59.0795 3352 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:07:59.0809 3352 kbdhid - ok
19:07:59.0879 3352 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
19:07:59.0890 3352 KSecDD - ok
19:08:00.0057 3352 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
19:08:00.0070 3352 KSecPkg - ok
19:08:00.0202 3352 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:08:00.0245 3352 lltdio - ok
19:08:00.0355 3352 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:08:00.0368 3352 LSI_FC - ok
19:08:00.0498 3352 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:08:00.0510 3352 LSI_SAS - ok
19:08:00.0630 3352 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:08:00.0641 3352 LSI_SAS2 - ok
19:08:00.0717 3352 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:08:00.0728 3352 LSI_SCSI - ok
19:08:00.0865 3352 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:08:00.0908 3352 luafv - ok
19:08:01.0121 3352 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
19:08:01.0131 3352 MBAMProtector - ok
19:08:01.0238 3352 MBAMSwissArmy - ok
19:08:01.0307 3352 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:08:01.0317 3352 megasas - ok
19:08:01.0494 3352 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:08:01.0508 3352 MegaSR - ok
19:08:01.0654 3352 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:08:01.0705 3352 Modem - ok
19:08:01.0887 3352 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:08:01.0903 3352 monitor - ok
19:08:02.0011 3352 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
19:08:02.0021 3352 mouclass - ok
19:08:02.0145 3352 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:08:02.0157 3352 mouhid - ok
19:08:02.0315 3352 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:08:02.0327 3352 mountmgr - ok
19:08:02.0428 3352 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:08:02.0438 3352 mpio - ok
19:08:02.0626 3352 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:08:02.0678 3352 mpsdrv - ok
19:08:02.0805 3352 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:08:02.0862 3352 MRxDAV - ok
19:08:03.0272 3352 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:08:03.0368 3352 mrxsmb - ok
19:08:03.0603 3352 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:08:03.0640 3352 mrxsmb10 - ok
19:08:03.0691 3352 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:08:03.0734 3352 mrxsmb20 - ok
19:08:03.0915 3352 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:08:03.0925 3352 msahci - ok
19:08:04.0037 3352 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:08:04.0048 3352 msdsm - ok
19:08:04.0135 3352 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:08:04.0159 3352 Msfs - ok
19:08:04.0321 3352 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:08:04.0363 3352 mshidkmdf - ok
19:08:04.0457 3352 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:08:04.0467 3352 msisadrv - ok
19:08:04.0559 3352 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:08:04.0600 3352 MSKSSRV - ok
19:08:04.0781 3352 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:08:04.0830 3352 MSPCLOCK - ok
19:08:04.0927 3352 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:08:04.0972 3352 MSPQM - ok
19:08:05.0047 3352 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:08:05.0057 3352 MsRPC - ok
19:08:05.0102 3352 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:08:05.0112 3352 mssmbios - ok
19:08:05.0272 3352 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:08:05.0320 3352 MSTEE - ok
19:08:05.0417 3352 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:08:05.0452 3352 MTConfig - ok
19:08:05.0540 3352 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:08:05.0551 3352 Mup - ok
19:08:05.0759 3352 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:08:05.0782 3352 NativeWifiP - ok
19:08:05.0934 3352 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:08:05.0952 3352 NDIS - ok
19:08:06.0011 3352 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:08:06.0061 3352 NdisCap - ok
19:08:06.0253 3352 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:08:06.0312 3352 NdisTapi - ok
19:08:06.0438 3352 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:08:06.0480 3352 Ndisuio - ok
19:08:06.0563 3352 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:08:06.0586 3352 NdisWan - ok
19:08:06.0789 3352 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:08:06.0811 3352 NDProxy - ok
19:08:06.0939 3352 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys
19:08:06.0996 3352 Netaapl ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0996 3352 Netaapl - detected UnsignedFile.Multi.Generic (1)
19:08:07.0123 3352 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:08:07.0173 3352 NetBIOS - ok
19:08:07.0330 3352 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:08:07.0381 3352 NetBT - ok
19:08:07.0701 3352 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
19:08:08.0089 3352 NETw5s32 - ok
19:08:08.0458 3352 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
19:08:08.0661 3352 netw5v32 - ok
19:08:08.0953 3352 NETwNs32 (29e4f23d31fb66c7bf0014d36cf5af2a) C:\Windows\system32\DRIVERS\NETwNs32.sys
19:08:09.0069 3352 NETwNs32 - ok
19:08:09.0276 3352 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:08:09.0287 3352 nfrd960 - ok
19:08:09.0338 3352 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:08:09.0391 3352 Npfs - ok
19:08:09.0484 3352 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:08:09.0537 3352 nsiproxy - ok
19:08:09.0731 3352 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:08:09.0794 3352 Ntfs - ok
19:08:09.0896 3352 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:08:09.0948 3352 Null - ok
19:08:10.0223 3352 NVHDA (0e40ef12bc029ff8b13043f157452c47) C:\Windows\system32\drivers\nvhda32v.sys
19:08:10.0232 3352 NVHDA - ok
19:08:10.0532 3352 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:08:10.0860 3352 nvlddmkm - ok
19:08:11.0097 3352 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:08:11.0109 3352 nvraid - ok
19:08:11.0152 3352 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:08:11.0164 3352 nvstor - ok
19:08:11.0232 3352 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:08:11.0244 3352 nv_agp - ok
19:08:11.0479 3352 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:08:11.0496 3352 ohci1394 - ok
19:08:11.0598 3352 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:08:11.0632 3352 Parport - ok
19:08:11.0715 3352 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
19:08:11.0726 3352 partmgr - ok
19:08:11.0926 3352 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:08:11.0970 3352 Parvdm - ok
19:08:12.0035 3352 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:08:12.0046 3352 pci - ok
19:08:12.0088 3352 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:08:12.0097 3352 pciide - ok
19:08:12.0179 3352 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:08:12.0192 3352 pcmcia - ok
19:08:12.0395 3352 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:08:12.0405 3352 pcw - ok
19:08:12.0446 3352 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:08:12.0516 3352 PEAUTH - ok
19:08:12.0833 3352 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:08:12.0880 3352 PptpMiniport - ok
19:08:12.0925 3352 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:08:12.0955 3352 Processor - ok
19:08:13.0030 3352 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:08:13.0075 3352 Psched - ok
19:08:13.0334 3352 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:08:13.0399 3352 ql2300 - ok
19:08:13.0444 3352 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:08:13.0456 3352 ql40xx - ok
19:08:13.0500 3352 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:08:13.0515 3352 QWAVEdrv - ok
19:08:13.0690 3352 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:08:13.0745 3352 RasAcd - ok
19:08:13.0894 3352 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:08:13.0955 3352 RasAgileVpn - ok
19:08:14.0044 3352 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:08:14.0094 3352 Rasl2tp - ok
19:08:14.0347 3352 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:08:14.0393 3352 RasPppoe - ok
19:08:14.0490 3352 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:08:14.0536 3352 RasSstp - ok
19:08:14.0627 3352 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:08:14.0672 3352 rdbss - ok
19:08:14.0886 3352 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:08:14.0899 3352 rdpbus - ok
19:08:14.0978 3352 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:08:15.0027 3352 RDPCDD - ok
19:08:15.0106 3352 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
19:08:15.0159 3352 RDPDR - ok
19:08:15.0389 3352 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:08:15.0433 3352 RDPENCDD - ok
19:08:15.0479 3352 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:08:15.0533 3352 RDPREFMP - ok
19:08:15.0624 3352 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
19:08:15.0676 3352 RDPWD - ok
19:08:15.0891 3352 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:08:15.0902 3352 rdyboost - ok
19:08:15.0988 3352 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
19:08:16.0002 3352 RFCOMM - ok
19:08:16.0154 3352 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:08:16.0197 3352 rspndr - ok
19:08:16.0400 3352 RTL8167 (9c5da0bc3301dfca399056fd9adca413) C:\Windows\system32\DRIVERS\Rt86win7.sys
19:08:16.0414 3352 RTL8167 - ok
19:08:16.0508 3352 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
19:08:16.0544 3352 s3cap - ok
19:08:16.0661 3352 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:08:16.0672 3352 sbp2port - ok
19:08:16.0837 3352 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:08:16.0860 3352 scfilter - ok
19:08:16.0960 3352 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
19:08:16.0979 3352 sdbus - ok
19:08:17.0149 3352 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:08:17.0196 3352 secdrv - ok
19:08:17.0312 3352 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:08:17.0347 3352 Serenum - ok
19:08:17.0430 3352 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:08:17.0464 3352 Serial - ok
19:08:17.0603 3352 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:08:17.0620 3352 sermouse - ok
19:08:17.0719 3352 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:08:17.0731 3352 sffdisk - ok
19:08:17.0753 3352 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:08:17.0767 3352 sffp_mmc - ok
19:08:17.0831 3352 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:08:17.0845 3352 sffp_sd - ok
19:08:17.0906 3352 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:08:17.0941 3352 sfloppy - ok
19:08:18.0193 3352 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:08:18.0205 3352 sisagp - ok
19:08:18.0329 3352 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:08:18.0340 3352 SiSRaid2 - ok
19:08:18.0380 3352 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:08:18.0391 3352 SiSRaid4 - ok
19:08:18.0559 3352 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:08:18.0589 3352 Smb - ok
19:08:18.0654 3352 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:08:18.0664 3352 spldr - ok
19:08:18.0767 3352 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:08:18.0799 3352 srv - ok
19:08:18.0962 3352 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:08:18.0994 3352 srv2 - ok
19:08:19.0084 3352 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:08:19.0116 3352 srvnet - ok
19:08:19.0366 3352 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:08:19.0376 3352 stexstor - ok
19:08:19.0504 3352 STHDA (dadb74bf26766757dbba9c5912969ebf) C:\Windows\system32\DRIVERS\stwrt.sys
19:08:19.0540 3352 STHDA - ok
19:08:19.0730 3352 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
19:08:19.0740 3352 storflt - ok
19:08:19.0779 3352 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
19:08:19.0790 3352 storvsc - ok
19:08:19.0868 3352 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:08:19.0878 3352 swenum - ok
19:08:20.0080 3352 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
19:08:20.0093 3352 SynTP - ok
19:08:20.0218 3352 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
19:08:20.0272 3352 Tcpip - ok
19:08:20.0463 3352 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
19:08:20.0488 3352 TCPIP6 - ok
19:08:20.0565 3352 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:08:20.0614 3352 tcpipreg - ok
19:08:20.0732 3352 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:08:20.0775 3352 TDPIPE - ok
19:08:20.0967 3352 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
19:08:21.0010 3352 TDTCP - ok
19:08:21.0096 3352 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:08:21.0142 3352 tdx - ok
19:08:21.0241 3352 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:08:21.0252 3352 TermDD - ok
19:08:21.0430 3352 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:08:21.0485 3352 tssecsrv - ok
19:08:21.0572 3352 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:08:21.0630 3352 TsUsbFlt - ok
19:08:21.0877 3352 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:08:21.0923 3352 tunnel - ok
19:08:22.0013 3352 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:08:22.0024 3352 uagp35 - ok
19:08:22.0268 3352 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:08:22.0313 3352 udfs - ok
19:08:22.0393 3352 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:08:22.0404 3352 uliagpkx - ok
19:08:22.0635 3352 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:08:22.0646 3352 umbus - ok
19:08:22.0724 3352 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:08:22.0736 3352 UmPass - ok
19:08:22.0981 3352 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
19:08:23.0033 3352 USBAAPL - ok
19:08:23.0095 3352 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:08:23.0106 3352 usbccgp - ok
19:08:23.0149 3352 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:08:23.0164 3352 usbcir - ok
19:08:23.0368 3352 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:08:23.0379 3352 usbehci - ok
19:08:23.0441 3352 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:08:23.0454 3352 usbhub - ok
19:08:23.0492 3352 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
19:08:23.0509 3352 usbohci - ok
19:08:23.0752 3352 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:08:23.0768 3352 usbprint - ok
19:08:23.0825 3352 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
19:08:23.0837 3352 USBSTOR - ok
19:08:24.0026 3352 USBTINSP (f9288b919ea3065ad65f33d971604696) C:\Windows\system32\DRIVERS\tinspusb.sys
19:08:24.0130 3352 USBTINSP - ok
19:08:24.0259 3352 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:08:24.0277 3352 usbuhci - ok
19:08:24.0460 3352 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
19:08:24.0476 3352 usbvideo - ok
19:08:24.0596 3352 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:08:24.0606 3352 vdrvroot - ok
19:08:24.0840 3352 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:08:24.0853 3352 vga - ok
19:08:24.0889 3352 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:08:24.0930 3352 VgaSave - ok
19:08:25.0041 3352 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:08:25.0053 3352 vhdmp - ok
19:08:25.0227 3352 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:08:25.0238 3352 viaagp - ok
19:08:25.0314 3352 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:08:25.0361 3352 ViaC7 - ok
19:08:25.0458 3352 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:08:25.0468 3352 viaide - ok
19:08:25.0648 3352 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
19:08:25.0660 3352 vmbus - ok
19:08:25.0698 3352 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
19:08:25.0742 3352 VMBusHID - ok
19:08:25.0836 3352 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:08:25.0846 3352 volmgr - ok
19:08:26.0055 3352 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:08:26.0068 3352 volmgrx - ok
19:08:26.0129 3352 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:08:26.0144 3352 volsnap - ok
19:08:26.0405 3352 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:08:26.0417 3352 vsmraid - ok
19:08:26.0461 3352 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
19:08:26.0474 3352 vwifibus - ok
19:08:26.0509 3352 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
19:08:26.0544 3352 vwififlt - ok
19:08:26.0775 3352 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:08:26.0807 3352 WacomPen - ok
19:08:26.0894 3352 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:08:26.0938 3352 WANARP - ok
19:08:26.0941 3352 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:08:26.0963 3352 Wanarpv6 - ok
19:08:27.0205 3352 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:08:27.0215 3352 Wd - ok
19:08:27.0275 3352 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
19:08:27.0319 3352 WDC_SAM - ok
19:08:27.0486 3352 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:08:27.0504 3352 Wdf01000 - ok
19:08:27.0654 3352 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:08:27.0701 3352 WfpLwf - ok
19:08:27.0752 3352 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:08:27.0762 3352 WIMMount - ok
19:08:28.0013 3352 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
19:08:28.0026 3352 WinUsb - ok
19:08:28.0071 3352 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:08:28.0083 3352 WmiAcpi - ok
19:08:28.0331 3352 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:08:28.0392 3352 ws2ifsl - ok
19:08:28.0548 3352 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:08:28.0589 3352 WudfPf - ok
19:08:28.0804 3352 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:08:28.0833 3352 WUDFRd - ok
19:08:28.0877 3352 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:08:29.0049 3352 \Device\Harddisk0\DR0 - ok
19:08:29.0051 3352 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:08:29.0562 3352 \Device\Harddisk1\DR1 - ok
19:08:29.0565 3352 Boot (0x1200) (84efb03ef1bc975d8a58e2485ee7fad1) \Device\Harddisk0\DR0\Partition0
19:08:29.0566 3352 \Device\Harddisk0\DR0\Partition0 - ok
19:08:29.0593 3352 Boot (0x1200) (4737dbf1d424e8e08735f87377c3e429) \Device\Harddisk0\DR0\Partition1
19:08:29.0594 3352 \Device\Harddisk0\DR0\Partition1 - ok
19:08:29.0596 3352 Boot (0x1200) (235c8f692d52dc9154381f414029ea43) \Device\Harddisk1\DR1\Partition0
19:08:29.0597 3352 \Device\Harddisk1\DR1\Partition0 - ok
19:08:29.0598 3352 ============================================================
19:08:29.0598 3352 Scan finished
19:08:29.0598 3352 ============================================================
19:08:29.0604 5864 Detected object count: 1
19:08:29.0604 5864 Actual detected object count: 1
19:08:52.0881 5864 Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:52.0881 5864 Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:08:58.0749 1392 Deinitialize success

OTL

OTL logfile created on: 12/22/2011 7:20:20 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nick\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 65.50% Memory free
5.99 Gb Paging File | 4.76 Gb Available in Paging File | 79.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.44 Gb Total Space | 44.41 Gb Free Space | 15.40% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 85.62 Gb Free Space | 28.72% Space Free | Partition Type: NTFS
Drive E: | 9.65 Gb Total Space | 1.65 Gb Free Space | 17.10% Space Free | Partition Type: NTFS

Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/16 11:12:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Downloads\OTL.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2011/11/10 18:50:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/16 12:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/03/23 14:53:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/03/23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
PRC - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 18:50:10 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/22 10:33:12 | 000,421,888 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\sw4ta9li.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (astcc)
SRV - [2011/12/08 19:12:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/23 06:43:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe -- (STacSV)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 11:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe -- (AESTFilters)
SRV - [2008/04/27 22:26:44 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/05/13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/11/20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/17 04:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/09/08 06:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/07/14 21:42:23 | 006,814,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel®
DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/03/29 17:30:12 | 000,122,752 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tinspusb.sys -- (USBTINSP) TI-Nspire™
DRV - [2010/03/23 14:53:06 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/01/13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2009/07/14 08:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 08:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008/07/20 19:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/04/25 12:50:02 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 DE 1C D6 CC A6 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/18 11:55:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 18:50:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/03 16:02:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\firefoxext

[2010/11/23 20:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions
[2011/12/17 16:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\sw4ta9li.default\extensions
[2011/10/04 17:29:31 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\sw4ta9li.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011/09/01 16:24:11 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\sw4ta9li.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/06/03 14:40:49 | 000,000,000 | ---D | M] (English (Australian) Dictionary) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\sw4ta9li.default\extensions\[email protected]
[2011/12/16 12:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/16 12:21:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\NICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SW4TA9LI.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011/11/10 18:50:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/16 12:21:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 00:35:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 18:50:10 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/18 12:11:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79EC2CF-8A0F-4055-BD7B-C59804E3E3FA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/08/17 21:15:00 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/22 19:12:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/22 19:04:01 | 000,061,440 | ---- | C] ( ) -- C:\Users\Nick\Desktop\VEW.exe
[2011/12/22 08:37:17 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{D8BC52C0-84D6-4185-9BF4-F85A0E73341F}
[2011/12/22 08:37:03 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{F6EAA348-2E37-4BE3-8834-9498B799E958}
[2011/12/21 20:09:21 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{E9EF227F-A155-4A71-8A62-7640F538EE32}
[2011/12/21 20:09:06 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{8ABA1E72-A45D-47A4-BC93-1D4875CB2C6C}
[2011/12/19 05:04:11 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{76EADA81-CD2C-44CB-9BE6-153F4175F22D}
[2011/12/19 05:03:55 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{7E2F37D6-0371-4139-838B-57FC06726E8F}
[2011/12/18 12:16:52 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{9AE89EE9-1118-4E1C-A937-4AE081F9B94C}
[2011/12/18 12:16:38 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{0CACB1B0-E549-461F-AF72-2ED8F21C946E}
[2011/12/18 12:13:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/18 12:13:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/18 12:13:35 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\temp
[2011/12/18 11:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/12/18 10:54:06 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Malwarebytes
[2011/12/18 10:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/18 10:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/18 10:53:58 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/18 10:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/17 23:55:08 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nick\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/17 23:51:31 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Nick\Desktop\aswMBR.exe
[2011/12/17 23:51:08 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nick\Desktop\tdsskiller.exe
[2011/12/17 18:04:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/17 18:04:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/17 18:04:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/17 18:04:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/17 18:04:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/17 18:02:19 | 004,341,424 | R--- | C] (Swearware) -- C:\Users\Nick\Desktop\ComboFix.exe
[2011/12/17 11:07:53 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{E4C4B250-4AAF-446E-81BE-739D2E49FD96}
[2011/12/17 11:07:36 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{0D3F720A-5024-4F1C-927E-7064279053EF}
[2011/12/16 22:43:04 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{455C78E1-3572-4450-945E-369651D50872}
[2011/12/16 22:42:44 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{46A23D57-D678-4046-B041-E65879FD261A}
[2011/12/16 12:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/16 12:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/16 10:42:12 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{48D75184-2B8E-4B16-9AF7-C79ABE75291C}
[2011/12/16 10:41:57 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{FE02CC75-DBE5-4A56-A324-A5C53440E09D}
[2011/12/15 18:25:29 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{7A5FCCE5-9EB7-40DE-87BE-DA5AA071391A}
[2011/12/15 18:24:55 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{AF82CAE7-D883-4CE8-BF53-A5879430E792}
[2011/12/14 23:01:28 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\SanctionedMedia
[2011/12/14 19:25:53 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{FFA55B6A-9010-4922-9D70-AB4AE8A0EFD2}
[2011/12/14 19:25:40 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{D4A6B5F5-E8E8-4BF8-9E14-B30F38B2A46A}
[2011/12/13 12:16:47 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{740AC092-3343-4221-BC5D-DF81B73B6FAE}
[2011/12/13 12:16:10 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{0E94561E-2ED7-4844-B136-6198A2621031}
[2011/12/12 11:51:24 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{6B607323-C1CE-4CC5-A477-48C61EC5ECED}
[2011/12/12 11:51:08 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{CF53FC55-7068-481E-BE87-A00D4DFC70BF}
[2011/12/11 16:17:46 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{89F83E36-9C05-40F3-B260-1B94A21D56BA}
[2011/12/11 16:17:16 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{94943753-A654-4ECF-939E-8AA08BEDB4B5}
[2011/12/10 11:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LIMBO
[2011/12/10 11:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\LIMBO
[2011/12/10 09:21:41 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{AD310D49-43B3-421B-8FA6-43B41A2D82A2}
[2011/12/10 09:21:24 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{23526FC1-921F-4627-827E-F18AB800B3A8}
[2011/12/09 17:01:47 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{B32F5469-25CC-4C73-A628-DAA0F2C07F5A}
[2011/12/09 17:01:34 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{0F122BCC-ED5A-45E2-A872-CEB13AFFEB0F}
[2011/12/08 22:47:04 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{98B804AF-5B79-412A-9B66-9BA2DF159843}
[2011/12/08 22:46:49 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{7E5065D3-ED9D-43B1-BBF6-6009D0FCA67A}
[2011/12/08 10:46:34 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{6A85A87F-16FC-4891-A0E8-62C2199B1F9D}
[2011/12/08 10:46:20 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{CDF2A01B-7F33-4EA1-B731-B998C4FA3876}
[2011/12/07 08:32:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{16152AEC-52C1-4D85-B447-A691C4598FF4}
[2011/12/07 08:32:00 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{F00EAF10-61B7-496F-8428-CC5EC20EF57C}
[2011/12/05 21:16:02 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Skyrim
[2011/12/05 21:13:58 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\My Games
[2011/12/05 14:03:10 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{004FF11D-F95A-493B-8573-CD65AA203F95}
[2011/12/05 14:02:57 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{B68F7580-203F-45F3-955D-163A8C055AF3}
[2011/12/04 20:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\RNDIS
[2011/12/04 17:50:10 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\TI-Nspire
[2011/12/04 17:49:36 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Texas Instruments
[2011/12/04 17:48:54 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\TI-Nspire
[2011/12/04 17:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TI Shared
[2011/12/04 17:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\TI Education
[2011/12/04 06:25:04 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{80FD7530-EF1D-4EE9-82E1-B2A0CA87BA33}
[2011/12/04 06:24:49 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{FCA2DC27-8FA9-4062-9E1B-464AAC9F7B9A}
[2011/12/03 00:25:50 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{9AA02FFF-723C-48C2-9FE1-6918D2BA616D}
[2011/12/03 00:25:38 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{DF53E1F9-80B5-4108-85C3-078555A9F666}
[2011/12/02 12:25:23 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{DB15A032-484A-458A-ABD1-B19826404010}
[2011/12/02 12:24:57 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{D198C4F0-F69F-4B78-B055-B6D6818C884E}
[2011/12/01 23:29:49 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{49A0E981-59BD-463C-8B04-974FAD4E0343}
[2011/12/01 23:29:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{6C0B0417-2459-4928-AA31-F5F4D6061BC3}
[2011/12/01 11:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{15B628D0-B56A-458B-8BDE-B195582D3FE7}
[2011/12/01 11:28:51 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{DDB1A744-6E86-4209-B42A-D954EFBE512A}
[2011/11/30 21:33:20 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{E11FA90D-119B-4DC5-826E-5BEFB332D88F}
[2011/11/30 21:33:08 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{279FC59A-5E80-4CC7-8C73-64E730EE5DA5}
[2011/11/30 09:32:54 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{FBE03DA2-C5B2-4FDB-94A8-480C986C87DC}
[2011/11/30 09:32:39 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{8D7A1E88-1FDA-4383-A96E-C4D2C1B60090}
[2011/11/29 11:23:52 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{4177E9FE-350F-468B-968B-19CDB5E9BF99}
[2011/11/29 11:23:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{DD2D2EEE-DED7-4048-BE0B-CD4BD1BADF9B}
[2011/11/28 11:20:14 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{55487F4C-2DC8-40BD-990A-7187D1A6D35C}
[2011/11/28 11:19:55 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{AA54AA68-C615-4E5F-857E-F0954A53DDE5}
[2011/11/27 19:48:19 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{6F07536F-0CC0-46F5-AC12-5CB1AF23032D}
[2011/11/27 19:48:05 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{9949994F-3DD3-4A71-830F-BCB0AADADC20}
[2011/11/26 09:26:52 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{5A7B00E4-9822-4EFE-B671-0C521FFF478B}
[2011/11/26 09:26:34 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{63060751-046E-4D17-AD2F-0204F29F9491}
[2011/11/25 09:47:42 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{0D6E2C36-9005-490A-9532-ADB8B487FE1F}
[2011/11/25 09:47:23 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{E7AD65BB-0556-4E7B-8CED-A13052BA62A1}
[2011/11/24 13:33:59 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{351DF586-AB10-4009-8F56-46ED8CB29CCD}
[2011/11/24 13:33:46 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{421C76D6-139B-4C9A-BACC-7E38F67E688D}
[2011/11/23 21:41:25 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{9351924D-8F47-45CD-96EC-929A0C86A4B6}
[2011/11/23 21:41:13 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{AA9235BB-8428-4B47-927E-2AED5F4B1270}
[2011/11/23 09:40:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{133B9EBD-23D2-431C-B451-B063B841701B}
[2011/11/23 09:40:18 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{22CB549D-35A8-406C-824C-99B598F99A09}
[2011/11/22 20:37:49 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{E40FB2A8-BD3B-4E0E-89C7-16CFD1EE6D04}
[2011/11/22 20:37:32 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{5CAABB68-85A1-4264-A69D-2DD2086DC4E8}

========== Files - Modified Within 30 Days ==========

[2011/12/22 19:22:04 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 19:22:04 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 19:14:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/22 19:14:22 | 2413,531,136 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/22 19:12:37 | 000,266,686 | ---- | M] () -- C:\Users\Nick\Desktop\winsock2.reg
[2011/12/22 19:04:01 | 000,061,440 | ---- | M] ( ) -- C:\Users\Nick\Desktop\VEW.exe
[2011/12/22 18:16:35 | 000,098,597 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/12/22 11:44:42 | 000,060,269 | ---- | M] () -- C:\Users\Nick\Documents\Capture.JPG
[2011/12/22 11:17:48 | 084,838,302 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/12/22 11:09:51 | 000,003,672 | ---- | M] () -- C:\bootsqm.dat
[2011/12/19 05:07:21 | 084,521,634 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.old
[2011/12/18 12:24:27 | 000,619,898 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/12/18 12:11:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/18 11:55:30 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/12/18 11:18:47 | 000,108,816 | ---- | M] () -- C:\Users\Nick\Documents\diskman.JPG
[2011/12/18 10:54:02 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/18 10:50:31 | 000,000,512 | ---- | M] () -- C:\Users\Nick\Documents\MBR.dat
[2011/12/17 23:56:19 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nick\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/17 23:52:08 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nick\Desktop\tdsskiller.exe
[2011/12/17 23:52:03 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Nick\Desktop\aswMBR.exe
[2011/12/17 18:02:48 | 004,341,424 | R--- | M] (Swearware) -- C:\Users\Nick\Desktop\ComboFix.exe
[2011/12/16 21:42:19 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/16 21:42:19 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/16 14:50:34 | 000,001,996 | ---- | M] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/16 10:40:34 | 003,765,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/15 23:20:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/15 23:20:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

========== Files Created - No Company Name ==========

[2011/12/22 19:12:37 | 000,266,686 | ---- | C] () -- C:\Users\Nick\Desktop\winsock2.reg
[2011/12/22 11:44:41 | 000,060,269 | ---- | C] () -- C:\Users\Nick\Documents\Capture.JPG
[2011/12/22 11:09:51 | 000,003,672 | ---- | C] () -- C:\bootsqm.dat
[2011/12/18 11:55:30 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/12/18 11:18:47 | 000,108,816 | ---- | C] () -- C:\Users\Nick\Documents\diskman.JPG
[2011/12/18 10:54:02 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/18 10:50:31 | 000,000,512 | ---- | C] () -- C:\Users\Nick\Documents\MBR.dat
[2011/12/17 18:04:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/17 18:04:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/17 18:04:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/17 18:04:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/17 18:04:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/15 23:20:46 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/12/15 23:20:46 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/06/07 16:46:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/19 11:06:43 | 000,007,168 | ---- | C] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/28 15:10:29 | 000,000,000 | ---- | C] () -- C:\Users\Nick\AppData\Local\prvlcl.dat
[2010/12/22 15:54:27 | 000,140,024 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/12/22 15:54:27 | 000,138,056 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\PnkBstrK.sys
[2010/12/22 15:54:03 | 000,280,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/12/22 15:54:01 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/12/22 15:54:01 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/12/05 13:36:49 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 14:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 14:33:53 | 003,765,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 12:05:48 | 000,628,460 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 12:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 12:05:48 | 000,110,612 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 12:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 12:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 12:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 09:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/13 08:39:12 | 000,020,480 | ---- | C] () -- C:\Windows\System32\wbvfsinst.dll
[2007/11/14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll

========== LOP Check ==========

[2011/10/20 12:26:51 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\AVG2012
[2011/08/17 15:32:53 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Efofex
[2011/09/01 10:31:53 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\EPANET
[2011/06/30 20:19:19 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\fdrtools.com
[2011/06/30 20:39:55 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\IrfanView
[2011/03/14 19:05:16 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\NCH Swift Sound
[2011/06/30 20:34:58 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\PhotoScape
[2011/12/04 20:16:27 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Texas Instruments
[2011/12/04 17:50:10 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\TI-Nspire
[2011/12/14 20:48:36 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\uTorrent
[2011/03/04 15:40:27 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Xilisoft
[2011/08/20 10:49:38 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BC359956

< End of report >
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Don't worry about delays. I do not keep track.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after the line:


net  start  BFE

Does it say it is already started or is there another error?
  • 0

#8
nacholas

nacholas

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I get a response "The service name is invalid.
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Download and Save the attached file to your desktop. Right click on the file and Extract All. Find the BFE32.reg file and right click and MERGE. Reboot.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after the line:

sc  query  bfe

  • 0

#10
nacholas

nacholas

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
bfe

Type : 20 WIN32_Share_Process
State : 1 Stopped
Win32_exit_code : 5 (0*5)
Service_exit_code : 0 (0*0)
Checkpoint : 0*0
Wait_hint : 0*0
  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Open up the Services window:

Right click on Computer and select Manage then Servcies and Applications then Services.

Find the IPsec Policy Agent. Right click on it and select Properties then click on the LogOn Tab. It should show that it logs on with Network Service. Does it?

Look at the same thing in BFE. It should say it logs on in Local Service.

Continue for the other services that depend on BFE

IKE and AuthIP IPsec Keying Modules Local Service (just checked, no password given)

Internet Connection Sharing (ICS) Local Service (just checked, no password given)

Routing and Remote Access Local Service (just checked, no password given)

Windows Firewall Local Service with password

If a service is missing let me know.
  • 0

#12
nacholas

nacholas

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
All is in working order except Windows Firewall Local Service is missing.
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Download the attached mpssvc.zip file and save it then right click on it and Extract All then right click on mpssvc.reg and MERGE.

If you get an error please note it.

Do you have the Windows Firewall service now? Does it start?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP