Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows must restart virus/malaware [Closed]

Started by stressrelief , Feb 28 2012 07:13 PM

  • This topic is locked This topic is locked

#1
stressrelief
Posted 28 February 2012 - 07:13 PM

stressrelief

    Member

  • Member
  • PipPip
  • 11 posts
Hi, My computer is been restarting randomly with warnings such as "Windows must now restart because the Plug and Play service terminated unexpectedly --or-- Windows must now restart because the Power service terminated unexpectedly."
I've downloaded malawarebytes, and tried combofix, but it seems like nothing has worked.
Without running shutdown -a, this random warning appears.

Please help me~~~

OTL logfile created on: 2/28/2012 8:09:34 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\dust\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.93 Gb Total Physical Memory | 3.91 Gb Available Physical Memory | 65.99% Memory free
11.85 Gb Paging File | 9.61 Gb Available in Paging File | 81.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 548.41 Gb Free Space | 60.51% Space Free | Partition Type: NTFS

Computer Name: DUST-PC | User Name: dust | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/28 20:05:44 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\dust\Downloads\OTL.exe
PRC - [2012/02/19 01:22:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/14 03:02:10 | 003,886,760 | ---- | M] (Gretech Corp.) -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE
PRC - [2012/01/24 08:19:14 | 003,478,336 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/11/12 10:42:50 | 001,647,448 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/09/20 00:03:02 | 000,822,384 | ---- | M] (ACD Systems) -- C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
PRC - [2011/02/23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/23 10:04:17 | 000,121,000 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2010/10/25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/21 01:40:59 | 000,040,960 | ---- | M] () -- C:\Windows\SysWOW64\UMonit.exe
PRC - [2009/10/21 15:14:50 | 000,147,968 | ---- | M] (X-Rite Inc.) -- C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe
PRC - [2009/10/21 15:14:10 | 000,130,048 | ---- | M] (X-Rite Inc.) -- C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
PRC - [2009/09/30 07:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 07:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/19 14:13:13 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/19 01:22:34 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/14 20:20:01 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f987739a1f8f64f164966e7107bccec8\IAStorUtil.ni.dll
MOD - [2012/02/14 20:15:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/14 20:14:52 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/14 20:14:47 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/14 20:14:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/14 20:14:33 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/14 20:14:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/14 20:14:30 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/14 20:14:23 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/01/30 03:08:02 | 000,761,856 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\GVF.ax
MOD - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/11/15 02:35:24 | 003,373,568 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\libavcodec.dll
MOD - [2011/08/02 01:11:16 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\GRFU.ax
MOD - [2011/04/04 04:15:18 | 000,421,520 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\GomTVStrm.dll
MOD - [2010/10/15 04:35:52 | 001,433,600 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\GAF.ax
MOD - [2010/01/21 01:40:59 | 000,040,960 | ---- | M] () -- C:\Windows\SysWOW64\UMonit.exe
MOD - [2009/10/26 02:52:38 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\ustor.dll
MOD - [2009/08/11 21:21:20 | 001,021,440 | ---- | M] () -- C:\Program Files (x86)\AC3Filter\ac3filter_intl.dll
MOD - [2009/08/11 21:19:04 | 000,797,184 | ---- | M] () -- C:\Program Files (x86)\AC3Filter\ac3filter.ax


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/02/23 10:04:17 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/31 15:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/21 15:14:50 | 000,147,968 | ---- | M] (X-Rite Inc.) [Auto | Running] -- C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe -- (ColorMunkiService)
SRV - [2009/10/21 15:14:10 | 000,130,048 | ---- | M] (X-Rite Inc.) [Auto | Running] -- C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe -- (xritedeviced)
SRV - [2009/09/30 07:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 07:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/12 06:23:29 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/01/13 02:29:54 | 000,048,800 | ---- | M] (NHN) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NSavFlt.sys -- (NSavFlt)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/04 14:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011/03/31 14:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2011/02/23 09:57:43 | 000,127,320 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2011/02/23 09:57:04 | 000,280,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/02/23 09:57:01 | 000,505,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/02/23 09:56:48 | 000,253,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2011/02/23 09:55:53 | 000,053,592 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/02/23 09:55:13 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/02/23 09:55:05 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/02/23 09:54:58 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/02/23 08:34:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 22:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/04/01 14:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/21 21:49:58 | 000,052,224 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ustor2k.sys -- (USTOR2K)
DRV:64bit: - [2009/09/23 04:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/02 14:29:08 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioMobilePre.sys -- (MAUSBMOBILEPRE)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/10 13:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2007/11/02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2007/10/02 08:26:52 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\colormunki_x64.sys -- (colormunki)
DRV:64bit: - [2006/11/16 17:26:44 | 000,019,248 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pdiports.sys -- (PdiPorts)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 1D 5F 19 D5 E9 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@gomtv.com/gomtvx-plugin: C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll (Gretech Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/12 12:05:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/24 17:10:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/19 01:22:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/12 17:33:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dust\AppData\Roaming\Mozilla\Extensions
[2012/02/24 16:53:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dust\AppData\Roaming\Mozilla\Firefox\Profiles\ef939hud.default\extensions
[2012/02/24 16:53:03 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\dust\AppData\Roaming\Mozilla\Firefox\Profiles\ef939hud.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/02/19 14:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/19 01:22:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/08 12:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/08 12:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/27 19:19:02 | 000,000,707 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [ACPW05EN] C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {EF3AFB74-6F3C-491F-8FF2-FBEC88ADEBE5} http://www.kiwidisk....iskCtrl_x64.CAB (Kiwidisk Share Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF3AFB74-6F3C-491F-8FF2-FBEC88ADEBE5} http://www.kiwidisk....iwidiskCtrl.CAB (Kiwidisk Share Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C354EFD3-F659-4323-BDB8-64A19A02FCB7}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/28 02:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/02/28 01:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinMend
[2012/02/28 01:11:06 | 000,000,000 | ---D | C] -- C:\Users\dust\Documents\Adobe
[2012/02/28 00:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/02/28 00:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5
[2012/02/28 00:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/02/27 23:53:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/27 19:19:15 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\PDAppFlex
[2012/02/27 18:53:16 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Local\Wondershare
[2012/02/27 18:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2012/02/27 18:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2012/02/24 17:11:09 | 000,280,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/02/24 17:11:09 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/02/24 17:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/02/24 17:11:08 | 000,127,320 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012/02/24 17:10:44 | 000,253,784 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012/02/24 17:10:44 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/02/24 17:10:43 | 000,505,176 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/02/24 17:10:43 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/02/24 17:10:42 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/02/24 17:10:41 | 000,238,968 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/02/24 17:10:32 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012/02/24 17:10:30 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/02/24 17:10:30 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/24 17:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/24 17:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/24 17:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 17:02:22 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/24 17:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/24 16:53:48 | 000,000,000 | ---D | C] -- C:\Kiwidisk.com
[2012/02/24 16:39:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/24 16:37:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/24 16:27:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/24 14:00:49 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Local\ElevatedDiagnostics
[2012/02/24 13:52:52 | 000,000,000 | ---D | C] -- C:\Users\dust\DoctorWeb
[2012/02/24 10:16:05 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\Malwarebytes
[2012/02/24 10:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/21 21:00:46 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\Alien Skin
[2012/02/20 16:09:41 | 000,000,000 | ---D | C] -- C:\Users\dust\Desktop\Quantum
[2012/02/19 16:58:21 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\Skype
[2012/02/19 16:58:18 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/02/19 16:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/19 16:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/02/19 16:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/02/19 15:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
[2012/02/19 15:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool
[2012/02/19 15:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012/02/19 15:50:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING
[2012/02/19 15:50:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/02/19 15:50:48 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012/02/19 15:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP495 series
[2012/02/19 15:50:38 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/02/19 09:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
[2012/02/19 09:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ACD Systems
[2012/02/15 01:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/02/15 01:44:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/02/15 01:44:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/02/15 01:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime Alternative
[2012/02/15 01:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/02/15 01:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime Alternative
[2012/02/14 19:46:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/02/14 19:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Program
[2012/02/14 19:15:21 | 000,019,248 | ---- | C] (Portrait Displays, Inc.) -- C:\Windows\SysNative\drivers\pdiports.sys
[2012/02/14 19:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Portrait Displays
[2012/02/14 19:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Rite
[2012/02/14 19:14:10 | 000,051,600 | ---- | C] (Thesycon GmbH, Germany) -- C:\Windows\SysNative\drivers\colormunki_x64.sys
[2012/02/14 19:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\X-Rite
[2012/02/14 19:13:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\X-Rite
[2012/02/13 09:49:40 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\Motorola
[2012/02/13 09:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012/02/13 09:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/02/13 09:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2012/02/13 09:37:33 | 000,000,000 | ---D | C] -- C:\Users\dust\riotsGamesLogs
[2012/02/13 09:37:09 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\LolClient
[2012/02/12 20:42:32 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/02/12 20:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/02/12 18:59:48 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/02/12 18:57:24 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/02/12 18:53:02 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/02/12 17:34:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012/02/12 17:32:48 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\Mozilla
[2012/02/12 17:32:48 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Local\Mozilla
[2012/02/12 17:32:30 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\InstallShield
[2012/02/12 17:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/02/12 17:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012/02/12 17:31:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/02/12 17:27:12 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/02/12 17:26:42 | 004,452,352 | ---- | C] (Genesys) -- C:\Windows\SysNative\GeneIcon.dll
[2012/02/12 17:26:39 | 000,052,224 | ---- | C] (Genesys Logic) -- C:\Windows\SysNative\drivers\ustor2k.sys
[2012/02/12 17:25:43 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\Macromedia
[2012/02/12 17:25:43 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\Adobe
[2012/02/12 17:25:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/02/12 17:25:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/02/12 17:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/02/12 17:11:31 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Local\Diagnostics
[2012/02/12 17:01:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/02/12 17:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/02/12 17:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/02/12 17:01:10 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/02/12 17:01:10 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/02/12 17:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/02/12 16:56:49 | 000,000,000 | R--D | C] -- C:\Users\dust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/02/12 16:56:49 | 000,000,000 | R--D | C] -- C:\Users\dust\Searches
[2012/02/12 16:56:49 | 000,000,000 | R--D | C] -- C:\Users\dust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/02/12 16:56:49 | 000,000,000 | -H-D | C] -- C:\Users\dust\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/02/12 16:56:38 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\Identities
[2012/02/12 16:56:35 | 000,000,000 | R--D | C] -- C:\Users\dust\Contacts
[2012/02/12 16:56:34 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Local\VirtualStore
[2012/02/12 16:56:19 | 000,000,000 | --SD | C] -- C:\Users\dust\AppData\Roaming\Microsoft
[2012/02/12 16:56:19 | 000,000,000 | R--D | C] -- C:\Users\dust\Videos
[2012/02/12 16:56:19 | 000,000,000 | R--D | C] -- C:\Users\dust\Saved Games
[2012/02/12 16:56:19 | 000,000,000 | R--D | C] -- C:\Users\dust\Pictures
[2012/02/12 16:56:19 | 000,000,000 | R--D | C] -- C:\Users\dust\Music
[2012/02/12 16:56:19 | 000,000,000 | R--D | C] -- C:\Users\dust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/02/12 16:56:19 | 000,000,000 | R--D | C] -- C:\Users\dust\Links
[2012/02/12 16:56:19 | 000,000,000 | R--D | C] -- C:\Users\dust\Favorites
[2012/02/12 16:56:19 | 000,000,000 | R--D | C] -- C:\Users\dust\Downloads
[2012/02/12 16:56:19 | 000,000,000 | R--D | C] -- C:\Users\dust\Documents
[2012/02/12 16:56:19 | 000,000,000 | R--D | C] -- C:\Users\dust\Desktop
[2012/02/12 16:56:19 | 000,000,000 | R--D | C] -- C:\Users\dust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/02/12 16:56:19 | 000,000,000 | -HSD | C] -- C:\Users\dust\AppData\Local\Temporary Internet Files
[2012/02/12 16:56:19 | 000,000,000 | -HSD | C] -- C:\Users\dust\Templates
[2012/02/12 16:56:19 | 000,000,000 | -HSD | C] -- C:\Users\dust\Start Menu
[2012/02/12 16:56:19 | 000,000,000 | -HSD | C] -- C:\Users\dust\SendTo
[2012/02/12 16:56:19 | 000,000,000 | -HSD | C] -- C:\Users\dust\Recent
[2012/02/12 16:56:19 | 000,000,000 | -HSD | C] -- C:\Users\dust\PrintHood
[2012/02/12 16:56:19 | 000,000,000 | -HSD | C] -- C:\Users\dust\NetHood
[2012/02/12 16:56:19 | 000,000,000 | -HSD | C] -- C:\Users\dust\Documents\My Videos
[2012/02/12 16:56:19 | 000,000,000 | -HSD | C] -- C:\Users\dust\Documents\My Pictures
[2012/02/12 16:56:19 | 000,000,000 | -HSD | C] -- C:\Users\dust\Documents\My Music
[2012/02/12 16:56:19 | 000,000,000 | -HSD | C] -- C:\Users\dust\My Documents
[2012/02/12 16:56:19 | 000,000,000 | -HSD | C] -- C:\Users\dust\Local Settings
[2012/02/12 16:56:19 | 000,000,000 | -HSD | C] -- C:\Users\dust\AppData\Local\History
[2012/02/12 16:56:19 | 000,000,000 | -HSD | C] -- C:\Users\dust\Cookies
[2012/02/12 16:56:19 | 000,000,000 | -HSD | C] -- C:\Users\dust\Application Data
[2012/02/12 16:56:19 | 000,000,000 | -HSD | C] -- C:\Users\dust\AppData\Local\Application Data
[2012/02/12 16:56:19 | 000,000,000 | -H-D | C] -- C:\Users\dust\AppData
[2012/02/12 16:56:19 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Local\Temp
[2012/02/12 16:56:19 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Local\Microsoft
[2012/02/12 16:56:19 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\Media Center Programs
[2012/02/12 12:29:02 | 000,000,000 | ---D | C] -- C:\League of Legends
[2012/02/12 12:28:12 | 000,031,576 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2012/02/12 12:28:02 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Local\PMB Files
[2012/02/12 12:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/02/12 12:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012/02/12 12:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2012/02/12 12:22:43 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\BlueSprig
[2012/02/12 12:22:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueSprig
[2012/02/12 12:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012/02/12 11:56:57 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Local\Alien Skin
[2012/02/12 11:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Alien Skin
[2012/02/12 11:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Alien Skin
[2012/02/12 11:50:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alien Skin
[2012/02/12 10:14:59 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\NVIDIA
[2012/02/12 09:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/02/12 09:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/02/12 08:59:01 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\IObit
[2012/02/12 08:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012/02/12 08:58:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/02/12 08:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2012/02/12 08:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/02/12 08:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/02/12 08:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/02/12 08:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/02/12 08:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Camera Bits, Inc
[2012/02/12 08:38:23 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\Camera Bits, Inc
[2012/02/12 08:37:00 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2012/02/12 08:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Mechanic 4.6.8
[2012/02/12 08:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Camera Bits
[2012/02/12 08:36:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/02/12 08:33:24 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Local\Adobe
[2012/02/12 07:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/02/12 07:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/02/12 07:20:51 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\ACD Systems
[2012/02/12 07:20:51 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Local\ACD Systems
[2012/02/12 07:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ACD Systems
[2012/02/12 07:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ACD Systems
[2012/02/12 07:18:35 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Local\Downloaded Installations
[2012/02/12 06:55:42 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\Syntrillium
[2012/02/12 06:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Edit Pro 2.0
[2012/02/12 06:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\coolpro2
[2012/02/12 06:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
[2012/02/12 06:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
[2012/02/12 06:48:09 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Local\ECRSC
[2012/02/12 06:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\이스트소프트
[2012/02/12 06:48:08 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\ESTsoft
[2012/02/12 06:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ESTsoft
[2012/02/12 06:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESTsoft
[2012/02/12 06:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/02/12 06:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012/02/12 06:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012/02/12 06:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/02/12 06:38:16 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/02/12 06:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/02/12 06:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/02/12 06:35:46 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Local\Microsoft Help
[2012/02/12 06:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/02/12 06:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/02/12 06:23:29 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/02/12 06:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/02/12 06:16:25 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\DAEMON Tools Lite
[2012/02/12 06:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012/02/12 06:16:05 | 000,048,800 | ---- | C] (NHN) -- C:\Windows\SysNative\drivers\NSavFlt.sys
[2012/02/12 06:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Naver
[2012/02/12 06:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\네이버 백신
[2012/02/12 06:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Naver
[2012/02/12 06:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AhnLab
[2012/02/12 06:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
[2012/02/12 06:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio
[2012/02/12 06:05:47 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/02/12 06:05:06 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\GRETECH
[2012/02/12 06:04:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Gretech Corporation
[2012/02/12 06:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\GRETECH
[2012/02/12 06:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\곰TV (www.gomtv.com)
[2012/02/12 06:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\GRETECH
[2012/02/12 06:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2012/02/12 05:59:29 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012/02/12 05:51:02 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\Intel Corporation

========== Files - Modified Within 30 Days ==========

[2012/02/28 20:09:23 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/28 20:09:23 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/28 19:44:59 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/28 19:44:59 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/28 19:44:59 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/28 19:38:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/28 19:38:37 | 479,084,543 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/27 19:19:02 | 000,000,707 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/27 15:36:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2012/02/27 15:36:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/02/27 15:35:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2012/02/27 15:35:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2012/02/27 15:35:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2012/02/27 15:35:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2012/02/24 17:10:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/02/19 09:42:44 | 000,002,847 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Pro 5.lnk
[2012/02/15 20:04:38 | 004,966,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/14 19:14:52 | 000,001,347 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunki Gamma.lnk
[2012/02/13 09:50:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2012/02/12 20:49:47 | 000,001,547 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/02/12 19:00:34 | 000,116,385 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/02/12 19:00:34 | 000,116,385 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/02/12 18:58:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/02/12 16:58:20 | 000,001,437 | ---- | M] () -- C:\Users\dust\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/12 06:58:15 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Cool Edit Pro 2.0.lnk
[2012/02/12 06:23:29 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys

========== Files Created - No Company Name ==========

[2012/02/27 15:36:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2012/02/27 15:36:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/02/27 15:35:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2012/02/27 15:35:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2012/02/27 15:35:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2012/02/27 15:35:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2012/02/24 17:10:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/02/19 15:51:07 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC1747D.TBL
[2012/02/19 09:42:44 | 000,002,847 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee Pro 5.lnk
[2012/02/14 23:39:40 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2012/02/14 23:38:53 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012/02/14 23:36:23 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/02/14 23:36:16 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/02/14 19:15:21 | 000,002,853 | ---- | C] () -- C:\pdiports64.inf
[2012/02/14 19:14:52 | 000,001,347 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunki Gamma.lnk
[2012/02/13 09:50:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2012/02/12 20:49:47 | 000,001,547 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/02/12 19:00:25 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/02/12 19:00:08 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/02/12 18:58:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/02/12 17:32:16 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/12 17:26:42 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\ustor.dll
[2012/02/12 17:26:42 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\UMonit.exe
[2012/02/12 17:26:39 | 000,009,823 | ---- | C] () -- C:\Windows\SysWow64\ustor2k.INF
[2012/02/12 17:26:39 | 000,001,393 | ---- | C] () -- C:\Windows\SysWow64\IconCfg0.ini
[2012/02/12 17:26:39 | 000,000,722 | ---- | C] () -- C:\Windows\SysWow64\ProductName.ini
[2012/02/12 17:23:57 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din
[2012/02/12 17:01:09 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/02/12 16:58:20 | 000,001,437 | ---- | C] () -- C:\Users\dust\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/12 16:56:56 | 000,001,409 | ---- | C] () -- C:\Users\dust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/02/12 16:56:50 | 000,001,443 | ---- | C] () -- C:\Users\dust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/02/12 16:56:19 | 000,000,290 | ---- | C] () -- C:\Users\dust\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/02/12 16:56:19 | 000,000,272 | ---- | C] () -- C:\Users\dust\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/02/12 12:28:12 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2012/02/12 12:06:10 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012/02/12 12:06:10 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012/02/12 09:56:00 | 000,022,872 | ---- | C] () -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2012/02/12 09:33:51 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.6 64-bit.lnk
[2012/02/12 08:49:22 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/02/12 06:55:34 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Cool Edit Pro 2.0.lnk
[2012/02/12 06:50:56 | 000,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
[2012/02/12 06:50:56 | 000,497,664 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.acm
[2011/03/24 14:37:50 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\SDL.dll

========== LOP Check ==========

[2012/02/12 07:20:51 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\ACD Systems
[2012/02/21 21:00:46 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\Alien Skin
[2012/02/12 12:22:43 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\BlueSprig
[2012/02/12 08:38:23 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\Camera Bits, Inc
[2012/02/12 06:26:58 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\DAEMON Tools Lite
[2012/02/12 12:24:54 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\IObit
[2012/02/13 09:37:09 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\LolClient
[2012/02/13 09:49:40 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\Motorola
[2012/02/27 19:19:15 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\PDAppFlex
[2009/07/14 00:08:49 | 000,011,136 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 12 March 2012 - 09:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay, could you update me on the current problems please

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
stressrelief
Posted 14 March 2012 - 07:24 PM

stressrelief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thank you for your reply
here are the logs from OTL

OTL logfile created on: 3/14/2012 9:16:09 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\dust\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.93 Gb Total Physical Memory | 4.16 Gb Available Physical Memory | 70.15% Memory free
11.85 Gb Paging File | 9.86 Gb Available in Paging File | 83.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 611.40 Gb Free Space | 67.46% Space Free | Partition Type: NTFS

Computer Name: DUST-PC | User Name: dust | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/28 21:05:44 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\dust\Downloads\OTL.exe
PRC - [2012/02/19 02:22:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/24 09:19:14 | 003,478,336 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/06 17:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/11/12 11:42:50 | 001,647,448 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/11/10 20:23:52 | 000,490,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/09/20 01:03:02 | 000,822,384 | ---- | M] (ACD Systems) -- C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
PRC - [2011/05/09 06:03:18 | 004,286,592 | ---- | M] (Kiwidisk) -- C:\Kiwidisk.com\KiwidiskDown.exe
PRC - [2011/02/23 11:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/23 11:04:17 | 000,121,000 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2010/10/25 16:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/21 02:40:59 | 000,040,960 | ---- | M] () -- C:\Windows\SysWOW64\UMonit.exe
PRC - [2009/10/21 16:14:50 | 000,147,968 | ---- | M] (X-Rite Inc.) -- C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe
PRC - [2009/10/21 16:14:10 | 000,130,048 | ---- | M] (X-Rite Inc.) -- C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
PRC - [2009/09/30 08:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 08:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/19 15:13:13 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/19 02:22:34 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/14 21:20:01 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f987739a1f8f64f164966e7107bccec8\IAStorUtil.ni.dll
MOD - [2012/02/14 21:15:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/14 21:14:52 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/14 21:14:47 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/14 21:14:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/14 21:14:33 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/14 21:14:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/14 21:14:30 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/14 21:14:23 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/12/06 17:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/01/21 02:40:59 | 000,040,960 | ---- | M] () -- C:\Windows\SysWOW64\UMonit.exe
MOD - [2009/10/26 03:52:38 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\ustor.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/02/23 11:04:17 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/11/10 20:23:52 | 000,490,840 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/21 16:14:50 | 000,147,968 | ---- | M] (X-Rite Inc.) [Auto | Running] -- C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe -- (ColorMunkiService)
SRV - [2009/10/21 16:14:10 | 000,130,048 | ---- | M] (X-Rite Inc.) [Auto | Running] -- C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe -- (xritedeviced)
SRV - [2009/09/30 08:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 08:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/12 07:23:29 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/01/13 03:29:54 | 000,048,800 | ---- | M] (NHN) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NSavFlt.sys -- (NSavFlt)
DRV:64bit: - [2011/12/10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/04 15:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011/03/31 15:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2011/02/23 10:57:43 | 000,127,320 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2011/02/23 10:57:04 | 000,280,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/02/23 10:57:01 | 000,505,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/02/23 10:56:48 | 000,253,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2011/02/23 10:55:53 | 000,053,592 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/02/23 10:55:13 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/02/23 10:55:05 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/02/23 10:54:58 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/02/23 09:34:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2010/11/26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/04/01 15:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/21 22:49:58 | 000,052,224 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ustor2k.sys -- (USTOR2K)
DRV:64bit: - [2009/09/23 05:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/02 15:29:08 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioMobilePre.sys -- (MAUSBMOBILEPRE)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/10 14:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/29 18:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2007/11/02 16:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2007/10/02 09:26:52 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\colormunki_x64.sys -- (colormunki)
DRV:64bit: - [2006/11/16 18:26:44 | 000,019,248 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pdiports.sys -- (PdiPorts)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2222845599-178756090-697149482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2222845599-178756090-697149482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2222845599-178756090-697149482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 1D 5F 19 D5 E9 CC 01 [binary data]
IE - HKU\S-1-5-21-2222845599-178756090-697149482-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@gomtv.com/gomtvx-plugin: C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll (Gretech Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/12 13:05:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/24 18:10:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/19 02:22:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/12 18:33:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dust\AppData\Roaming\Mozilla\Extensions
[2012/02/24 17:53:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dust\AppData\Roaming\Mozilla\Firefox\Profiles\ef939hud.default\extensions
[2012/02/24 17:53:03 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\dust\AppData\Roaming\Mozilla\Firefox\Profiles\ef939hud.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/02/19 15:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/19 02:22:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/08 13:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/08 13:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/27 20:19:02 | 000,000,707 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKU\S-1-5-21-2222845599-178756090-697149482-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [ACPW05EN] C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2222845599-178756090-697149482-1000..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-2222845599-178756090-697149482-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2222845599-178756090-697149482-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-2222845599-178756090-697149482-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2222845599-178756090-697149482-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2222845599-178756090-697149482-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2222845599-178756090-697149482-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2222845599-178756090-697149482-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {EF3AFB74-6F3C-491F-8FF2-FBEC88ADEBE5} http://www.kiwidisk....iskCtrl_x64.CAB (Kiwidisk Share Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF3AFB74-6F3C-491F-8FF2-FBEC88ADEBE5} http://www.kiwidisk....iwidiskCtrl.CAB (Kiwidisk Share Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C354EFD3-F659-4323-BDB8-64A19A02FCB7}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/11 12:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HoneyView3
[2012/03/11 12:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\HoneyView3
[2012/03/05 15:48:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2012/03/05 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\Canon
[2012/03/05 15:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/03/01 23:43:08 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2012/02/28 03:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/02/28 02:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinMend
[2012/02/28 02:11:06 | 000,000,000 | ---D | C] -- C:\Users\dust\Documents\Adobe
[2012/02/28 01:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/02/28 01:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5
[2012/02/28 01:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/02/28 00:53:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/27 20:19:15 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\PDAppFlex
[2012/02/27 19:53:16 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Local\Wondershare
[2012/02/27 19:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2012/02/27 19:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2012/02/24 18:11:09 | 000,280,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/02/24 18:11:09 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/02/24 18:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/02/24 18:11:08 | 000,127,320 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012/02/24 18:10:44 | 000,253,784 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012/02/24 18:10:44 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/02/24 18:10:43 | 000,505,176 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/02/24 18:10:43 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/02/24 18:10:42 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/02/24 18:10:41 | 000,238,968 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/02/24 18:10:32 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012/02/24 18:10:30 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/02/24 18:10:30 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/24 18:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/24 18:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/24 18:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 18:02:22 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/24 18:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/24 17:53:48 | 000,000,000 | ---D | C] -- C:\Kiwidisk.com
[2012/02/24 17:39:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/24 17:37:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/24 17:27:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/24 15:00:49 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Local\ElevatedDiagnostics
[2012/02/24 14:52:52 | 000,000,000 | ---D | C] -- C:\Users\dust\DoctorWeb
[2012/02/24 11:16:05 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\Malwarebytes
[2012/02/24 11:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/21 22:00:46 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\Alien Skin
[2012/02/20 17:09:41 | 000,000,000 | ---D | C] -- C:\Users\dust\Desktop\Quantum
[2012/02/19 17:58:21 | 000,000,000 | ---D | C] -- C:\Users\dust\AppData\Roaming\Skype
[2012/02/19 17:58:18 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/02/19 17:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/19 17:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/02/19 17:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/02/19 16:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
[2012/02/19 16:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool
[2012/02/19 16:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012/02/19 16:50:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING
[2012/02/19 16:50:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/02/19 16:50:48 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012/02/19 16:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP495 series
[2012/02/19 16:50:38 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/02/19 10:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
[2012/02/19 10:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ACD Systems
[2012/02/15 02:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/02/15 02:44:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/02/15 02:44:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/02/15 02:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime Alternative
[2012/02/15 02:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/02/15 02:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime Alternative
[2012/02/14 20:46:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/02/14 20:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Program
[2012/02/14 20:15:21 | 000,019,248 | ---- | C] (Portrait Displays, Inc.) -- C:\Windows\SysNative\drivers\pdiports.sys
[2012/02/14 20:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Portrait Displays
[2012/02/14 20:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Rite
[2012/02/14 20:14:10 | 000,051,600 | ---- | C] (Thesycon GmbH, Germany) -- C:\Windows\SysNative\drivers\colormunki_x64.sys
[2012/02/14 20:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\X-Rite
[2012/02/14 20:13:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\X-Rite

========== Files - Modified Within 30 Days ==========

[2012/03/14 19:06:23 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 19:06:23 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 19:06:00 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/14 19:06:00 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/14 19:06:00 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/14 18:59:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/14 18:58:56 | 479,084,543 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/05 15:50:22 | 000,005,120 | ---- | M] () -- C:\Users\dust\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/27 20:19:02 | 000,000,707 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/27 16:36:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2012/02/27 16:36:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/02/27 16:35:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2012/02/27 16:35:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2012/02/27 16:35:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2012/02/27 16:35:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2012/02/24 18:10:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/02/19 10:42:44 | 000,002,847 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Pro 5.lnk
[2012/02/15 21:04:38 | 004,966,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/14 20:14:52 | 000,001,347 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunki Gamma.lnk

========== Files Created - No Company Name ==========

[2012/03/05 15:50:19 | 000,005,120 | ---- | C] () -- C:\Users\dust\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/27 16:36:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2012/02/27 16:36:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/02/27 16:35:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2012/02/27 16:35:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2012/02/27 16:35:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2012/02/27 16:35:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2012/02/24 18:10:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/02/19 16:51:07 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC1747D.TBL
[2012/02/19 10:42:44 | 000,002,847 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee Pro 5.lnk
[2012/02/15 00:39:40 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2012/02/15 00:38:53 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012/02/15 00:36:23 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/02/15 00:36:16 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/02/14 20:15:21 | 000,002,853 | ---- | C] () -- C:\pdiports64.inf
[2012/02/14 20:14:52 | 000,001,347 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunki Gamma.lnk
[2012/02/12 18:26:42 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\ustor.dll
[2012/02/12 18:26:42 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\UMonit.exe
[2012/02/12 18:26:39 | 000,001,393 | ---- | C] () -- C:\Windows\SysWow64\IconCfg0.ini
[2012/02/12 18:26:39 | 000,000,722 | ---- | C] () -- C:\Windows\SysWow64\ProductName.ini
[2011/03/24 15:37:50 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\SDL.dll

========== LOP Check ==========

[2012/02/12 08:20:51 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\ACD Systems
[2012/02/21 22:00:46 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\Alien Skin
[2012/02/12 13:22:43 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\BlueSprig
[2012/02/12 09:38:23 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\Camera Bits, Inc
[2012/03/05 15:48:15 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\Canon
[2012/02/12 07:26:58 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\DAEMON Tools Lite
[2012/02/12 13:24:54 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\IObit
[2012/02/13 10:37:09 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\LolClient
[2012/02/13 10:49:40 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\Motorola
[2012/02/27 20:19:15 | 000,000,000 | ---D | M] -- C:\Users\dust\AppData\Roaming\PDAppFlex
[2009/07/14 01:08:49 | 000,017,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\ERDNT\cache86\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{BB224CCD-64B7-4FC4-8597-4909C610222A}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{C354EFD3-F659-4323-BDB8-64A19A02FCB7}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 04 01 00 01 06 01 05 01 03 01 01 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 6
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >

OTL Extras logfile created on: 3/14/2012 9:16:09 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\dust\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.93 Gb Total Physical Memory | 4.16 Gb Available Physical Memory | 70.15% Memory free
11.85 Gb Paging File | 9.86 Gb Available in Paging File | 83.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 611.40 Gb Free Space | 67.46% Space Free | Partition Type: NTFS

Computer Name: DUST-PC | User Name: dust | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2222845599-178756090-697149482-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [GomAudio.Add] -- C:\Program Files (x86)\GRETECH\GomAudio\GOMA.exe /add "%1" ((주)그래텍)
Directory [GomAudio.AddCur] -- "C:\Program Files (x86)\GRETECH\GomAudio\GOMA.exe" /addCur "%1" ((주)그래텍)
Directory [GomAudio.Play] -- C:\Program Files (x86)\GRETECH\GomAudio\GOMA.exe "%1" ((주)그래텍)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [GomAudio.Add] -- C:\Program Files (x86)\GRETECH\GomAudio\GOMA.exe /add "%1" ((주)그래텍)
Directory [GomAudio.AddCur] -- "C:\Program Files (x86)\GRETECH\GomAudio\GOMA.exe" /addCur "%1" ((주)그래텍)
Directory [GomAudio.Play] -- C:\Program Files (x86)\GRETECH\GomAudio\GOMA.exe "%1" ((주)그래텍)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2A45D0A4-7B5E-4294-A03B-A494F189F733}" = M-Audio MobilePre Driver 6.0.1 (x64)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}" = Adobe Photoshop Lightroom 3.6 64-bit
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Alien Skin Blow Up 2" = Alien Skin Blow Up 2
"Alien Skin Bokeh 2" = Alien Skin Bokeh 2
"Alien Skin Image Doctor 2" = Alien Skin Image Doctor 2
"Alien Skin Snap Art 2" = Alien Skin Snap Art 2
"HoneyView3" = HoneyView3
"PROSet" = Intel® Network Connections Drivers
"Recuva" = Recuva

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}" = ACDSee Pro 5
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9ACEA9CD-63B9-4784-807B-EA295E96A7C3}_is1" = X-Rite Device Manager
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Fran?is, Deutsch
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D586BF67-0A61-4572-BE25-07B40C4CEDA1}" = Adobe Photoshop CS6
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EAEFA1B2-64E3-4B8E-942F-F57A73BC1CAE}_is1" = X-Rite Device ColorMunki Service
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"ALUpdate_is1" = 알툴즈 업데이트
"ALZip_is1" = 알집 8.52
"avast" = avast! Internet Security
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ColorMunki Photo_is1" = ColorMunki Photo 1.1.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"DAEMON Tools Lite" = DAEMON Tools Lite
"DDC Driver_is1" = DDC Driver 1.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GOM Player" = GOM Player
"GomAudio" = 곰오디오
"GomTV Launcher Plugin" = GOMTV Plug-in
"Kiwidisk" = Kiwidisk 2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Photo Mechanic 4.6.8" = Photo Mechanic 4.6.8
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"Smart Defrag 2_is1" = Smart Defrag 2
"UninstallDeviceDll_is1" = UninstallDeviceDll 1.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/11/2012 2:22:33 AM | Computer Name = dust-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/11/2012 8:20:06 AM | Computer Name = dust-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/11/2012 3:41:24 PM | Computer Name = dust-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/11/2012 11:22:32 PM | Computer Name = dust-PC | Source = Application Hang | ID = 1002
Description = The program KiwidiskDown.exe version 2.0.2.7 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f4c Start
Time: 01ccffd170cd7f2a Termination Time: 7 Application Path: C:\Kiwidisk.com\KiwidiskDown.exe

Report
Id: 98e78c17-6bf2-11e1-ab5a-4437e60ffa97

Error - 3/12/2012 4:10:55 AM | Computer Name = dust-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/12/2012 4:54:17 PM | Computer Name = dust-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/13/2012 7:44:03 PM | Computer Name = dust-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/13/2012 8:01:16 PM | Computer Name = dust-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/14/2012 8:11:56 AM | Computer Name = dust-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/14/2012 7:00:49 PM | Computer Name = dust-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/11/2012 3:37:14 PM | Computer Name = dust-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Reboot
the machine) after the unexpected termination of the DCOM Server Process Launcher
service, but this action failed with the following error: %%1190

Error - 3/11/2012 3:37:14 PM | Computer Name = dust-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Reboot
the machine) after the unexpected termination of the Plug and Play service, but
this action failed with the following error: %%1190

Error - 3/12/2012 4:52:29 PM | Computer Name = dust-PC | Source = nvlddmkm | ID = 11141134
Description =

Error - 3/13/2012 7:42:16 PM | Computer Name = dust-PC | Source = nvlddmkm | ID = 11141134
Description =

Error - 3/13/2012 7:57:12 PM | Computer Name = dust-PC | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 3/13/2012 7:57:12 PM | Computer Name = dust-PC | Source = Service Control Manager | ID = 7031
Description = The Plug and Play service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Reboot the machine.

Error - 3/13/2012 7:57:12 PM | Computer Name = dust-PC | Source = Service Control Manager | ID = 7031
Description = The Power service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Reboot the
machine.

Error - 3/13/2012 7:57:12 PM | Computer Name = dust-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Reboot
the machine) after the unexpected termination of the Plug and Play service, but
this action failed with the following error: %%1190

Error - 3/13/2012 7:57:12 PM | Computer Name = dust-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Reboot
the machine) after the unexpected termination of the Power service, but this action
failed with the following error: %%1190

Error - 3/13/2012 7:59:28 PM | Computer Name = dust-PC | Source = nvlddmkm | ID = 11141134
Description =


< End of report >
  • 0

#4
stressrelief
Posted 14 March 2012 - 07:29 PM

stressrelief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
and here's log from aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-14 21:24:53
-----------------------------
21:24:53.008 OS Version: Windows x64 6.1.7601 Service Pack 1
21:24:53.008 Number of processors: 4 586 0x2505
21:24:53.009 ComputerName: DUST-PC UserName: dust
21:25:03.138 Initialize success
21:25:03.291 AVAST engine defs: 12030600
21:25:13.457 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:25:13.460 Disk 0 Vendor: ST310005 CC68 Size: 953869MB BusType: 3
21:25:13.495 Disk 0 MBR read successfully
21:25:13.498 Disk 0 MBR scan
21:25:13.503 Disk 0 Windows 7 default MBR code
21:25:13.514 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:25:13.519 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 928093 MB offset 206848
21:25:13.548 Disk 0 Partition 3 00 12 Compaq diag NTFS 25675 MB offset 1900941312
21:25:13.610 Disk 0 scanning C:\Windows\system32\drivers
21:25:25.223 Service scanning
21:25:38.103 Modules scanning
21:25:38.114 Disk 0 trace - called modules:
21:25:38.139 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:25:38.472 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006629060]
21:25:38.479 3 CLASSPNP.SYS[fffff88001b7643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062c9050]
21:25:39.552 AVAST engine scan C:\Windows
21:25:41.814 AVAST engine scan C:\Windows\system32
21:27:34.196 AVAST engine scan C:\Windows\system32\drivers
21:27:47.973 AVAST engine scan C:\Users\dust
21:28:52.332 Disk 0 MBR has been saved successfully to "C:\Users\dust\Downloads\MBR.dat"
21:28:52.337 The log file has been saved successfully to "C:\Users\dust\Downloads\aswMBR.txt"
  • 0

#5
Essexboy
Posted 15 March 2012 - 07:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks to be a software error of some sort

Do you have any minidump files in C:\Windows\minidumps ?
If so could you zip the last two or three and attach them
  • 0

#6
stressrelief
Posted 15 March 2012 - 05:27 PM

stressrelief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I dont have a such folder.
  • 0

#7
Essexboy
Posted 16 March 2012 - 10:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you do the following please :

Open an elevated Command Prompt :

Go Start > All Programs > Accessories
Right click Command Prompt and select Run As Administrator
In the black box that opens type the following :

sfc /scannow

On completion let me know if it has repaired or generated an error
  • 0

#8
stressrelief
Posted 17 March 2012 - 01:33 AM

stressrelief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
at the end of it, it says "windows resource protection did not find any integrity violations"
  • 0

#9
Essexboy
Posted 17 March 2012 - 05:20 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#10
stressrelief
Posted 19 March 2012 - 12:24 PM

stressrelief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi, sorry for little late response.
first, after the scanning, there was no deleted threats, so there was nothing to save.
second, here's zip file attached to this post.

Attached Files


  • 0

Advertisements

#11
Essexboy
Posted 19 March 2012 - 12:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks clean as well so we are dealing with a software conflict here

When you get the problem is it when you are running a specific programme ?
  • 0

#12
stressrelief
Posted 19 March 2012 - 05:17 PM

stressrelief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
i dont think so.. it is very random.
  • 0

#13
Essexboy
Posted 20 March 2012 - 01:50 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets have a little check on the hardware

Download Speedfan and install it. Once it's installed, run the program and post here the information it shows. The information I want you to post is the stuff that is circled in the example picture I have attached.
If you are running on a vista machine, please go to where you installed the program and run the program as administrator.

Posted Image
(this is a screenshot from a vista machine)
  • 0

#14
stressrelief
Posted 20 March 2012 - 05:51 PM

stressrelief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Fan1: 1241 RPM
Fan2: 1144 RPM
Fan3: 0 RPM
Fan4: 0 RPM
Fan5: 0 RPM

GPU: 68C
Temp1: 26C
Temp2: 38C
Temp3: -63C
HD0: 35C
Core 0: 41C
Core 1: 42C

and there is nothing on the three boxes at bottom of the window.
  • 0

#15
stressrelief
Posted 20 March 2012 - 05:53 PM

stressrelief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
speedfan.jpg

here's the screenshot of it.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP