Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Removed Security Shield (I think) still detecting another virus [Close

Started by Madelynn , Apr 22 2012 02:12 PM

This topic is locked

#1
Madelynn

Posted 22 April 2012 - 02:12 PM

Member

Member
15 posts

I had that annoying Security Shield virus and removed it, since Malewarebytes and Eset scan don't detect it now and the pop-up seems gone after I ran Combofix.

Still Microsoft Security Essentials detected and "removed" this today: Rogue:win32/winwebsec

Here is the OTL file:

OTL logfile created on: 4/22/2012 3:04:20 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Lightning\Desktop\februray 2012\march 2012\batwoman newest\march2\april 2012 1\april 3
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 7.89 Gb Available Physical Memory | 65.77% Memory free
23.98 Gb Paging File | 19.35 Gb Available in Paging File | 80.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1854.96 Gb Total Space | 1260.61 Gb Free Space | 67.96% Space Free | Partition Type: NTFS

Computer Name: LIGHTNING-PC | User Name: Lightning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/22 15:03:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lightning\Desktop\februray 2012\march 2012\batwoman newest\march2\april 2012 1\april 3\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/18 01:16:56 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/12/29 09:07:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/04/12 15:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/11/05 17:50:08 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2010/11/05 17:46:10 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/07/07 13:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
PRC - [2009/04/09 12:06:00 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2007/12/19 12:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/14 04:09:15 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/04/13 13:40:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/13 13:40:31 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/13 03:07:06 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll
MOD - [2012/04/13 03:06:59 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll
MOD - [2012/04/13 03:06:56 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll
MOD - [2012/04/13 03:06:51 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll
MOD - [2012/04/13 03:06:50 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll
MOD - [2012/03/18 01:16:55 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/16 12:41:17 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
MOD - [2012/02/16 12:40:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 12:18:29 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
MOD - [2012/02/16 01:58:01 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll
MOD - [2012/02/16 01:57:58 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
MOD - [2012/02/16 01:57:56 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
MOD - [2012/02/16 01:57:54 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
MOD - [2012/02/16 01:57:53 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012/02/16 01:57:50 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll
MOD - [2012/02/16 01:57:49 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2012/02/15 04:53:43 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll
MOD - [2012/02/15 04:11:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 04:11:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 04:11:14 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 04:11:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 04:11:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2012/01/08 09:43:53 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2012/01/08 09:43:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2010/01/12 16:36:00 | 000,177,664 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/12/29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/20 12:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/14 18:11:02 | 000,163,328 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV:64bit: - [2010/11/05 17:42:44 | 000,015,296 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/14 04:09:16 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/13 21:04:08 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2012/01/06 05:28:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2012/01/06 05:24:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/12/29 09:07:53 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/12/09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
SRV - [2010/12/07 16:27:45 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/07 16:15:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/26 19:10:14 | 000,232,944 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe -- (SiHbaWakeupService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/05 03:49:56 | 000,019,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -- (AWOPFilterDriver)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 07:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/01/04 09:28:36 | 000,016,640 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011/09/20 18:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/09/20 18:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/09/20 18:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/09/20 18:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/09/20 18:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/09/20 18:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/08/22 16:14:14 | 000,121,856 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/02 12:39:40 | 000,432,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/19 16:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/27 15:36:32 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/13 12:39:52 | 000,014,928 | ---- | M] (Dell/Alienware) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mio.sys -- (mio)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/07 15:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 15:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 15:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 15:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 15:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 15:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 15:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/07/07 15:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/03/22 18:29:12 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/29 21:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2009/07/29 21:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009/07/29 21:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/21 19:08:10 | 000,012,800 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2007/08/02 18:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
IE - HKCU\..\SearchScopes,DefaultScope = {EDA8FA1E-2D67-497A-A3BD-C22850C3975C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{EDA8FA1E-2D67-497A-A3BD-C22850C3975C}: "URL" = http://searchya.com/...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "SearchYa!"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/18 01:16:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/17 13:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/18 20:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}: C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}\ [2012/04/08 03:04:42 | 000,000,000 | ---D | M]

[2010/12/10 23:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Extensions
[2012/04/17 15:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions
[2011/09/23 09:13:43 | 000,000,000 | ---D | M] () -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012/04/17 03:08:57 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/03/01 02:49:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/21 13:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\[email protected]
[2012/03/18 01:16:56 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/17 03:07:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/02/19 10:08:38 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/19 10:08:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/19 10:08:38 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/19 10:08:38 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/19 10:08:38 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/18 07:01:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [Launch Keyboard CI] c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe (Alienware)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB42CC01-1514-42B3-83F5-38FDAD6D4393}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/22 14:42:53 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FBD6AAA-73DB-444C-9A62-53D17B0DD9B1}
[2012/04/22 14:42:31 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{85FCF172-6222-4DBC-9B60-0E3A0D6475CA}
[2012/04/21 22:30:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6394F3C1-138E-4A6B-A585-C71250825836}
[2012/04/21 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{77365260-4CD3-43FA-ADE3-C1FF3BEEBA3E}
[2012/04/21 13:33:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/21 13:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/21 11:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/04/21 11:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012/04/21 11:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/04/21 10:59:38 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/04/21 10:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/04/21 10:59:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\TestApp
[2012/04/21 10:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/04/21 03:07:27 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{4BD2D52C-0F70-4A81-9222-EB9C6497F6FE}
[2012/04/21 03:07:06 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DC4C17DE-5299-432F-BD4B-1A14862192C9}
[2012/04/20 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{3958E5C6-DE01-4BD5-B9BF-32C2E830365F}
[2012/04/20 15:06:30 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8548C563-9873-4445-B9F4-C34F05D4FD35}
[2012/04/20 06:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/04/20 06:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/04/20 06:51:57 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/04/20 06:51:57 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/04/20 01:57:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DDE725AE-DCED-4162-9D2D-5E56BDDE6487}
[2012/04/20 01:56:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A3FE128E-D1B3-44D5-B79C-5157606A966B}
[2012/04/19 16:57:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\SniperV2 Demo
[2012/04/19 13:56:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D266C78B-2161-4EA0-98A5-E288DC751DDE}
[2012/04/19 13:56:28 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D94E1EA6-8F63-4511-877C-7F949E4665F1}
[2012/04/19 00:40:05 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F8C031DA-3C92-4E87-B1E7-071B364D70EF}
[2012/04/19 00:39:43 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{53D4E1A5-CBB0-41CF-A9F6-E19A88C3ED46}
[2012/04/18 12:39:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FC189DC-F621-4A40-B9CB-ACB0F36733FE}
[2012/04/18 12:39:06 | 000,000,000 | ---D | C] -- C:\Crash
[2012/04/18 12:39:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{42B5955D-2BEB-404F-B025-7EEE7FB768C2}
[2012/04/17 16:53:54 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7485C4FC-5ACC-4268-B4E1-4E16A30A55AA}
[2012/04/17 16:53:43 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0D6D9764-CBF4-49D8-A922-D830C4D1DA1F}
[2012/04/17 15:25:25 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/17 04:53:18 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FECD218-E161-4B04-A24D-4DDDFC86C420}
[2012/04/17 04:53:07 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{4ED4DC11-AFF1-4029-850D-61D7C143668F}
[2012/04/17 03:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/17 03:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/04/16 16:52:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A7B6BEC5-CEBC-454F-838A-13DC521FE6F0}
[2012/04/16 16:52:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0E8A3742-6442-4056-BDC7-779B8E4329F2}
[2012/04/16 04:52:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{FB5510D1-E9BF-4B79-87AE-C0530ED756B2}
[2012/04/16 04:51:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DF505ECE-7D94-4235-9334-228E6821C42A}
[2012/04/15 16:51:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BAF6BECA-8E61-467F-AFB6-4434B7381D2B}
[2012/04/15 16:51:18 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E5479FF3-2EA4-41F7-A11F-3DD41454A480}
[2012/04/15 16:46:50 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/15 16:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/04/15 16:40:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6AA8E558-46CC-4A97-82FC-C633CBD62953}
[2012/04/15 16:40:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CC199DD1-3DEA-4E90-8E30-47BB3ECD4458}
[2012/04/14 13:49:19 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{70C7721F-65DD-4075-920F-2F8484614737}
[2012/04/14 13:48:57 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D70087F6-D62B-4459-8D71-B9BED7350D17}
[2012/04/13 13:49:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{32AE185E-B6F1-4BC8-A064-0A12E1F0B00D}
[2012/04/13 13:49:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{071FC467-39C1-47A0-B430-13839F3CB1C0}
[2012/04/13 13:49:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CA9470D1-B016-49B7-BB8F-E9E17FC31085}
[2012/04/13 13:43:59 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{44C288EF-288C-49D7-BA34-C8D1EC05B604}
[2012/04/13 13:43:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2B963FF4-C7C5-4F5C-BC25-CC8B49394B44}
[2012/04/13 02:49:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E2D6DFFF-319A-4B7D-A63F-FB593636A15A}
[2012/04/12 14:48:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CBC59C71-0ED4-4162-812D-19F897AD6FDF}
[2012/04/12 02:48:16 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F770489B-D93F-4788-AD02-56F258FFA246}
[2012/04/11 14:47:54 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{02E0F143-29D1-4EBD-9161-71B3DE7E08FE}
[2012/04/11 02:47:19 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{3BA51A53-D07D-4EEA-9871-03F8A347EC75}
[2012/04/10 14:46:57 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7A92C0B8-47DC-475A-BC30-F31EA930AB6E}
[2012/04/10 02:46:22 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{88ED662D-74ED-4A88-9271-429057228A9A}
[2012/04/09 14:46:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{637E9BEE-6ED6-4FD5-A3B0-9D8E01E60322}
[2012/04/09 02:45:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BE919000-2C29-4011-B0E6-2C6617CAFDB1}
[2012/04/08 14:45:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{AC636BAD-03A6-4A10-BC41-679EBB841071}
[2012/04/08 03:04:42 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}
[2012/04/08 02:17:20 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Documents\PassMark
[2012/04/08 02:17:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\PassMark
[2012/04/08 02:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
[2012/04/07 20:02:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\Motorola
[2012/04/07 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012/04/07 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/04/07 20:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2012/04/07 14:38:13 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{78BAA4FF-3C40-44BE-8391-D7F023A1B406}
[2012/04/07 02:37:38 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7AF03681-0BEE-4710-B9B2-4BEABD114C64}
[2012/04/06 14:37:27 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{81733989-5601-4CAC-8AC5-5CBC19752984}
[2012/04/06 01:44:31 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{1CA304E1-3276-4CAA-805D-B5B8112FC404}
[2012/04/05 13:43:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A33ECBC2-A9BA-4011-98FD-ECFA5A9D2C69}
[2012/04/05 01:43:08 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{99E3CC9B-3DC4-41C2-B374-68B1DA340E18}
[2012/04/04 19:39:40 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Documents\Disney Interactive Studios
[2012/04/04 19:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Disney Interactive Studios
[2012/04/04 18:18:11 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Desktop\Tron Evolution
[2012/04/04 13:42:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B160E357-2475-45FE-9557-94A8CECC01D5}
[2012/04/04 01:41:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{530325A4-F016-42C4-B4EB-FB1EE643B119}
[2012/04/03 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\FOG Downloader
[2012/04/03 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\eligium_v0_92_10_13_en
[2012/04/03 15:38:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/04/03 13:41:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{07127AFB-689C-415D-974E-89E448B3D82D}
[2012/04/03 01:40:20 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DA921364-14EA-4DA8-997C-B4DA29486A60}
[2012/04/02 18:23:59 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\com.beatport.BeatportDownloader
[2012/04/02 18:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Beatport Downloader
[2012/04/02 13:39:51 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E4BB2F96-FA5C-477A-9AF3-4306A078D646}
[2012/04/02 01:39:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{23241C70-E296-4BB2-83BA-9EA11EEC17EC}
[2012/04/01 13:38:40 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{C6B62895-8689-45F3-A334-88250B8AAAC8}
[2012/04/01 00:45:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5D309A9F-A046-4147-B644-029207C8FA5F}
[2012/03/31 12:45:17 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8A016D90-89B8-4932-92C5-A3D21EB7A896}
[2012/03/31 00:44:36 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D1F21B2E-305D-4198-BAE2-C9632F0C3CA3}
[2012/03/30 22:49:21 | 000,000,000 | ---D | C] -- C:\Ubisoft
[2012/03/30 22:49:15 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012/03/30 22:48:48 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Deployment
[2012/03/30 22:48:48 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Apps
[2012/03/30 12:44:06 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5AF23515-EE92-4894-8A90-0BA88DE17028}
[2012/03/30 00:43:25 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{82A84C08-4EA1-4249-A36B-9B7A672E050A}
[2012/03/29 13:37:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Red 5 Studios
[2012/03/29 12:42:44 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E0FF7FB5-791D-42FA-AC54-B1B839059085}
[2012/03/29 00:42:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DF82C6A1-EC94-4A3C-AECF-3FB6048B660E}
[2012/03/28 12:41:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2F30CE64-1B1A-410C-83D5-C3DCB0C1115A}
[2012/03/28 12:40:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7B9333E3-9A69-4D28-8698-439B6EF3E0CE}
[2012/03/28 00:39:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D7AD5C9A-699E-4C96-A1A6-0F0EB5339AA8}
[2012/03/28 00:39:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6ABF52B9-9EDD-4D23-85FB-2DB3CD6F283A}
[2012/03/27 12:39:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{01D1D4F7-9635-4E45-B08A-195B988F55CD}
[2012/03/27 12:38:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7F91C17E-02A8-4043-BB02-B165E06CA2D9}
[2012/03/27 00:38:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B994D8C7-055C-4C34-9027-B33F3646A6BA}
[2012/03/27 00:37:36 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{23D8415F-F431-4B69-ACC3-DDCEECF7A41D}
[2012/03/26 12:37:06 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{972BE4CC-9BD7-4949-9F58-D2EC3916C1F3}
[2012/03/26 12:36:50 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{25DD9193-333D-40DD-A5B8-5476749DB585}
[2012/03/25 22:30:51 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A3D2E1F8-205D-497E-9D04-0EC345DD8518}
[2012/03/25 22:30:23 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6BA98E94-D3F4-4856-9DBD-97214ABF9F57}
[2012/03/25 10:30:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E4B388A9-9595-4B5F-86FE-8F09AF0D156B}
[2012/03/25 10:29:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E63E3D0E-4462-433C-A439-7F2BD48A0E4F}
[2012/03/24 14:42:34 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{20A2E2B2-431E-4AEC-9C88-4B3C134B6222}
[2012/03/24 14:42:06 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{06F3D600-AFA5-49FE-BBF0-136DFBD5AD86}
[2012/03/24 02:41:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D781B2F1-5BB9-41A2-BE55-0CE652E88574}
[2012/03/24 02:41:07 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7BBF56C9-A839-4FD4-8412-21FAE3A1FCFC}
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/22 14:50:52 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 14:50:52 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 14:46:32 | 000,796,090 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/22 14:46:32 | 000,671,192 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/22 14:46:32 | 000,126,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/22 14:41:34 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/22 14:40:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/22 14:40:48 | 1066,582,014 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/22 04:55:53 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/22 04:55:53 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/22 04:55:53 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/22 04:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/22 04:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/21 13:29:10 | 000,000,625 | ---- | M] () -- C:\Users\Lightning\Desktop\ComboFix - Shortcut.lnk
[2012/04/21 12:45:11 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 10:59:29 | 000,002,702 | ---- | M] () -- C:\Users\Lightning\Desktop\SDAV_Online_aff_GenericRevenueWire_207[1].exe.lnk
[2012/04/20 15:13:40 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/20 15:13:40 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/20 02:29:45 | 000,029,959 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Temp20.html
[2012/04/20 02:29:40 | 000,001,955 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Temp1.html
[2012/04/20 02:28:47 | 817,814,296 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/13 14:24:49 | 000,002,338 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/09 13:42:59 | 000,002,288 | ---- | M] () -- C:\Users\Lightning\Desktop\medbc reg.reg
[2012/04/06 22:49:50 | 000,001,355 | ---- | M] () -- C:\Users\Lightning\Documents\ZATANNA BOW.ucp
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 18:15:45 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/02 18:23:57 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk
[2012/03/30 22:49:15 | 000,000,326 | ---- | M] () -- C:\Users\Lightning\Desktop\Ghost Recon Online (NCSA-Live).appref-ms
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/21 13:29:10 | 000,000,625 | ---- | C] () -- C:\Users\Lightning\Desktop\ComboFix - Shortcut.lnk
[2012/04/21 11:27:37 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 10:59:29 | 000,002,702 | ---- | C] () -- C:\Users\Lightning\Desktop\SDAV_Online_aff_GenericRevenueWire_207[1].exe.lnk
[2012/04/21 10:26:27 | 000,381,952 | ---- | C] () -- C:\Users\Lightning\AppData\Local\pxlyirzc.exe
[2012/04/20 06:52:29 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/04/20 06:51:57 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/04/09 13:42:59 | 000,002,288 | ---- | C] () -- C:\Users\Lightning\Desktop\medbc reg.reg
[2012/04/06 22:49:50 | 000,001,355 | ---- | C] () -- C:\Users\Lightning\Documents\ZATANNA BOW.ucp
[2012/04/02 18:23:57 | 000,000,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beatport Downloader.lnk
[2012/04/02 18:23:57 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk
[2012/04/01 13:36:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/30 22:49:15 | 000,000,326 | ---- | C] () -- C:\Users\Lightning\Desktop\Ghost Recon Online (NCSA-Live).appref-ms
[2012/03/06 06:46:05 | 000,029,959 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Temp20.html
[2012/03/05 00:13:23 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/02/17 01:32:32 | 000,000,132 | ---- | C] () -- C:\Users\Lightning\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/02/15 15:39:16 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012/02/02 23:37:46 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012/02/02 23:37:39 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2012/02/02 23:37:39 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2012/01/08 02:47:18 | 000,001,955 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Temp1.html
[2012/01/01 05:49:12 | 000,007,606 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Resmon.ResmonCfg
[2011/12/29 09:07:52 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/12/29 05:26:41 | 000,012,296 | -HS- | C] () -- C:\Users\Lightning\AppData\Local\c7807fi7306vk3t5c574556pwdlns6ffy7gf61
[2011/12/29 05:26:41 | 000,012,296 | -HS- | C] () -- C:\ProgramData\c7807fi7306vk3t5c574556pwdlns6ffy7gf61
[2011/12/12 22:43:29 | 000,110,168 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/07 22:42:00 | 002,089,984 | ---- | C] () -- C:\Windows\libmem.dll
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/30 00:27:15 | 000,269,712 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/30 00:27:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/10 23:41:48 | 000,000,097 | ---- | C] () -- C:\Users\Lightning\AppData\Local\fusioncache.dat
[2010/12/10 23:40:00 | 000,789,750 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/10 23:04:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/07 17:39:34 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/12/07 16:28:09 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/12/07 16:28:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/12/07 16:28:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010/12/07 16:16:02 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/07 16:16:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/11/05 17:49:42 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2010/07/07 14:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/07/07 13:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010/07/07 13:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010/07/07 13:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/07/07 13:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/07/07 13:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010/07/07 13:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

========== LOP Check ==========

[2011/09/23 23:32:18 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Amazon
[2012/02/16 11:24:04 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2012/01/20 00:04:09 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\BigHugeEngine
[2012/04/17 15:25:25 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/02 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\com.beatport.BeatportDownloader
[2012/01/24 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DarknessIIDemo
[2012/02/29 23:22:22 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DAZ 3D
[2012/01/25 18:23:24 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DriverFinder
[2012/04/03 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\FOG Downloader
[2011/10/28 00:50:48 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\GetRightToGo
[2012/04/16 19:33:43 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\imollo
[2012/01/01 21:42:57 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\iStonsoft
[2012/01/01 21:43:07 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\libimobiledevice
[2012/04/07 20:02:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Motorola
[2011/11/03 22:04:07 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\OnLive App
[2011/10/25 05:59:26 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Origin
[2010/12/11 01:12:13 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Razer
[2012/01/26 02:46:34 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\RegGenie
[2011/12/26 21:16:52 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\SecondLife
[2011/12/28 20:56:01 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\SystemRequirementsLab
[2012/04/21 10:59:29 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\TestApp
[2012/01/18 20:44:23 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Thunderbird
[2011/12/10 02:34:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Trine2
[2011/12/29 09:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Ubisoft
[2012/03/29 14:16:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\uTorrent
[2010/12/11 11:18:25 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Windows Live Writer
[2012/03/10 21:32:03 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

Edited by Madelynn, 23 April 2012 - 02:20 PM.

#2
Madelynn

Posted 23 April 2012 - 02:21 PM

Member

Topic Starter
Member
15 posts

If anyone can help with this please let me know.

#3
godawgs

Posted 25 April 2012 - 11:40 AM

Teacher

Retired Staff
8,228 posts

Hello Madelynn, :wave:

. My name is godawgs and I will be assisting you with your Virus / Malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same.
Because of this, you must reply within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
All tools must be run from an account with Administrator privileges.
If I instruct you to download a specific tool which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, so you can check off each step as you complete it.
Also, part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!
Do not do things I do not ask for, such as running a spyware scan on your computer, installing/uninstall programs, deleting files, modifying the registry or running any tools, unless instructed to do so. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date (if possible)!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

Since the OTL scan you posted is a few days old we need to get some new logs so we can have a look see.
The first thing you need to do is delete your copy of OTL from the februray 2012\march 2012\batwoman newest\march2\april 2012 1\april 3 folder on the desktop. You need to download a fresh copy and save it directly to the desktop.

Step-1.

Posted Image

OTL

Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)

Posted Image

OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image

box in OTL. To do that:

Highlight everything inside the code box, right click the mouse and click Copy.

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

2. Open OTL on the desktop. To do that:

Double click on the OTL icon to run it. Make sure all other windows are closed.
You will see a console like the one below:
Check the box beside Scan All Users at the top of the console
Make sure the Output box at the top is set to Standard Output.
In the Extra Registry section click the radio button beside Use Safelist
Check the boxes beside LOP Check and Purity Check.
Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted. The scan won't take long.
When the scan completes, it will open OTL.Txt on the desktop. A file named Extras.txt will be minimized. These files are also saved in the same location as OTL (it should be on your desktop).
Please copy the contents of these files and paste them into your reply. To do that:
On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.
Repeat for the Extras.txt file

Step-2.

Run aswMBR

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
If it asks you if you want to download the latest virus definitions, click Yes
Click the "Scan" button to start the scan
On completion of the scan click save log. Save it to your desktop and post in your next reply.

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.

Step-3.

In your original post you said that you ran ComboFix. Please look in the root folder C:\ for the Combofix.txt file and post it in your next reply.
If it isn't in the C:\ folder, do a search for Combofix.txt to find it.

Step-4.

Things For Your Next Post:
1. The new OTL.txt log
2. The Extras.txt log
3. The aswMBR log
4. The Combofix.txt log

#4
Madelynn

Posted 25 April 2012 - 09:17 PM

Member

Topic Starter
Member
15 posts

OTL logfile created on: 4/25/2012 8:58:45 PM - Run 2
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Lightning\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 6.65 Gb Available Physical Memory | 55.46% Memory free
23.98 Gb Paging File | 17.96 Gb Available in Paging File | 74.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1854.96 Gb Total Space | 1258.48 Gb Free Space | 67.84% Space Free | Partition Type: NTFS

Computer Name: LIGHTNING-PC | User Name: Lightning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/25 20:57:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
PRC - [2012/04/25 20:34:42 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/20 20:25:35 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/29 09:34:42 | 003,402,376 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2012/03/06 14:59:00 | 002,527,520 | ---- | M] (BioWare) -- C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
PRC - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/12/29 09:07:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/09/22 23:07:45 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/04/12 15:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/11/05 17:50:08 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2010/11/05 17:46:10 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/07/07 13:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
PRC - [2009/04/09 12:06:00 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2007/12/19 12:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/25 20:34:42 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/20 20:25:34 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/04/20 20:25:34 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/04/20 20:25:34 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/04/20 20:25:34 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/04/20 20:25:34 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/04/14 04:09:15 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/04/13 13:40:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/13 13:40:31 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/13 03:07:06 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll
MOD - [2012/04/13 03:06:59 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll
MOD - [2012/04/13 03:06:56 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll
MOD - [2012/04/13 03:06:51 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll
MOD - [2012/04/13 03:06:50 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll
MOD - [2012/03/29 09:34:08 | 018,604,544 | ---- | M] () -- C:\Program Files (x86)\Origin\QtWebKit4.dll
MOD - [2012/03/29 09:34:06 | 009,440,256 | ---- | M] () -- C:\Program Files (x86)\Origin\QtGui4.dll
MOD - [2012/03/29 09:34:06 | 003,564,544 | ---- | M] () -- C:\Program Files (x86)\Origin\QtXmlPatterns4.dll
MOD - [2012/03/29 09:34:06 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\Origin\QtNetwork4.dll
MOD - [2012/03/29 09:34:06 | 000,413,184 | ---- | M] () -- C:\Program Files (x86)\Origin\QtXml4.dll
MOD - [2012/03/29 09:34:04 | 002,694,144 | ---- | M] () -- C:\Program Files (x86)\Origin\QtCore4.dll
MOD - [2012/03/29 09:34:02 | 000,312,320 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff4.dll
MOD - [2012/03/29 09:34:00 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng4.dll
MOD - [2012/03/29 09:34:00 | 000,211,456 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll
MOD - [2012/03/29 09:34:00 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico4.dll
MOD - [2012/03/29 09:34:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif4.dll
MOD - [2012/03/06 15:01:00 | 019,658,080 | ---- | M] () -- C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\libcef.dll
MOD - [2012/03/06 14:59:00 | 001,099,632 | ---- | M] () -- C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\avcodec-53.dll
MOD - [2012/03/06 14:59:00 | 000,190,832 | ---- | M] () -- C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\avformat-53.dll
MOD - [2012/03/06 14:59:00 | 000,123,248 | ---- | M] () -- C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\avutil-51.dll
MOD - [2012/02/16 12:41:17 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
MOD - [2012/02/16 12:40:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 12:18:29 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
MOD - [2012/02/16 01:58:01 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll
MOD - [2012/02/16 01:57:58 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
MOD - [2012/02/16 01:57:56 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
MOD - [2012/02/16 01:57:54 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
MOD - [2012/02/16 01:57:53 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012/02/16 01:57:50 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll
MOD - [2012/02/16 01:57:49 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2012/02/15 04:53:43 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll
MOD - [2012/02/15 04:11:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 04:11:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 04:11:14 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 04:11:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 04:11:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2012/01/08 09:43:53 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2012/01/08 09:43:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2010/01/12 16:36:00 | 000,177,664 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/12/29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/20 12:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/14 18:11:02 | 000,163,328 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV:64bit: - [2010/11/05 17:42:44 | 000,015,296 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/25 20:34:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/20 20:25:35 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/14 04:09:16 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2012/01/06 05:28:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2012/01/06 05:24:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/12/29 09:07:53 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/12/09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
SRV - [2010/12/07 16:27:45 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/07 16:15:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/26 19:10:14 | 000,232,944 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe -- (SiHbaWakeupService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/05 03:49:56 | 000,019,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -- (AWOPFilterDriver)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 07:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/01/04 09:28:36 | 000,016,640 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011/09/20 18:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/09/20 18:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/09/20 18:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/09/20 18:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/09/20 18:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/09/20 18:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/08/22 16:14:14 | 000,121,856 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/02 12:39:40 | 000,432,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/19 16:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/27 15:36:32 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/13 12:39:52 | 000,014,928 | ---- | M] (Dell/Alienware) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mio.sys -- (mio)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/07 15:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 15:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 15:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 15:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 15:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 15:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 15:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/07/07 15:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/03/22 18:29:12 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/29 21:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2009/07/29 21:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009/07/29 21:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/21 19:08:10 | 000,012,800 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2007/08/02 18:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..\SearchScopes,DefaultScope = {EDA8FA1E-2D67-497A-A3BD-C22850C3975C}
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..\SearchScopes\{EDA8FA1E-2D67-497A-A3BD-C22850C3975C}: "URL" = http://searchya.com/...q={searchTerms}
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "SearchYa!"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 20:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/17 13:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/18 20:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}: C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}\ [2012/04/08 03:04:42 | 000,000,000 | ---D | M]

[2010/12/10 23:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Extensions
[2012/04/25 20:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions
[2011/09/23 09:13:43 | 000,000,000 | ---D | M] () -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012/04/24 15:20:41 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/03/01 02:49:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/21 13:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\[email protected]
[2012/04/25 20:34:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/17 03:07:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/04/25 20:34:41 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/19 10:08:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/25 20:34:41 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/25 20:34:41 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/25 20:34:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/04/25 20:34:41 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/18 07:01:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [Launch Keyboard CI] c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe (Alienware)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-633762127-47815373-1907182395-1010..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-633762127-47815373-1907182395-1010..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-633762127-47815373-1907182395-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1010\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1010\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1010\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1010\..Trusted Domains: sony.com ([]* in )
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB42CC01-1514-42B3-83F5-38FDAD6D4393}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/25 20:57:04 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
[2012/04/25 20:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/25 20:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/25 14:47:11 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{49E1FB36-3EEC-4E0A-A1F5-467D8BA07CC0}
[2012/04/25 14:46:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D5666700-1DE0-4BF3-94B9-48502FAB2B1A}
[2012/04/25 02:46:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{263C5AFA-8894-4246-A97E-413C5B09B942}
[2012/04/25 02:46:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B7FDA577-41A6-4008-941A-F041B79B7FE4}
[2012/04/24 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F1687665-4C70-4379-9156-E105AA74D2B9}
[2012/04/24 14:45:15 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{346AF7A2-7CD3-4AC7-8CCA-5128E1F99485}
[2012/04/24 02:44:50 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5D69662E-B9F0-4453-A3A7-197A42A72BCF}
[2012/04/24 02:44:28 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CAF93171-E6FD-49AE-8500-1982F9A448C8}
[2012/04/23 14:44:15 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F2F34FB5-0B6D-403C-B2E4-9B925A73599D}
[2012/04/23 14:43:54 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2BD8123F-2BE9-4361-9817-BCA21C6986E8}
[2012/04/23 02:43:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E0659BD5-A2B0-44AF-AA36-F9F72FC32F27}
[2012/04/23 02:43:07 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A2F10183-BE74-442E-BDF8-5968EF9502A7}
[2012/04/22 14:42:53 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FBD6AAA-73DB-444C-9A62-53D17B0DD9B1}
[2012/04/22 14:42:31 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{85FCF172-6222-4DBC-9B60-0E3A0D6475CA}
[2012/04/21 22:30:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6394F3C1-138E-4A6B-A585-C71250825836}
[2012/04/21 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{77365260-4CD3-43FA-ADE3-C1FF3BEEBA3E}
[2012/04/21 13:33:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/21 13:20:21 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/04/21 13:20:21 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/04/21 13:20:21 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/04/21 13:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/21 11:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/04/21 11:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012/04/21 11:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/04/21 10:59:38 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/04/21 10:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/04/21 10:59:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\TestApp
[2012/04/21 10:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/04/21 03:07:27 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{4BD2D52C-0F70-4A81-9222-EB9C6497F6FE}
[2012/04/21 03:07:06 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DC4C17DE-5299-432F-BD4B-1A14862192C9}
[2012/04/20 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{3958E5C6-DE01-4BD5-B9BF-32C2E830365F}
[2012/04/20 15:06:30 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8548C563-9873-4445-B9F4-C34F05D4FD35}
[2012/04/20 06:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/04/20 06:52:29 | 006,074,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/04/20 06:52:29 | 003,089,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/04/20 06:52:29 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/04/20 06:52:29 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/04/20 06:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/04/20 06:51:58 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012/04/20 06:51:57 | 025,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/04/20 06:51:57 | 025,222,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/04/20 06:51:57 | 019,444,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/04/20 06:51:57 | 017,642,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/04/20 06:51:57 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/04/20 06:51:57 | 015,009,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/04/20 06:51:57 | 009,717,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/04/20 06:51:57 | 008,008,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/04/20 06:51:57 | 007,713,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/04/20 06:51:57 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/04/20 06:51:57 | 002,872,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/04/20 06:51:57 | 002,672,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/04/20 06:51:57 | 002,660,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/04/20 06:51:57 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/04/20 06:51:57 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/04/20 06:51:57 | 002,301,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/04/20 06:51:57 | 001,737,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/04/20 06:51:57 | 001,466,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/04/20 06:51:57 | 000,962,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/04/20 06:51:57 | 000,812,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/04/20 06:51:57 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012/04/20 06:51:57 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012/04/20 06:51:57 | 000,260,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/04/20 06:51:57 | 000,215,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/04/20 06:51:57 | 000,188,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/04/20 06:51:57 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/04/20 06:51:57 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/04/20 06:51:57 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/04/20 01:57:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DDE725AE-DCED-4162-9D2D-5E56BDDE6487}
[2012/04/20 01:56:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A3FE128E-D1B3-44D5-B79C-5157606A966B}
[2012/04/19 16:57:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\SniperV2 Demo
[2012/04/19 13:56:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D266C78B-2161-4EA0-98A5-E288DC751DDE}
[2012/04/19 13:56:28 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D94E1EA6-8F63-4511-877C-7F949E4665F1}
[2012/04/19 00:40:05 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F8C031DA-3C92-4E87-B1E7-071B364D70EF}
[2012/04/19 00:39:43 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{53D4E1A5-CBB0-41CF-A9F6-E19A88C3ED46}
[2012/04/18 12:39:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FC189DC-F621-4A40-B9CB-ACB0F36733FE}
[2012/04/18 12:39:06 | 000,000,000 | ---D | C] -- C:\Crash
[2012/04/18 12:39:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{42B5955D-2BEB-404F-B025-7EEE7FB768C2}
[2012/04/17 16:53:54 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7485C4FC-5ACC-4268-B4E1-4E16A30A55AA}
[2012/04/17 16:53:43 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0D6D9764-CBF4-49D8-A922-D830C4D1DA1F}
[2012/04/17 15:25:25 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/17 04:53:18 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FECD218-E161-4B04-A24D-4DDDFC86C420}
[2012/04/17 04:53:07 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{4ED4DC11-AFF1-4029-850D-61D7C143668F}
[2012/04/17 03:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/17 03:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/04/16 16:52:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A7B6BEC5-CEBC-454F-838A-13DC521FE6F0}
[2012/04/16 16:52:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0E8A3742-6442-4056-BDC7-779B8E4329F2}
[2012/04/16 04:52:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{FB5510D1-E9BF-4B79-87AE-C0530ED756B2}
[2012/04/16 04:51:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DF505ECE-7D94-4235-9334-228E6821C42A}
[2012/04/15 16:51:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BAF6BECA-8E61-467F-AFB6-4434B7381D2B}
[2012/04/15 16:51:18 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E5479FF3-2EA4-41F7-A11F-3DD41454A480}
[2012/04/15 16:46:50 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/15 16:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/04/15 16:40:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6AA8E558-46CC-4A97-82FC-C633CBD62953}
[2012/04/15 16:40:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CC199DD1-3DEA-4E90-8E30-47BB3ECD4458}
[2012/04/14 13:49:19 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{70C7721F-65DD-4075-920F-2F8484614737}
[2012/04/14 13:48:57 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D70087F6-D62B-4459-8D71-B9BED7350D17}
[2012/04/13 13:49:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{32AE185E-B6F1-4BC8-A064-0A12E1F0B00D}
[2012/04/13 13:49:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{071FC467-39C1-47A0-B430-13839F3CB1C0}
[2012/04/13 13:49:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CA9470D1-B016-49B7-BB8F-E9E17FC31085}
[2012/04/13 13:43:59 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{44C288EF-288C-49D7-BA34-C8D1EC05B604}
[2012/04/13 13:43:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2B963FF4-C7C5-4F5C-BC25-CC8B49394B44}
[2012/04/13 03:03:19 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/13 03:03:18 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/13 03:03:18 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/13 03:00:28 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/13 03:00:28 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/13 03:00:27 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/13 02:49:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E2D6DFFF-319A-4B7D-A63F-FB593636A15A}
[2012/04/12 14:48:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CBC59C71-0ED4-4162-812D-19F897AD6FDF}
[2012/04/12 13:17:29 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/12 13:17:29 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/12 13:17:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/12 13:17:29 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/12 13:17:28 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/12 13:17:28 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/12 13:17:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/12 02:48:16 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F770489B-D93F-4788-AD02-56F258FFA246}
[2012/04/11 14:47:54 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{02E0F143-29D1-4EBD-9161-71B3DE7E08FE}
[2012/04/11 02:47:19 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{3BA51A53-D07D-4EEA-9871-03F8A347EC75}
[2012/04/10 14:46:57 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7A92C0B8-47DC-475A-BC30-F31EA930AB6E}
[2012/04/10 02:46:22 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{88ED662D-74ED-4A88-9271-429057228A9A}
[2012/04/09 14:46:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{637E9BEE-6ED6-4FD5-A3B0-9D8E01E60322}
[2012/04/09 02:45:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BE919000-2C29-4011-B0E6-2C6617CAFDB1}
[2012/04/08 14:45:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{AC636BAD-03A6-4A10-BC41-679EBB841071}
[2012/04/08 03:04:42 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}
[2012/04/08 02:17:20 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Documents\PassMark
[2012/04/08 02:17:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\PassMark
[2012/04/08 02:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
[2012/04/07 20:02:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\Motorola
[2012/04/07 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012/04/07 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/04/07 20:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2012/04/07 14:38:13 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{78BAA4FF-3C40-44BE-8391-D7F023A1B406}
[2012/04/07 02:37:38 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7AF03681-0BEE-4710-B9B2-4BEABD114C64}
[2012/04/06 14:37:27 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{81733989-5601-4CAC-8AC5-5CBC19752984}
[2012/04/06 01:44:31 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{1CA304E1-3276-4CAA-805D-B5B8112FC404}
[2012/04/05 16:26:55 | 166,448,312 | ---- | C] (NVIDIA Corporation) -- C:\Users\Lightning\Desktop\296.10-desktop-win7-winvista-64bit-english-whql.exe
[2012/04/05 13:43:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A33ECBC2-A9BA-4011-98FD-ECFA5A9D2C69}
[2012/04/05 01:43:08 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{99E3CC9B-3DC4-41C2-B374-68B1DA340E18}
[2012/04/04 19:39:40 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Documents\Disney Interactive Studios
[2012/04/04 19:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Disney Interactive Studios
[2012/04/04 18:18:11 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Desktop\Tron Evolution
[2012/04/04 13:42:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B160E357-2475-45FE-9557-94A8CECC01D5}
[2012/04/04 01:41:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{530325A4-F016-42C4-B4EB-FB1EE643B119}
[2012/04/03 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\FOG Downloader
[2012/04/03 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\eligium_v0_92_10_13_en
[2012/04/03 15:38:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/04/03 13:41:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{07127AFB-689C-415D-974E-89E448B3D82D}
[2012/04/03 01:40:20 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DA921364-14EA-4DA8-997C-B4DA29486A60}
[2012/04/02 18:23:59 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\com.beatport.BeatportDownloader
[2012/04/02 18:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Beatport Downloader
[2012/04/02 13:39:51 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E4BB2F96-FA5C-477A-9AF3-4306A078D646}
[2012/04/02 01:39:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{23241C70-E296-4BB2-83BA-9EA11EEC17EC}
[2012/04/01 14:09:03 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/01 13:38:40 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{C6B62895-8689-45F3-A334-88250B8AAAC8}
[2012/04/01 13:36:03 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/01 00:45:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5D309A9F-A046-4147-B644-029207C8FA5F}
[2012/03/31 12:45:17 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8A016D90-89B8-4932-92C5-A3D21EB7A896}
[2012/03/31 00:44:36 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D1F21B2E-305D-4198-BAE2-C9632F0C3CA3}
[2012/03/30 22:49:21 | 000,000,000 | ---D | C] -- C:\Ubisoft
[2012/03/30 22:49:15 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012/03/30 22:48:48 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Deployment
[2012/03/30 22:48:48 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Apps
[2012/03/30 12:44:06 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5AF23515-EE92-4894-8A90-0BA88DE17028}
[2012/03/30 00:43:25 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{82A84C08-4EA1-4249-A36B-9B7A672E050A}
[2012/03/29 13:37:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Red 5 Studios
[2012/03/29 12:42:44 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E0FF7FB5-791D-42FA-AC54-B1B839059085}
[2012/03/29 00:42:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DF82C6A1-EC94-4A3C-AECF-3FB6048B660E}
[2012/03/28 12:41:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2F30CE64-1B1A-410C-83D5-C3DCB0C1115A}
[2012/03/28 12:40:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7B9333E3-9A69-4D28-8698-439B6EF3E0CE}
[2012/03/28 00:39:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D7AD5C9A-699E-4C96-A1A6-0F0EB5339AA8}
[2012/03/28 00:39:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6ABF52B9-9EDD-4D23-85FB-2DB3CD6F283A}
[2012/03/27 12:39:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{01D1D4F7-9635-4E45-B08A-195B988F55CD}
[2012/03/27 12:38:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7F91C17E-02A8-4043-BB02-B165E06CA2D9}
[2012/03/27 00:38:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B994D8C7-055C-4C34-9027-B33F3646A6BA}
[2012/03/27 00:37:36 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{23D8415F-F431-4B69-ACC3-DDCEECF7A41D}
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/25 21:01:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Lightning\Desktop\aswMBR.exe
[2012/04/25 20:57:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
[2012/04/25 20:36:28 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 20:36:28 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 20:33:21 | 000,796,090 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/25 20:33:21 | 000,671,192 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/25 20:33:21 | 000,126,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/25 20:31:58 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/25 20:29:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/25 20:29:04 | 1066,582,014 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/25 17:04:48 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/25 17:04:48 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/25 17:04:48 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/25 16:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/25 16:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/24 15:00:47 | 956,135,704 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/21 13:29:10 | 000,000,625 | ---- | M] () -- C:\Users\Lightning\Desktop\ComboFix - Shortcut.lnk
[2012/04/21 13:20:15 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/04/21 13:20:15 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/04/21 13:20:15 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/04/21 13:20:15 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/04/21 12:45:11 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 10:59:29 | 000,002,702 | ---- | M] () -- C:\Users\Lightning\Desktop\SDAV_Online_aff_GenericRevenueWire_207[1].exe.lnk
[2012/04/20 15:13:40 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/20 15:13:40 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/20 02:29:45 | 000,029,959 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Temp20.html
[2012/04/20 02:29:40 | 000,001,955 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Temp1.html
[2012/04/17 03:07:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/04/14 04:09:16 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/14 04:09:15 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/14 04:09:06 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/13 14:24:49 | 000,002,338 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/09 13:42:59 | 000,002,288 | ---- | M] () -- C:\Users\Lightning\Desktop\medbc reg.reg
[2012/04/06 22:49:50 | 000,001,355 | ---- | M] () -- C:\Users\Lightning\Documents\ZATANNA BOW.ucp
[2012/04/05 16:28:04 | 166,448,312 | ---- | M] (NVIDIA Corporation) -- C:\Users\Lightning\Desktop\296.10-desktop-win7-winvista-64bit-english-whql.exe
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 18:15:45 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/02 18:23:57 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk
[2012/03/30 22:49:15 | 000,000,326 | ---- | M] () -- C:\Users\Lightning\Desktop\Ghost Recon Online (NCSA-Live).appref-ms
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/21 13:29:10 | 000,000,625 | ---- | C] () -- C:\Users\Lightning\Desktop\ComboFix - Shortcut.lnk
[2012/04/21 11:27:37 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 10:59:29 | 000,002,702 | ---- | C] () -- C:\Users\Lightning\Desktop\SDAV_Online_aff_GenericRevenueWire_207[1].exe.lnk
[2012/04/20 06:52:29 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/04/20 06:51:57 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/04/09 13:42:59 | 000,002,288 | ---- | C] () -- C:\Users\Lightning\Desktop\medbc reg.reg
[2012/04/06 22:49:50 | 000,001,355 | ---- | C] () -- C:\Users\Lightning\Documents\ZATANNA BOW.ucp
[2012/04/02 18:23:57 | 000,000,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beatport Downloader.lnk
[2012/04/02 18:23:57 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk
[2012/04/01 13:36:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/30 22:49:15 | 000,000,326 | ---- | C] () -- C:\Users\Lightning\Desktop\Ghost Recon Online (NCSA-Live).appref-ms
[2012/03/06 06:46:05 | 000,029,959 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Temp20.html
[2012/03/05 00:13:23 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/02/17 01:32:32 | 000,000,132 | ---- | C] () -- C:\Users\Lightning\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/02/15 15:39:16 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012/02/02 23:37:46 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012/02/02 23:37:39 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2012/02/02 23:37:39 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2012/01/08 02:47:18 | 000,001,955 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Temp1.html
[2012/01/01 05:49:12 | 000,007,606 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Resmon.ResmonCfg
[2011/12/29 09:07:52 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/12/29 05:26:41 | 000,012,296 | -HS- | C] () -- C:\Users\Lightning\AppData\Local\c7807fi7306vk3t5c574556pwdlns6ffy7gf61
[2011/12/29 05:26:41 | 000,012,296 | -HS- | C] () -- C:\ProgramData\c7807fi7306vk3t5c574556pwdlns6ffy7gf61
[2011/12/12 22:43:29 | 000,110,168 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/07 22:42:00 | 002,089,984 | ---- | C] () -- C:\Windows\libmem.dll
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/30 00:27:15 | 000,269,712 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/30 00:27:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/10 23:41:48 | 000,000,097 | ---- | C] () -- C:\Users\Lightning\AppData\Local\fusioncache.dat
[2010/12/10 23:40:00 | 000,789,750 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/10 23:04:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/07 17:39:34 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/12/07 16:28:09 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/12/07 16:28:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/12/07 16:28:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010/12/07 16:16:02 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/07 16:16:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/11/05 17:49:42 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2010/07/07 14:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/07/07 13:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010/07/07 13:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010/07/07 13:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/07/07 13:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/07/07 13:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010/07/07 13:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

========== LOP Check ==========

[2011/09/23 23:32:18 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Amazon
[2012/02/16 11:24:04 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2012/01/20 00:04:09 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\BigHugeEngine
[2012/04/17 15:25:25 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/02 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\com.beatport.BeatportDownloader
[2012/01/24 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DarknessIIDemo
[2012/02/29 23:22:22 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DAZ 3D
[2012/01/25 18:23:24 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DriverFinder
[2012/04/03 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\FOG Downloader
[2011/10/28 00:50:48 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\GetRightToGo
[2012/04/16 19:33:43 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\imollo
[2012/01/01 21:42:57 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\iStonsoft
[2012/01/01 21:43:07 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\libimobiledevice
[2012/04/07 20:02:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Motorola
[2011/11/03 22:04:07 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\OnLive App
[2011/10/25 05:59:26 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Origin
[2010/12/11 01:12:13 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Razer
[2012/01/26 02:46:34 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\RegGenie
[2011/12/26 21:16:52 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\SecondLife
[2011/12/28 20:56:01 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\SystemRequirementsLab
[2012/04/21 10:59:29 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\TestApp
[2012/01/18 20:44:23 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Thunderbird
[2011/12/10 02:34:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Trine2
[2011/12/29 09:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Ubisoft
[2012/03/29 14:16:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\uTorrent
[2010/12/11 11:18:25 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Windows Live Writer
[2012/03/18 19:23:38 | 000,000,000 | ---D | M] -- C:\Users\virus\AppData\Roaming\Razer
[2012/03/10 21:32:03 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/12/07 17:46:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/12/07 17:46:27 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Lightning\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Lightning\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/12/07 17:46:15 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/12/07 17:46:21 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/12/07 17:46:27 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/12/07 17:46:21 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Lightning\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Lightning\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/12/07 17:46:27 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/12/07 17:46:21 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/12/07 17:46:27 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/12/07 17:46:15 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/12/07 17:46:21 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/12/07 17:46:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Lightning\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Lightning\AppData\Local\Temp\RarSFX1\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/12/07 17:46:27 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Lightning\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Lightning\AppData\Local\Temp\RarSFX1\winlogon.exe
[2010/12/07 17:46:27 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{1D2EE34A-0723-4A5B-8E67-8E0CF4EB658C}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{85185EC3-A5BB-4BDB-AFD5-8AEE9EFD7A7F}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{9C9323D6-B7DC-4CB4-B4E3-985CD60872E8}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DB42CC01-1514-42B3-83F5-38FDAD6D4393}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 0B 01 06 01 03 01 01 01 0C 01 0A 01 09 01 08 01 07 01 05 01 04 01 00 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 12
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/25 20:34:41 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/25 20:34:41 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/25 20:34:41 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/04/25 20:34:42 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/04/25 20:34:42 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/25 20:34:42 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/04/25 20:34:41 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/04/25 20:34:41 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/04/25 20:34:41 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/04/25 20:34:42 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/04/25 20:34:42 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/04/25 20:34:42 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: ARRAY0
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 8.00GB
Starting Offset: 41943040
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,855.00GB
Starting Offset: 8659140608
Hidden sectors: 0

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: LIGHTNING-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 E DVD-ROM 0 B No Media
Volume 2 RECOVERY NTFS Partition 8 GB Healthy System
Volume 3 C OS NTFS Partition 1854 GB Healthy Boot

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

OTL Extras logfile created on: 4/25/2012 8:58:45 PM - Run 2
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Lightning\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 6.65 Gb Available Physical Memory | 55.46% Memory free
23.98 Gb Paging File | 17.96 Gb Available in Paging File | 74.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1854.96 Gb Total Space | 1258.48 Gb Free Space | 67.84% Space Free | Partition Type: NTFS

Computer Name: LIGHTNING-PC | User Name: Lightning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{13A3A271-B2AA-486C-9AD5-F272079BB9B5}" = Alienware TactX Keyboard CI 1.00.130
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java™ 6 Update 31 (64-bit)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61C3230C-D69D-44E7-B974-F8BBADB49EE6}" = Motorola Mobile Drivers Installation 5.5.0
"{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = Broadcom Bluetooth Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B34CC4C-E7FF-4AC8-B771-1D09612D6430}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AD522D37-B0FD-45A4-8695-6F24DF5336FC}" = Command Center
"{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}" = Alienware TactX™ Mouse CI 1.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"WhoCrashed_is1" = WhoCrashed 3.03

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B5B0A85-D9CE-6184-4AEA-3646BD89F081}" = imollo
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = AlienRespawn
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5310C7A5-A385-6E26-66E9-C0F0CA5A7E45}" = BeatportDownloader
"{53902ee7-b37c-4624-b4d9-363537ae55c7}" = Nero 9 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A336D74-E680-4986-96F4-E9CEBC784F56}" = Naga Firmware Updater 1.13
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}" = NVIDIA Photoshop Plug-ins 64 bit
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4E70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{962A40CF-9820-42C2-9568-55BE92825239}" = Ultimate DCUO Character Planner
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCB3527-C033-415C-88B6-27173B5E3592}" = Tron: Evolution
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A048F6D6-BECE-D521-9BC9-B8806BFB118C}" = Beatport Downloader
"{A0583EFA-33FD-4DB3-8146-725F7D273660}" = LotRO Plugin Assistant
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = AlienRespawn - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age Origins
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E247B53F-F2DA-48ED-A2D0-44EA203E39EB}" = 3132-W-D
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F28CFCC6-A2BE-4E54-957C-3D8A47936CAC}" = SiI31xx HBA Wakeup Utility
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.03.8013
"3DMIDI" = Creative 3DMIDI Player
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALchemy" = Creative ALchemy
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"AudioCS" = Creative Audio Control Panel
"BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1" = BeatportDownloader
"Champions Online" = Champions Online
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.beatport.BeatportDownloader" = Beatport Downloader
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diagnostics 4_5" = Creative Diagnostics
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DriverFinder" = DriverFinder
"DTS Connect Pack" = DTS Connect Pack
"EA Installer.-1202606811" = EA Installer
"EA Installer.478080393" = EA Installer
"ESET Online Scanner" = ESET Online Scanner v3
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"GridinSoft Trojan Killer" = Trojan Killer
"HD Tune_is1" = HD Tune 2.55
"Hexagon 2 2.5.1.79" = Hexagon 2
"imollo" = imollo
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"InstallShield_{AD522D37-B0FD-45A4-8695-6F24DF5336FC}" = Command Center
"iStonsoft iPad to Computer Transfer_is1" = iStonsoft iPad to Computer Transfer build(3.6.0)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MotoHelper" = MotoHelper 2.1.40 Driver 5.5.0
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"Mozilla Thunderbird 9.0.1 (x86 en-GB)" = Mozilla Thunderbird 9.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"OCCT" = OCCT 4.0.0
"OnLive" = OnLive
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"SecondLifeViewer" = SecondLifeViewer (remove only)
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"Star Trek Online" = Star Trek Online
"Steam App 102509" = Kingdoms Of Amalur: Reckoning
"Steam App 200001" = Saints Row The Third Prima Official Strategy Guide
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 201870" = Assassin's Creed Revelations
"Steam App 203810" = Dear Esther
"Steam App 203970" = Kingdoms of Amalur: Reckoning Demo
"Steam App 20920" = The Witcher 2: Enhanced Edition
"Steam App 210470" = Sniper Elite V2 Demo
"Steam App 211" = Source SDK
"Steam App 22450" = Hunted: The Demon's Forge
"Steam App 23530" = Earth Defense Force: Insect Armageddon
"Steam App 24240" = PAYDAY: The Heist
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 32800" = The Lord of the Rings: War in the North
"Steam App 35720" = Trine 2
"Steam App 36630" = Rusty Hearts
"Steam App 39160" = Dungeon Siege III
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 47900" = Dragon Age II
"Steam App 513" = Left 4 Dead Authoring Tools
"Steam App 550" = Left 4 Dead 2
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 55230" = Saints Row: The Third
"Steam App 55370" = Saints Row: The Third - Initiation Station
"Steam App 560" = Left 4 Dead 2 Dedicated Server
"Steam App 563" = Left 4 Dead 2 Authoring Tools
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 57400" = Batman: Arkham City™ PC
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 73050" = Magicka - Demo
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"uTorrent" = µTorrent
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"Winamp Essentials Pack" = Winamp Essentials Pack
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fc418bf9b18f76aa" = Ghost Recon Online (NCSA-Live)
"NCsoft-CityOfHeroes" = City of Heroes
"SOE-Clone Wars" = Clone Wars
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Test" = DC Universe Online Test
"SOE-Free Realms" = Free Realms
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/22/2012 4:51:08 PM | Computer Name = Lightning-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/23/2012 6:40:52 PM | Computer Name = Lightning-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 4/23/2012 6:41:45 PM | Computer Name = Lightning-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/23/2012 10:48:31 PM | Computer Name = Lightning-PC | Source = Application Error | ID = 1000
Description = Faulting application name: swtor.exe, version: 1.0.0.0, time stamp:
0x4f8dfb78 Faulting module name: nvd3dum.dll, version: 8.17.12.9610, time stamp:
0x4f4e5190 Exception code: 0x80000003 Fault offset: 0x0000e7cb Faulting process id:
0x2310 Faulting application start time: 0x01cd21c321f5aabe Faulting application path:
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exe
Faulting
module path: C:\Windows\system32\nvd3dum.dll Report Id: f9cb64be-8db7-11e1-8dcd-a4badbfd71b9

Error - 4/24/2012 4:15:04 AM | Computer Name = Lightning-PC | Source = Application Error | ID = 1000
Description = Faulting application name: swtor.exe, version: 1.0.0.0, time stamp:
0x4f8f5866 Faulting module name: nvd3dum.dll, version: 8.17.12.9610, time stamp:
0x4f4e5190 Exception code: 0xc0000005 Fault offset: 0x000243fc Faulting process id:
0x2858 Faulting application start time: 0x01cd21f2561eae1c Faulting application path:
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exe
Faulting
module path: C:\Windows\system32\nvd3dum.dll Report Id: 982193a7-8de5-11e1-8dcd-a4badbfd71b9

Error - 4/24/2012 2:01:06 PM | Computer Name = Lightning-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DCGame.exe, version: 0.0.15735.60501, time
stamp: 0x4f90890f Faulting module name: nvd3dum.dll, version: 8.17.12.9610, time
stamp: 0x4f4e5190 Exception code: 0xc0000005 Fault offset: 0x0015c490 Faulting process
id: 0x1604 Faulting application start time: 0x01cd22442f4c9708 Faulting application
path: C:\Users\Public\Sony Online Entertainment\Installed Games\DC Universe Online
Live\Unreal3\Binaries\Win32\DCGame.exe Faulting module path: C:\Windows\system32\nvd3dum.dll
Report
Id: 76302f4c-8e37-11e1-a651-a4badbfd71b9

Error - 4/24/2012 9:45:40 PM | Computer Name = Lightning-PC | Source = Application Error | ID = 1000
Description = Faulting application name: swtor.exe, version: 1.0.0.0, time stamp:
0x4f8f5866 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1c3c Faulting application
start time: 0x01cd226f932c0244 Faulting application path: C:\Program Files (x86)\Electronic
Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exe Faulting
module path: unknown Report Id: 5c8d60bf-8e78-11e1-9040-a4badbfd71b9

Error - 4/24/2012 9:45:40 PM | Computer Name = Lightning-PC | Source = Application Error | ID = 1000
Description = Faulting application name: swtor.exe, version: 1.0.0.0, time stamp:
0x4f8f5866 Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp:
0x4dace5b9 Exception code: 0xc0000005 Fault offset: 0x0003734d Faulting process id:
0x1314 Faulting application start time: 0x01cd226f9183551d Faulting application path:
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exe
Faulting
module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Report
Id: 5ca49296-8e78-11e1-9040-a4badbfd71b9

Error - 4/25/2012 12:26:41 AM | Computer Name = Lightning-PC | Source = Application Error | ID = 1000
Description = Faulting application name: swtor.exe, version: 1.0.0.0, time stamp:
0x4f8f5866 Faulting module name: nvd3dum.dll, version: 8.17.12.9610, time stamp:
0x4f4e5190 Exception code: 0xc0000005 Fault offset: 0x0022817e Faulting process id:
0x22e0 Faulting application start time: 0x01cd22963973de9f Faulting application path:
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exe
Faulting
module path: C:\Windows\system32\nvd3dum.dll Report Id: dad926f7-8e8e-11e1-9040-a4badbfd71b9

Error - 4/25/2012 12:26:41 AM | Computer Name = Lightning-PC | Source = Application Error | ID = 1000
Description = Faulting application name: swtor.exe, version: 1.0.0.0, time stamp:
0x4f8f5866 Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp:
0x4dace5b9 Exception code: 0xc0000005 Fault offset: 0x0003734d Faulting process id:
0x23a4 Faulting application start time: 0x01cd229638286e04 Faulting application path:
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exe
Faulting
module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Report
Id: dadb9800-8e8e-11e1-9040-a4badbfd71b9

[ Dell Events ]
Error - 12/11/2010 12:11:14 AM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/11/2010 1:35:13 AM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/11/2010 1:35:13 AM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/11/2010 10:02:16 PM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/11/2010 10:02:16 PM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/21/2011 4:07:34 AM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/21/2011 4:07:34 AM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/21/2011 4:16:03 AM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/21/2011 4:16:03 AM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/22/2011 10:29:18 PM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 3/5/2012 1:16:45 AM | Computer Name = Lightning-PC | Source = Service Control Manager | ID = 7000
Description = The Alienware Fusion Service service failed to start due to the following
error: %%1053

Error - 3/5/2012 1:17:06 AM | Computer Name = Lightning-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 3/5/2012 4:56:01 AM | Computer Name = Lightning-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 3/5/2012 5:02:06 AM | Computer Name = Lightning-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 3/5/2012 5:40:55 PM | Computer Name = Lightning-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 3/6/2012 7:45:04 AM | Computer Name = Lightning-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:41:52 AM on ?3/?6/?2012 was unexpected.

Error - 3/6/2012 7:45:07 AM | Computer Name = Lightning-PC | Source = BugCheck | ID = 1001
Description =

Error - 3/6/2012 7:45:31 AM | Computer Name = Lightning-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 3/6/2012 8:16:05 AM | Computer Name = Lightning-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:14:52 AM on ?3/?6/?2012 was unexpected.

Error - 3/6/2012 8:16:32 AM | Computer Name = Lightning-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

< End of report >

aswMBR it runs and eventually crashes but i'm able to run it fine up to that point, all apps run but that one sort of times out after it gets about 90% through the scan. Could it be conflicting with MSE? I have no idea how to disable that. That program occasionally detects the java virus i posted above, but the pc itself runs fine.

As for combofix, i removed it and the folder so I don't have the log.

Edited by Madelynn, 25 April 2012 - 09:25 PM.

#5
godawgs

Posted 26 April 2012 - 04:30 PM

Teacher

Retired Staff
8,228 posts

Hi Madelynn,

You have a Goored infection. That's probably why aswMbr won't run to completion.

There are a couple of other things that you need to be aware of before we start.

Step-1.

PunkBuster Advice:

There are some Issues with infections in relation to PunkBuster...The computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this would result in not being able to play the associated games, or worse.
Since we are dedicated to causing No Harm, we won't normally work on machines with this type of program installed without explicit permission from the owner.
If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.

If you really want to clean this machine, I will help, but if you so choose, understand there is no assurance you will be able to do games afterwards.
If the Uninstaller ever fails, it is a nightmare to remove, just as they have intended.

So my advice would be download the Removal Tool for PunkBuster to the desktop.

Right-click on pbsvc.exe and select Run as Administrator >> follow the prompts.

You may reinstall Punkbuster when I give the all clear if you wish.

You have the following Peer-to-Peer program(s) installed:

uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors. All programs in black are malware or viruses and must be deleted, along with the corresponding folders and files in black.

Program Uninstalls and Optional Removals

1. Click th Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

uTorrent

3. Click on each program to highlight it and click Uninstall
4. After the program(s) have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Users\Lightning\AppData\Roaming\uTorrent

2. Close Windows Explorer.

Step-2.

Run GooredFix

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista/7).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

We need to run and OTL fix.

Step-3.

Posted Image

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.

:OTL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2012/04/25 14:47:11 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{49E1FB36-3EEC-4E0A-A1F5-467D8BA07CC0}
[2012/04/25 14:46:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D5666700-1DE0-4BF3-94B9-48502FAB2B1A}
[2012/04/25 02:46:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{263C5AFA-8894-4246-A97E-413C5B09B942}
[2012/04/25 02:46:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B7FDA577-41A6-4008-941A-F041B79B7FE4}
[2012/04/24 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F1687665-4C70-4379-9156-E105AA74D2B9}
[2012/04/24 14:45:15 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{346AF7A2-7CD3-4AC7-8CCA-5128E1F99485}
[2012/04/24 02:44:50 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5D69662E-B9F0-4453-A3A7-197A42A72BCF}
[2012/04/24 02:44:28 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CAF93171-E6FD-49AE-8500-1982F9A448C8}
[2012/04/23 14:44:15 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F2F34FB5-0B6D-403C-B2E4-9B925A73599D}
[2012/04/23 14:43:54 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2BD8123F-2BE9-4361-9817-BCA21C6986E8}
[2012/04/23 02:43:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E0659BD5-A2B0-44AF-AA36-F9F72FC32F27}
[2012/04/23 02:43:07 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A2F10183-BE74-442E-BDF8-5968EF9502A7}
[2012/04/22 14:42:53 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FBD6AAA-73DB-444C-9A62-53D17B0DD9B1}
[2012/04/22 14:42:31 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{85FCF172-6222-4DBC-9B60-0E3A0D6475CA}
[2012/04/21 22:30:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6394F3C1-138E-4A6B-A585-C71250825836}
[2012/04/21 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{77365260-4CD3-43FA-ADE3-C1FF3BEEBA3E}
[2012/04/21 03:07:27 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{4BD2D52C-0F70-4A81-9222-EB9C6497F6FE}
[2012/04/21 03:07:06 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DC4C17DE-5299-432F-BD4B-1A14862192C9}
[2012/04/20 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{3958E5C6-DE01-4BD5-B9BF-32C2E830365F}
[2012/04/20 15:06:30 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8548C563-9873-4445-B9F4-C34F05D4FD35}
[2012/04/20 01:57:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DDE725AE-DCED-4162-9D2D-5E56BDDE6487}
[2012/04/20 01:56:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A3FE128E-D1B3-44D5-B79C-5157606A966B}
[2012/04/19 13:56:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D266C78B-2161-4EA0-98A5-E288DC751DDE}
[2012/04/19 13:56:28 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D94E1EA6-8F63-4511-877C-7F949E4665F1}
[2012/04/19 00:40:05 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F8C031DA-3C92-4E87-B1E7-071B364D70EF}
[2012/04/19 00:39:43 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{53D4E1A5-CBB0-41CF-A9F6-E19A88C3ED46}
[2012/04/18 12:39:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FC189DC-F621-4A40-B9CB-ACB0F36733FE}
[2012/04/18 12:39:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{42B5955D-2BEB-404F-B025-7EEE7FB768C2}
[2012/04/17 16:53:54 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7485C4FC-5ACC-4268-B4E1-4E16A30A55AA}
[2012/04/17 16:53:43 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0D6D9764-CBF4-49D8-A922-D830C4D1DA1F}
[2012/04/17 04:53:18 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FECD218-E161-4B04-A24D-4DDDFC86C420}
[2012/04/17 04:53:07 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{4ED4DC11-AFF1-4029-850D-61D7C143668F}
[2012/04/16 16:52:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A7B6BEC5-CEBC-454F-838A-13DC521FE6F0}
[2012/04/16 16:52:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0E8A3742-6442-4056-BDC7-779B8E4329F2}
[2012/04/16 04:52:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{FB5510D1-E9BF-4B79-87AE-C0530ED756B2}
[2012/04/16 04:51:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DF505ECE-7D94-4235-9334-228E6821C42A}
[2012/04/15 16:51:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BAF6BECA-8E61-467F-AFB6-4434B7381D2B}
[2012/04/15 16:51:18 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E5479FF3-2EA4-41F7-A11F-3DD41454A480}
[2012/04/15 16:40:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6AA8E558-46CC-4A97-82FC-C633CBD62953}
[2012/04/15 16:40:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CC199DD1-3DEA-4E90-8E30-47BB3ECD4458}
[2012/04/14 13:49:19 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{70C7721F-65DD-4075-920F-2F8484614737}
[2012/04/14 13:48:57 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D70087F6-D62B-4459-8D71-B9BED7350D17}
[2012/04/13 13:49:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{32AE185E-B6F1-4BC8-A064-0A12E1F0B00D}
[2012/04/13 13:49:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{071FC467-39C1-47A0-B430-13839F3CB1C0}
[2012/04/13 13:49:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CA9470D1-B016-49B7-BB8F-E9E17FC31085}
[2012/04/13 13:43:59 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{44C288EF-288C-49D7-BA34-C8D1EC05B604}
[2012/04/13 13:43:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2B963FF4-C7C5-4F5C-BC25-CC8B49394B44}
[2012/04/13 02:49:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E2D6DFFF-319A-4B7D-A63F-FB593636A15A}
[2012/04/12 14:48:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CBC59C71-0ED4-4162-812D-19F897AD6FDF}
[2012/04/12 02:48:16 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F770489B-D93F-4788-AD02-56F258FFA246}
[2012/04/11 14:47:54 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{02E0F143-29D1-4EBD-9161-71B3DE7E08FE}
[2012/04/11 02:47:19 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{3BA51A53-D07D-4EEA-9871-03F8A347EC75}
[2012/04/10 14:46:57 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7A92C0B8-47DC-475A-BC30-F31EA930AB6E}
[2012/04/10 02:46:22 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{88ED662D-74ED-4A88-9271-429057228A9A}
[2012/04/09 14:46:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{637E9BEE-6ED6-4FD5-A3B0-9D8E01E60322}
[2012/04/09 02:45:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BE919000-2C29-4011-B0E6-2C6617CAFDB1}
[2012/04/08 14:45:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{AC636BAD-03A6-4A10-BC41-679EBB841071}
[2012/04/07 14:38:13 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{78BAA4FF-3C40-44BE-8391-D7F023A1B406}
[2012/04/07 02:37:38 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7AF03681-0BEE-4710-B9B2-4BEABD114C64}
[2012/04/06 14:37:27 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{81733989-5601-4CAC-8AC5-5CBC19752984}
[2012/04/06 01:44:31 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{1CA304E1-3276-4CAA-805D-B5B8112FC404}
[2012/04/05 13:43:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A33ECBC2-A9BA-4011-98FD-ECFA5A9D2C69}
[2012/04/05 01:43:08 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{99E3CC9B-3DC4-41C2-B374-68B1DA340E18}
[2012/04/04 13:42:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B160E357-2475-45FE-9557-94A8CECC01D5}
[2012/04/04 01:41:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{530325A4-F016-42C4-B4EB-FB1EE643B119}
[2012/04/03 13:41:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{07127AFB-689C-415D-974E-89E448B3D82D}
[2012/04/03 01:40:20 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DA921364-14EA-4DA8-997C-B4DA29486A60}
[2012/04/02 13:39:51 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E4BB2F96-FA5C-477A-9AF3-4306A078D646}
[2012/04/02 01:39:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{23241C70-E296-4BB2-83BA-9EA11EEC17EC}
[2012/04/01 13:38:40 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{C6B62895-8689-45F3-A334-88250B8AAAC8}
[2012/04/01 00:45:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5D309A9F-A046-4147-B644-029207C8FA5F}
[2012/03/31 12:45:17 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8A016D90-89B8-4932-92C5-A3D21EB7A896}
[2012/03/31 00:44:36 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D1F21B2E-305D-4198-BAE2-C9632F0C3CA3}
[2012/03/30 12:44:06 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5AF23515-EE92-4894-8A90-0BA88DE17028}
[2012/03/30 00:43:25 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{82A84C08-4EA1-4249-A36B-9B7A672E050A}
[2012/03/29 12:42:44 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E0FF7FB5-791D-42FA-AC54-B1B839059085}
[2012/03/29 00:42:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DF82C6A1-EC94-4A3C-AECF-3FB6048B660E}
[2012/03/28 12:41:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2F30CE64-1B1A-410C-83D5-C3DCB0C1115A}
[2012/03/28 12:40:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7B9333E3-9A69-4D28-8698-439B6EF3E0CE}
[2012/03/28 00:39:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D7AD5C9A-699E-4C96-A1A6-0F0EB5339AA8}
[2012/03/28 00:39:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6ABF52B9-9EDD-4D23-85FB-2DB3CD6F283A}
[2012/03/27 12:39:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{01D1D4F7-9635-4E45-B08A-195B988F55CD}
[2012/03/27 12:38:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7F91C17E-02A8-4043-BB02-B165E06CA2D9}
[2012/03/27 00:38:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B994D8C7-055C-4C34-9027-B33F3646A6BA}
[2012/03/27 00:37:36 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{23D8415F-F431-4B69-ACC3-DDCEECF7A41D}
[2011/12/29 05:26:41 | 000,012,296 | -HS- | C] () -- C:\Users\Lightning\AppData\Local\c7807fi7306vk3t5c574556pwdlns6ffy7gf61
[2011/12/29 05:26:41 | 000,012,296 | -HS- | C] () -- C:\ProgramData\c7807fi7306vk3t5c574556pwdlns6ffy7gf61

:FILES
ipconfig /flushdns /c

:COMMANDS
[EMPTYTEMP]
[PURITY]
[CREATERESTOREPOINT]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image

on your desktop.
3. Place the mouse pointer inside the Posted Image

textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image

button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image

button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image

button. Post the log it produces in your next reply.

Step-4.

You have a file on your desktop named medbc reg.reg Did you put it there? If you did and you know what it is, that's OK. If you didn't put the file there or don't know what it is, I want to have it scanned.
Only do this if you don't know what the file is.

Virustotal File Upload:

To use Virustotal go Here
Posted Image

Click the Choose File button in the middle of the screen. This will open a File Upload window.
In the File name box, type, or copy and paste the following and click Open: NOTE.. Only one file per scan
C:\Users\Lightning\Desktop\medbc reg.reg.
This will put the file in the box on the Virustotal page.
Click the Scan it! button and wait for the reply.
Copy and paste the Virustotal link(s) (URL) in your next reply
Repeat 1 thru 6 for each file listed.

Step-5.

Re-run aswMBR and see if it will run to completion and post the log in your next reply. If it still doesn't run, try changing the name of the file (aswMBR.exe) to winlogon.com and then run it.

Step-6.

Things For Your Next Post:
1. The GooredFix log
2. The OTL Fixes log
3. The new OTL.txt log
4. The results of the Virustotal file upload...if you did it.
5. The aswMBR log

How is the computer running now? Are there any other issues?

#6
Madelynn

Posted 26 April 2012 - 06:57 PM

Member

Topic Starter
Member
15 posts

GooredFix by jpshortstuff (03.07.10.1)
Log created at 18:21 on 26/04/2012 (Lightning)
Firefox version 12.0 (en-GB)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [13:50 29/12/2011]

C:\Users\Lightning\Application Data\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\
{000F1EA4-5E08-4564-A29B-29076F63A37A} [14:13 23/09/2011]
{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [20:20 24/04/2012]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [07:49 01/03/2012]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-

-------------------------

after the reboot of OTL, this came up:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Users\Lightning\AppData\Local\{49E1FB36-3EEC-4E0A-A1F5-467D8BA07CC0} folder moved successfully.
C:\Users\Lightning\AppData\Local\{D5666700-1DE0-4BF3-94B9-48502FAB2B1A} folder moved successfully.
C:\Users\Lightning\AppData\Local\{263C5AFA-8894-4246-A97E-413C5B09B942} folder moved successfully.
C:\Users\Lightning\AppData\Local\{B7FDA577-41A6-4008-941A-F041B79B7FE4} folder moved successfully.
C:\Users\Lightning\AppData\Local\{F1687665-4C70-4379-9156-E105AA74D2B9} folder moved successfully.
C:\Users\Lightning\AppData\Local\{346AF7A2-7CD3-4AC7-8CCA-5128E1F99485} folder moved successfully.
C:\Users\Lightning\AppData\Local\{5D69662E-B9F0-4453-A3A7-197A42A72BCF} folder moved successfully.
C:\Users\Lightning\AppData\Local\{CAF93171-E6FD-49AE-8500-1982F9A448C8} folder moved successfully.
C:\Users\Lightning\AppData\Local\{F2F34FB5-0B6D-403C-B2E4-9B925A73599D} folder moved successfully.
C:\Users\Lightning\AppData\Local\{2BD8123F-2BE9-4361-9817-BCA21C6986E8} folder moved successfully.
C:\Users\Lightning\AppData\Local\{E0659BD5-A2B0-44AF-AA36-F9F72FC32F27} folder moved successfully.
C:\Users\Lightning\AppData\Local\{A2F10183-BE74-442E-BDF8-5968EF9502A7} folder moved successfully.
C:\Users\Lightning\AppData\Local\{8FBD6AAA-73DB-444C-9A62-53D17B0DD9B1} folder moved successfully.
C:\Users\Lightning\AppData\Local\{85FCF172-6222-4DBC-9B60-0E3A0D6475CA} folder moved successfully.
C:\Users\Lightning\AppData\Local\{6394F3C1-138E-4A6B-A585-C71250825836} folder moved successfully.
C:\Users\Lightning\AppData\Local\{77365260-4CD3-43FA-ADE3-C1FF3BEEBA3E} folder moved successfully.
C:\Users\Lightning\AppData\Local\{4BD2D52C-0F70-4A81-9222-EB9C6497F6FE} folder moved successfully.
C:\Users\Lightning\AppData\Local\{DC4C17DE-5299-432F-BD4B-1A14862192C9} folder moved successfully.
C:\Users\Lightning\AppData\Local\{3958E5C6-DE01-4BD5-B9BF-32C2E830365F} folder moved successfully.
C:\Users\Lightning\AppData\Local\{8548C563-9873-4445-B9F4-C34F05D4FD35} folder moved successfully.
C:\Users\Lightning\AppData\Local\{DDE725AE-DCED-4162-9D2D-5E56BDDE6487} folder moved successfully.
C:\Users\Lightning\AppData\Local\{A3FE128E-D1B3-44D5-B79C-5157606A966B} folder moved successfully.
C:\Users\Lightning\AppData\Local\{D266C78B-2161-4EA0-98A5-E288DC751DDE} folder moved successfully.
C:\Users\Lightning\AppData\Local\{D94E1EA6-8F63-4511-877C-7F949E4665F1} folder moved successfully.
C:\Users\Lightning\AppData\Local\{F8C031DA-3C92-4E87-B1E7-071B364D70EF} folder moved successfully.
C:\Users\Lightning\AppData\Local\{53D4E1A5-CBB0-41CF-A9F6-E19A88C3ED46} folder moved successfully.
C:\Users\Lightning\AppData\Local\{8FC189DC-F621-4A40-B9CB-ACB0F36733FE} folder moved successfully.
C:\Users\Lightning\AppData\Local\{42B5955D-2BEB-404F-B025-7EEE7FB768C2} folder moved successfully.
C:\Users\Lightning\AppData\Local\{7485C4FC-5ACC-4268-B4E1-4E16A30A55AA} folder moved successfully.
C:\Users\Lightning\AppData\Local\{0D6D9764-CBF4-49D8-A922-D830C4D1DA1F} folder moved successfully.
C:\Users\Lightning\AppData\Local\{8FECD218-E161-4B04-A24D-4DDDFC86C420} folder moved successfully.
C:\Users\Lightning\AppData\Local\{4ED4DC11-AFF1-4029-850D-61D7C143668F} folder moved successfully.
C:\Users\Lightning\AppData\Local\{A7B6BEC5-CEBC-454F-838A-13DC521FE6F0} folder moved successfully.
C:\Users\Lightning\AppData\Local\{0E8A3742-6442-4056-BDC7-779B8E4329F2} folder moved successfully.
C:\Users\Lightning\AppData\Local\{FB5510D1-E9BF-4B79-87AE-C0530ED756B2} folder moved successfully.
C:\Users\Lightning\AppData\Local\{DF505ECE-7D94-4235-9334-228E6821C42A} folder moved successfully.
C:\Users\Lightning\AppData\Local\{BAF6BECA-8E61-467F-AFB6-4434B7381D2B} folder moved successfully.
C:\Users\Lightning\AppData\Local\{E5479FF3-2EA4-41F7-A11F-3DD41454A480} folder moved successfully.
C:\Users\Lightning\AppData\Local\{6AA8E558-46CC-4A97-82FC-C633CBD62953} folder moved successfully.
C:\Users\Lightning\AppData\Local\{CC199DD1-3DEA-4E90-8E30-47BB3ECD4458} folder moved successfully.
C:\Users\Lightning\AppData\Local\{70C7721F-65DD-4075-920F-2F8484614737} folder moved successfully.
C:\Users\Lightning\AppData\Local\{D70087F6-D62B-4459-8D71-B9BED7350D17} folder moved successfully.
C:\Users\Lightning\AppData\Local\{32AE185E-B6F1-4BC8-A064-0A12E1F0B00D} folder moved successfully.
C:\Users\Lightning\AppData\Local\{071FC467-39C1-47A0-B430-13839F3CB1C0} folder moved successfully.
C:\Users\Lightning\AppData\Local\{CA9470D1-B016-49B7-BB8F-E9E17FC31085} folder moved successfully.
C:\Users\Lightning\AppData\Local\{44C288EF-288C-49D7-BA34-C8D1EC05B604} folder moved successfully.
C:\Users\Lightning\AppData\Local\{2B963FF4-C7C5-4F5C-BC25-CC8B49394B44} folder moved successfully.
C:\Users\Lightning\AppData\Local\{E2D6DFFF-319A-4B7D-A63F-FB593636A15A} folder moved successfully.
C:\Users\Lightning\AppData\Local\{CBC59C71-0ED4-4162-812D-19F897AD6FDF} folder moved successfully.
C:\Users\Lightning\AppData\Local\{F770489B-D93F-4788-AD02-56F258FFA246} folder moved successfully.
C:\Users\Lightning\AppData\Local\{02E0F143-29D1-4EBD-9161-71B3DE7E08FE} folder moved successfully.
C:\Users\Lightning\AppData\Local\{3BA51A53-D07D-4EEA-9871-03F8A347EC75} folder moved successfully.
C:\Users\Lightning\AppData\Local\{7A92C0B8-47DC-475A-BC30-F31EA930AB6E} folder moved successfully.
C:\Users\Lightning\AppData\Local\{88ED662D-74ED-4A88-9271-429057228A9A} folder moved successfully.
C:\Users\Lightning\AppData\Local\{637E9BEE-6ED6-4FD5-A3B0-9D8E01E60322} folder moved successfully.
C:\Users\Lightning\AppData\Local\{BE919000-2C29-4011-B0E6-2C6617CAFDB1} folder moved successfully.
C:\Users\Lightning\AppData\Local\{AC636BAD-03A6-4A10-BC41-679EBB841071} folder moved successfully.
C:\Users\Lightning\AppData\Local\{78BAA4FF-3C40-44BE-8391-D7F023A1B406} folder moved successfully.
C:\Users\Lightning\AppData\Local\{7AF03681-0BEE-4710-B9B2-4BEABD114C64} folder moved successfully.
C:\Users\Lightning\AppData\Local\{81733989-5601-4CAC-8AC5-5CBC19752984} folder moved successfully.
C:\Users\Lightning\AppData\Local\{1CA304E1-3276-4CAA-805D-B5B8112FC404} folder moved successfully.
C:\Users\Lightning\AppData\Local\{A33ECBC2-A9BA-4011-98FD-ECFA5A9D2C69} folder moved successfully.
C:\Users\Lightning\AppData\Local\{99E3CC9B-3DC4-41C2-B374-68B1DA340E18} folder moved successfully.
C:\Users\Lightning\AppData\Local\{B160E357-2475-45FE-9557-94A8CECC01D5} folder moved successfully.
C:\Users\Lightning\AppData\Local\{530325A4-F016-42C4-B4EB-FB1EE643B119} folder moved successfully.
C:\Users\Lightning\AppData\Local\{07127AFB-689C-415D-974E-89E448B3D82D} folder moved successfully.
C:\Users\Lightning\AppData\Local\{DA921364-14EA-4DA8-997C-B4DA29486A60} folder moved successfully.
C:\Users\Lightning\AppData\Local\{E4BB2F96-FA5C-477A-9AF3-4306A078D646} folder moved successfully.
C:\Users\Lightning\AppData\Local\{23241C70-E296-4BB2-83BA-9EA11EEC17EC} folder moved successfully.
C:\Users\Lightning\AppData\Local\{C6B62895-8689-45F3-A334-88250B8AAAC8} folder moved successfully.
C:\Users\Lightning\AppData\Local\{5D309A9F-A046-4147-B644-029207C8FA5F} folder moved successfully.
C:\Users\Lightning\AppData\Local\{8A016D90-89B8-4932-92C5-A3D21EB7A896} folder moved successfully.
C:\Users\Lightning\AppData\Local\{D1F21B2E-305D-4198-BAE2-C9632F0C3CA3} folder moved successfully.
C:\Users\Lightning\AppData\Local\{5AF23515-EE92-4894-8A90-0BA88DE17028} folder moved successfully.
C:\Users\Lightning\AppData\Local\{82A84C08-4EA1-4249-A36B-9B7A672E050A} folder moved successfully.
C:\Users\Lightning\AppData\Local\{E0FF7FB5-791D-42FA-AC54-B1B839059085} folder moved successfully.
C:\Users\Lightning\AppData\Local\{DF82C6A1-EC94-4A3C-AECF-3FB6048B660E} folder moved successfully.
C:\Users\Lightning\AppData\Local\{2F30CE64-1B1A-410C-83D5-C3DCB0C1115A} folder moved successfully.
C:\Users\Lightning\AppData\Local\{7B9333E3-9A69-4D28-8698-439B6EF3E0CE} folder moved successfully.
C:\Users\Lightning\AppData\Local\{D7AD5C9A-699E-4C96-A1A6-0F0EB5339AA8} folder moved successfully.
C:\Users\Lightning\AppData\Local\{6ABF52B9-9EDD-4D23-85FB-2DB3CD6F283A} folder moved successfully.
C:\Users\Lightning\AppData\Local\{01D1D4F7-9635-4E45-B08A-195B988F55CD} folder moved successfully.
C:\Users\Lightning\AppData\Local\{7F91C17E-02A8-4043-BB02-B165E06CA2D9} folder moved successfully.
C:\Users\Lightning\AppData\Local\{B994D8C7-055C-4C34-9027-B33F3646A6BA} folder moved successfully.
C:\Users\Lightning\AppData\Local\{23D8415F-F431-4B69-ACC3-DDCEECF7A41D} folder moved successfully.
C:\Users\Lightning\AppData\Local\c7807fi7306vk3t5c574556pwdlns6ffy7gf61 moved successfully.
C:\ProgramData\c7807fi7306vk3t5c574556pwdlns6ffy7gf61 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lightning\Desktop\cmd.bat deleted successfully.
C:\Users\Lightning\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lightning
->Temp folder emptied: 336726514 bytes
->Temporary Internet Files folder emptied: 24106664 bytes
->Java cache emptied: 3020320 bytes
->FireFox cache emptied: 446107875 bytes
->Google Chrome cache emptied: 391840022 bytes
->Flash cache emptied: 173520 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: virus
->Temp folder emptied: 32675 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 602112 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 436434 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24317251 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 6789898751 bytes

Total Files Cleaned = 7,646.00 mb

OTL by OldTimer - Version 3.2.42.0 log created on 04262012_182949

Files\Folders moved on Reboot...
C:\Users\Lightning\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF1A163A40389C2218.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF3C0188AF6065CB4E.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF50B51338FA8FD6FF.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF5D2B049E0F98AD11.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF628FA550BBA9DAA3.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF644A4CC03B46860E.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF6C0744DCDE7F01CE.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF7452E07876188F5F.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF8E1E8C63EA50AC3B.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DFC47605C3C225835D.TMP not found!

Registry entries deleted on Reboot...

---------------------

Ran OTL again after:

OTL logfile created on: 4/26/2012 6:48:38 PM - Run 4
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Lightning\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 10.01 Gb Available Physical Memory | 83.49% Memory free
23.98 Gb Paging File | 21.72 Gb Available in Paging File | 90.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1854.96 Gb Total Space | 1266.92 Gb Free Space | 68.30% Space Free | Partition Type: NTFS

Computer Name: LIGHTNING-PC | User Name: Lightning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/25 20:57:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/04/12 15:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/11/05 17:50:08 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2010/11/05 17:46:10 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/07/07 13:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
PRC - [2009/04/09 12:06:00 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2007/12/19 12:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/13 13:40:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/13 13:40:31 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/13 03:07:06 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll
MOD - [2012/04/13 03:06:59 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll
MOD - [2012/04/13 03:06:56 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll
MOD - [2012/04/13 03:06:51 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll
MOD - [2012/04/13 03:06:50 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll
MOD - [2012/02/16 12:41:17 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
MOD - [2012/02/16 12:40:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 12:18:29 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
MOD - [2012/02/16 01:58:01 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll
MOD - [2012/02/16 01:57:58 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
MOD - [2012/02/16 01:57:56 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
MOD - [2012/02/16 01:57:54 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
MOD - [2012/02/16 01:57:53 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012/02/16 01:57:50 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll
MOD - [2012/02/16 01:57:49 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2012/02/15 04:53:43 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll
MOD - [2012/02/15 04:11:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 04:11:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 04:11:14 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 04:11:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 04:11:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2012/01/08 09:43:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2010/01/12 16:36:00 | 000,177,664 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/12/29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/20 12:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/14 18:11:02 | 000,163,328 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV:64bit: - [2010/11/05 17:42:44 | 000,015,296 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/25 20:34:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/20 20:25:35 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/14 04:09:16 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2012/01/06 05:28:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2012/01/06 05:24:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/12/09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
SRV - [2010/12/07 16:27:45 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/07 16:15:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/26 19:10:14 | 000,232,944 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe -- (SiHbaWakeupService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/05 03:49:56 | 000,019,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -- (AWOPFilterDriver)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 07:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/01/04 09:28:36 | 000,016,640 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011/09/20 18:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/09/20 18:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/09/20 18:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/09/20 18:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/09/20 18:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/09/20 18:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/08/22 16:14:14 | 000,121,856 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/02 12:39:40 | 000,432,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/19 16:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/27 15:36:32 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/13 12:39:52 | 000,014,928 | ---- | M] (Dell/Alienware) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mio.sys -- (mio)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/07 15:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 15:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 15:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 15:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 15:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 15:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 15:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/07/07 15:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/03/22 18:29:12 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/29 21:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2009/07/29 21:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009/07/29 21:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/21 19:08:10 | 000,012,800 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2007/08/02 18:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
IE - HKCU\..\SearchScopes,DefaultScope = {EDA8FA1E-2D67-497A-A3BD-C22850C3975C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{EDA8FA1E-2D67-497A-A3BD-C22850C3975C}: "URL" = http://searchya.com/...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "SearchYa!"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 20:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/17 13:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/18 20:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}: C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}\ [2012/04/08 03:04:42 | 000,000,000 | ---D | M]

[2010/12/10 23:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Extensions
[2012/04/25 20:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions
[2011/09/23 09:13:43 | 000,000,000 | ---D | M] () -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012/04/24 15:20:41 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/03/01 02:49:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/21 13:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\[email protected]
[2012/04/25 20:34:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/17 03:07:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/04/25 20:34:41 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/19 10:08:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/25 20:34:41 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/25 20:34:41 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/25 20:34:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/04/25 20:34:41 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/18 07:01:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [Launch Keyboard CI] c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe (Alienware)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB42CC01-1514-42B3-83F5-38FDAD6D4393}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/26 18:29:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/26 18:21:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Desktop\GooredFix Backups
[2012/04/26 18:16:26 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Lightning\Desktop\GooredFix.exe
[2012/04/26 14:48:45 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BD1B86AA-98DF-46AF-9BF6-A0FAA93A0E67}
[2012/04/26 14:48:23 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2A0979A2-744C-4813-ABD8-DD0A2A48CD62}
[2012/04/26 02:47:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2812B3AE-7773-4209-B25E-E6FFAEDA63FA}
[2012/04/26 02:47:36 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{46974FAA-8C66-4F60-BB93-7279509F7967}
[2012/04/25 20:57:04 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
[2012/04/25 20:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/25 20:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/21 13:33:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/21 13:20:21 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/04/21 13:20:21 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/04/21 13:20:21 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/04/21 13:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/21 11:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/04/21 11:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012/04/21 11:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/04/21 10:59:38 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/04/21 10:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/04/21 10:59:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\TestApp
[2012/04/21 10:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/04/20 06:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/04/20 06:52:29 | 006,074,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/04/20 06:52:29 | 003,089,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/04/20 06:52:29 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/04/20 06:52:29 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/04/20 06:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/04/20 06:51:58 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012/04/20 06:51:57 | 025,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/04/20 06:51:57 | 025,222,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/04/20 06:51:57 | 019,444,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/04/20 06:51:57 | 017,642,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/04/20 06:51:57 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/04/20 06:51:57 | 015,009,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/04/20 06:51:57 | 009,717,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/04/20 06:51:57 | 008,008,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/04/20 06:51:57 | 007,713,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/04/20 06:51:57 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/04/20 06:51:57 | 002,872,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/04/20 06:51:57 | 002,672,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/04/20 06:51:57 | 002,660,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/04/20 06:51:57 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/04/20 06:51:57 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/04/20 06:51:57 | 002,301,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/04/20 06:51:57 | 001,737,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/04/20 06:51:57 | 001,466,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/04/20 06:51:57 | 000,962,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/04/20 06:51:57 | 000,812,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/04/20 06:51:57 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012/04/20 06:51:57 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012/04/20 06:51:57 | 000,260,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/04/20 06:51:57 | 000,215,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/04/20 06:51:57 | 000,188,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/04/20 06:51:57 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/04/20 06:51:57 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/04/20 06:51:57 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/04/19 16:57:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\SniperV2 Demo
[2012/04/18 12:39:06 | 000,000,000 | ---D | C] -- C:\Crash
[2012/04/17 15:25:25 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/17 03:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/17 03:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/04/15 16:46:50 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/15 16:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/04/13 03:03:19 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/13 03:03:18 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/13 03:03:18 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/13 03:00:28 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/13 03:00:28 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/13 03:00:27 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/12 13:17:29 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/12 13:17:29 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/12 13:17:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/12 13:17:29 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/12 13:17:28 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/12 13:17:28 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/12 13:17:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/08 03:04:42 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}
[2012/04/08 02:17:20 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Documents\PassMark
[2012/04/08 02:17:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\PassMark
[2012/04/08 02:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
[2012/04/07 20:02:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\Motorola
[2012/04/07 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012/04/07 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/04/07 20:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2012/04/05 16:26:55 | 166,448,312 | ---- | C] (NVIDIA Corporation) -- C:\Users\Lightning\Desktop\296.10-desktop-win7-winvista-64bit-english-whql.exe
[2012/04/04 19:39:40 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Documents\Disney Interactive Studios
[2012/04/04 19:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Disney Interactive Studios
[2012/04/04 18:18:11 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Desktop\Tron Evolution
[2012/04/03 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\FOG Downloader
[2012/04/03 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\eligium_v0_92_10_13_en
[2012/04/03 15:38:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/04/02 18:23:59 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\com.beatport.BeatportDownloader
[2012/04/02 18:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Beatport Downloader
[2012/04/01 14:09:03 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/01 13:36:03 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/30 22:49:21 | 000,000,000 | ---D | C] -- C:\Ubisoft
[2012/03/30 22:48:48 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Deployment
[2012/03/30 22:48:48 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Apps
[2012/03/29 13:37:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Red 5 Studios

========== Files - Modified Within 30 Days ==========

[2012/04/26 18:52:26 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 18:52:26 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 18:50:19 | 000,796,090 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/26 18:50:19 | 000,671,192 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/26 18:50:19 | 000,126,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/26 18:46:19 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/26 18:45:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/26 18:45:02 | 1066,582,014 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/26 18:44:12 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/26 18:44:12 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/26 18:44:12 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/26 18:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/26 18:16:26 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Lightning\Desktop\GooredFix.exe
[2012/04/26 18:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/25 21:01:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Lightning\Desktop\aswMBR.exe
[2012/04/25 20:57:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
[2012/04/24 15:00:47 | 956,135,704 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/21 13:29:10 | 000,000,625 | ---- | M] () -- C:\Users\Lightning\Desktop\ComboFix - Shortcut.lnk
[2012/04/21 13:20:15 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/04/21 13:20:15 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/04/21 13:20:15 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/04/21 13:20:15 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/04/21 12:45:11 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 10:59:29 | 000,002,702 | ---- | M] () -- C:\Users\Lightning\Desktop\SDAV_Online_aff_GenericRevenueWire_207[1].exe.lnk
[2012/04/20 15:13:40 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/20 02:29:45 | 000,029,959 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Temp20.html
[2012/04/20 02:29:40 | 000,001,955 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Temp1.html
[2012/04/17 03:07:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/04/14 04:09:16 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/14 04:09:15 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/14 04:09:06 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/13 14:24:49 | 000,002,338 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/09 13:42:59 | 000,002,288 | ---- | M] () -- C:\Users\Lightning\Desktop\medbc reg.reg
[2012/04/06 22:49:50 | 000,001,355 | ---- | M] () -- C:\Users\Lightning\Documents\ZATANNA BOW.ucp
[2012/04/05 16:28:04 | 166,448,312 | ---- | M] (NVIDIA Corporation) -- C:\Users\Lightning\Desktop\296.10-desktop-win7-winvista-64bit-english-whql.exe
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 18:15:45 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/02 18:23:57 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk

========== Files Created - No Company Name ==========

[2012/04/21 13:29:10 | 000,000,625 | ---- | C] () -- C:\Users\Lightning\Desktop\ComboFix - Shortcut.lnk
[2012/04/21 11:27:37 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 10:59:29 | 000,002,702 | ---- | C] () -- C:\Users\Lightning\Desktop\SDAV_Online_aff_GenericRevenueWire_207[1].exe.lnk
[2012/04/20 06:52:29 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/04/20 06:51:57 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/04/09 13:42:59 | 000,002,288 | ---- | C] () -- C:\Users\Lightning\Desktop\medbc reg.reg
[2012/04/06 22:49:50 | 000,001,355 | ---- | C] () -- C:\Users\Lightning\Documents\ZATANNA BOW.ucp
[2012/04/02 18:23:57 | 000,000,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beatport Downloader.lnk
[2012/04/02 18:23:57 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk
[2012/04/01 13:36:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/06 06:46:05 | 000,029,959 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Temp20.html
[2012/03/05 00:13:23 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/02/17 01:32:32 | 000,000,132 | ---- | C] () -- C:\Users\Lightning\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/02/15 15:39:16 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012/02/02 23:37:46 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012/02/02 23:37:39 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2012/02/02 23:37:39 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2012/01/08 02:47:18 | 000,001,955 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Temp1.html
[2012/01/01 05:49:12 | 000,007,606 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Resmon.ResmonCfg
[2011/12/29 09:07:52 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/12/12 22:43:29 | 000,110,168 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/07 22:42:00 | 002,089,984 | ---- | C] () -- C:\Windows\libmem.dll
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/10 23:41:48 | 000,000,097 | ---- | C] () -- C:\Users\Lightning\AppData\Local\fusioncache.dat
[2010/12/10 23:40:00 | 000,789,750 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/10 23:04:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/07 17:39:34 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/12/07 16:28:09 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/12/07 16:28:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/12/07 16:28:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010/12/07 16:16:02 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/07 16:16:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/11/05 17:49:42 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2010/07/07 14:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/07/07 13:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010/07/07 13:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010/07/07 13:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/07/07 13:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/07/07 13:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010/07/07 13:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

========== LOP Check ==========

[2011/09/23 23:32:18 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Amazon
[2012/02/16 11:24:04 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2012/01/20 00:04:09 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\BigHugeEngine
[2012/04/17 15:25:25 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/02 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\com.beatport.BeatportDownloader
[2012/01/24 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DarknessIIDemo
[2012/02/29 23:22:22 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DAZ 3D
[2012/01/25 18:23:24 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DriverFinder
[2012/04/03 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\FOG Downloader
[2011/10/28 00:50:48 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\GetRightToGo
[2012/04/16 19:33:43 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\imollo
[2012/01/01 21:42:57 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\iStonsoft
[2012/01/01 21:43:07 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\libimobiledevice
[2012/04/07 20:02:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Motorola
[2011/11/03 22:04:07 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\OnLive App
[2011/10/25 05:59:26 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Origin
[2010/12/11 01:12:13 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Razer
[2012/01/26 02:46:34 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\RegGenie
[2011/12/26 21:16:52 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\SecondLife
[2011/12/28 20:56:01 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\SystemRequirementsLab
[2012/04/21 10:59:29 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\TestApp
[2012/01/18 20:44:23 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Thunderbird
[2011/12/10 02:34:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Trine2
[2011/12/29 09:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Ubisoft
[2012/03/29 14:16:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\uTorrent
[2010/12/11 11:18:25 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Windows Live Writer
[2012/03/10 21:32:03 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

-----------

asMBR still stops responding. It got further into the scan this time. The thing is it's not that I can't run it, and it ran for a about 26 minutes exactly, before it just "stops responding" eventually. I even renamed it to see. My computer itself seems fine and runs perfect but maybe you still see something in the logs above.

That one file on my desktop I put there but if I can delete it, let me know.

Edited by Madelynn, 26 April 2012 - 07:24 PM.

#7
godawgs

Posted 27 April 2012 - 01:22 PM

Teacher

Retired Staff
8,228 posts

Hi Madelynn,

Thanks for the logs and the information.

My computer itself seems fine and runs perfect but maybe you still see something in the logs above.

The only thing I see in the logs is the Goored infection. And the GooredFix tool didn't see it for some reason so we'll kill it another way.
But we always want to check for rootkit activity and that is what aswMBR does. But aswMBR just doesn't run on some machines. So we'll check that a different way.

That one file on my desktop I put there but if I can delete it, let me know.

You should be able to delete the file. But if you put it there for a reason you may not want to. You can right-clickon the file and click EDIT (Do Not click Open) and that will tell you what is in the file. If youre not sure what it is you can copy the contents and post them here and we'll have a look..then you can decide.

Let's run another OTL fix.

1.

Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.

:OTL
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}: C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}\ [2012/04/08 03:04:42 | 000,000,000 | ---D | M]
[2012/04/26 14:48:45 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BD1B86AA-98DF-46AF-9BF6-A0FAA93A0E67}
[2012/04/26 14:48:23 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2A0979A2-744C-4813-ABD8-DD0A2A48CD62}
[2012/04/26 02:47:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2812B3AE-7773-4209-B25E-E6FFAEDA63FA}
[2012/04/26 02:47:36 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{46974FAA-8C66-4F60-BB93-7279509F7967}

:COMMANDS
[EMPTYTEMP]

on your desktop.
3. Place the mouse pointer inside the Posted Image

textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image

button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image

button. Post the log it produces in your next reply.

2.

TDSSKiller

Please read carefully and follow these steps.
Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

3.

Things For Your Next Post:
1. The OTL Fixes log
2. The new OTL.txt log
3. The TDSSKiller log
4. Let me know what you found out about the medbc reg.reg. file

#8
Madelynn

Posted 27 April 2012 - 02:09 PM

Member

Topic Starter
Member
15 posts

First scan:

All processes killed
========== OTL ==========
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}: C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}\ not found.
C:\Users\Lightning\AppData\Local\{BD1B86AA-98DF-46AF-9BF6-A0FAA93A0E67} folder moved successfully.
C:\Users\Lightning\AppData\Local\{2A0979A2-744C-4813-ABD8-DD0A2A48CD62} folder moved successfully.
C:\Users\Lightning\AppData\Local\{2812B3AE-7773-4209-B25E-E6FFAEDA63FA} folder moved successfully.
C:\Users\Lightning\AppData\Local\{46974FAA-8C66-4F60-BB93-7279509F7967} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lightning
->Temp folder emptied: 72009301 bytes
->Temporary Internet Files folder emptied: 1529082 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 253530755 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3537 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: virus
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13652 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 312.00 mb

OTL by OldTimer - Version 3.2.42.0 log created on 04272012_144518

Files\Folders moved on Reboot...
C:\Users\Lightning\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF0B85616CE38EF28C.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF4B41D10DD5035D7B.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF694AF2D9ECF6F61F.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF751BD56A40ACAAF7.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF8035B51952E52F12.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DFD35CF1E457B4DE84.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DFD70BF3943DEB49C2.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DFE84D7862DC543009.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DFEDA3E626CBDC940A.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DFEF8FB76797BA3869.TMP not found!

Registry entries deleted on Reboot...

----------------------

Quick Scan:

OTL logfile created on: 4/27/2012 2:59:45 PM - Run 5
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Lightning\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 7.50 Gb Available Physical Memory | 62.53% Memory free
23.98 Gb Paging File | 18.93 Gb Available in Paging File | 78.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1854.96 Gb Total Space | 1266.58 Gb Free Space | 68.28% Space Free | Partition Type: NTFS

Computer Name: LIGHTNING-PC | User Name: Lightning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/25 20:57:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
PRC - [2012/04/25 20:34:42 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/04/12 15:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/11/05 17:50:08 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2010/11/05 17:46:10 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/07/07 13:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
PRC - [2009/04/09 12:06:00 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2007/12/19 12:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/25 20:34:42 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/14 04:09:15 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/04/13 13:40:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MOD - [2012/04/13 13:40:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/13 13:40:31 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/13 03:07:06 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll
MOD - [2012/04/13 03:06:59 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll
MOD - [2012/04/13 03:06:56 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll
MOD - [2012/04/13 03:06:51 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll
MOD - [2012/04/13 03:06:50 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll
MOD - [2012/02/16 12:41:17 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
MOD - [2012/02/16 12:40:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 12:18:29 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
MOD - [2012/02/16 01:58:01 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll
MOD - [2012/02/16 01:57:58 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
MOD - [2012/02/16 01:57:56 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
MOD - [2012/02/16 01:57:54 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
MOD - [2012/02/16 01:57:53 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012/02/16 01:57:50 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll
MOD - [2012/02/16 01:57:49 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2012/02/15 04:53:43 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll
MOD - [2012/02/15 04:11:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 04:11:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 04:11:14 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 04:11:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 04:11:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2012/01/08 09:43:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2010/01/12 16:36:00 | 000,177,664 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/12/29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/20 12:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/14 18:11:02 | 000,163,328 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV:64bit: - [2010/11/05 17:42:44 | 000,015,296 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/25 20:34:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/20 20:25:35 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/14 04:09:16 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2012/01/06 05:28:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2012/01/06 05:24:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/12/09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
SRV - [2010/12/07 16:27:45 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/07 16:15:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/26 19:10:14 | 000,232,944 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe -- (SiHbaWakeupService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/05 03:49:56 | 000,019,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -- (AWOPFilterDriver)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 07:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/01/04 09:28:36 | 000,016,640 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011/09/20 18:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/09/20 18:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/09/20 18:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/09/20 18:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/09/20 18:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/09/20 18:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/08/22 16:14:14 | 000,121,856 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/02 12:39:40 | 000,432,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/19 16:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/27 15:36:32 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/13 12:39:52 | 000,014,928 | ---- | M] (Dell/Alienware) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mio.sys -- (mio)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/07 15:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 15:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 15:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 15:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 15:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 15:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 15:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/07/07 15:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/03/22 18:29:12 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/29 21:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2009/07/29 21:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009/07/29 21:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/21 19:08:10 | 000,012,800 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2007/08/02 18:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
IE - HKCU\..\SearchScopes,DefaultScope = {EDA8FA1E-2D67-497A-A3BD-C22850C3975C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{EDA8FA1E-2D67-497A-A3BD-C22850C3975C}: "URL" = http://searchya.com/...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "SearchYa!"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 20:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/17 13:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/18 20:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}: C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}\ [2012/04/08 03:04:42 | 000,000,000 | ---D | M]

[2010/12/10 23:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Extensions
[2012/04/25 20:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions
[2011/09/23 09:13:43 | 000,000,000 | ---D | M] () -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012/04/24 15:20:41 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/03/01 02:49:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/21 13:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\[email protected]
[2012/04/25 20:34:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/17 03:07:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/04/25 20:34:41 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/19 10:08:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/25 20:34:41 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/25 20:34:41 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/25 20:34:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/04/25 20:34:41 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/18 07:01:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [Launch Keyboard CI] c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe (Alienware)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB42CC01-1514-42B3-83F5-38FDAD6D4393}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/27 14:53:38 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lightning\Desktop\tdsskiller.exe
[2012/04/27 02:49:32 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{65762524-24B2-4D84-8158-E049581A1416}
[2012/04/27 02:49:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B0F5A489-60E3-4D32-B394-26491296C063}
[2012/04/26 18:29:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/26 18:21:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Desktop\GooredFix Backups
[2012/04/26 18:16:26 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Lightning\Desktop\GooredFix.exe
[2012/04/25 20:57:04 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
[2012/04/25 20:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/25 20:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/21 13:33:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/21 13:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/21 11:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/04/21 11:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012/04/21 11:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/04/21 10:59:38 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/04/21 10:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/04/21 10:59:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\TestApp
[2012/04/21 10:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/04/20 06:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/04/20 06:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/04/20 06:51:57 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/04/20 06:51:57 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/04/19 16:57:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\SniperV2 Demo
[2012/04/18 12:39:06 | 000,000,000 | ---D | C] -- C:\Crash
[2012/04/17 15:25:25 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/17 03:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/17 03:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/04/15 16:46:50 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/15 16:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/04/08 03:04:42 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}
[2012/04/08 02:17:20 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Documents\PassMark
[2012/04/08 02:17:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\PassMark
[2012/04/08 02:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
[2012/04/07 20:02:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\Motorola
[2012/04/07 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012/04/07 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/04/07 20:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2012/04/04 19:39:40 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Documents\Disney Interactive Studios
[2012/04/04 19:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Disney Interactive Studios
[2012/04/04 18:18:11 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Desktop\Tron Evolution
[2012/04/03 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\FOG Downloader
[2012/04/03 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\eligium_v0_92_10_13_en
[2012/04/03 15:38:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/04/02 18:23:59 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\com.beatport.BeatportDownloader
[2012/04/02 18:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Beatport Downloader
[2012/03/30 22:49:21 | 000,000,000 | ---D | C] -- C:\Ubisoft
[2012/03/30 22:48:48 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Deployment
[2012/03/30 22:48:48 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Apps
[2012/03/29 13:37:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Red 5 Studios

========== Files - Modified Within 30 Days ==========

[2012/04/27 14:54:41 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 14:54:41 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 14:53:43 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lightning\Desktop\tdsskiller.exe
[2012/04/27 14:52:39 | 000,796,090 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/27 14:52:39 | 000,671,192 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/27 14:52:39 | 000,126,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/27 14:48:15 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/27 14:47:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/27 14:47:19 | 1066,582,014 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/27 14:46:29 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/27 14:46:29 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/27 14:46:29 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/27 14:24:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/27 14:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/26 18:16:26 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Lightning\Desktop\GooredFix.exe
[2012/04/25 20:57:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
[2012/04/24 15:00:47 | 956,135,704 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/21 13:29:10 | 000,000,625 | ---- | M] () -- C:\Users\Lightning\Desktop\ComboFix - Shortcut.lnk
[2012/04/21 12:45:11 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 10:59:29 | 000,002,702 | ---- | M] () -- C:\Users\Lightning\Desktop\SDAV_Online_aff_GenericRevenueWire_207[1].exe.lnk
[2012/04/20 15:13:40 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/20 02:29:45 | 000,029,959 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Temp20.html
[2012/04/20 02:29:40 | 000,001,955 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Temp1.html
[2012/04/13 14:24:49 | 000,002,338 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/09 13:42:59 | 000,002,288 | ---- | M] () -- C:\Users\Lightning\Desktop\medbc reg.reg
[2012/04/06 22:49:50 | 000,001,355 | ---- | M] () -- C:\Users\Lightning\Documents\ZATANNA BOW.ucp
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 18:15:45 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/02 18:23:57 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk

========== Files Created - No Company Name ==========

[2012/04/21 13:29:10 | 000,000,625 | ---- | C] () -- C:\Users\Lightning\Desktop\ComboFix - Shortcut.lnk
[2012/04/21 11:27:37 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 10:59:29 | 000,002,702 | ---- | C] () -- C:\Users\Lightning\Desktop\SDAV_Online_aff_GenericRevenueWire_207[1].exe.lnk
[2012/04/20 06:52:29 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/04/20 06:51:57 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/04/09 13:42:59 | 000,002,288 | ---- | C] () -- C:\Users\Lightning\Desktop\medbc reg.reg
[2012/04/06 22:49:50 | 000,001,355 | ---- | C] () -- C:\Users\Lightning\Documents\ZATANNA BOW.ucp
[2012/04/02 18:23:57 | 000,000,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beatport Downloader.lnk
[2012/04/02 18:23:57 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk
[2012/04/01 13:36:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/06 06:46:05 | 000,029,959 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Temp20.html
[2012/03/05 00:13:23 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/02/17 01:32:32 | 000,000,132 | ---- | C] () -- C:\Users\Lightning\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/02/15 15:39:16 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012/02/02 23:37:46 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012/02/02 23:37:39 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2012/02/02 23:37:39 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2012/01/08 02:47:18 | 000,001,955 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Temp1.html
[2012/01/01 05:49:12 | 000,007,606 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Resmon.ResmonCfg
[2011/12/29 09:07:52 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/12/12 22:43:29 | 000,110,168 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/07 22:42:00 | 002,089,984 | ---- | C] () -- C:\Windows\libmem.dll
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/10 23:41:48 | 000,000,097 | ---- | C] () -- C:\Users\Lightning\AppData\Local\fusioncache.dat
[2010/12/10 23:40:00 | 000,789,750 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/10 23:04:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/07 17:39:34 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/12/07 16:28:09 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/12/07 16:28:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/12/07 16:28:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010/12/07 16:16:02 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/07 16:16:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/11/05 17:49:42 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2010/07/07 14:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/07/07 13:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010/07/07 13:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010/07/07 13:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/07/07 13:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/07/07 13:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010/07/07 13:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

========== LOP Check ==========

[2011/09/23 23:32:18 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Amazon
[2012/02/16 11:24:04 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2012/01/20 00:04:09 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\BigHugeEngine
[2012/04/17 15:25:25 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/02 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\com.beatport.BeatportDownloader
[2012/01/24 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DarknessIIDemo
[2012/02/29 23:22:22 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DAZ 3D
[2012/01/25 18:23:24 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DriverFinder
[2012/04/03 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\FOG Downloader
[2011/10/28 00:50:48 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\GetRightToGo
[2012/04/16 19:33:43 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\imollo
[2012/01/01 21:42:57 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\iStonsoft
[2012/01/01 21:43:07 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\libimobiledevice
[2012/04/07 20:02:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Motorola
[2011/11/03 22:04:07 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\OnLive App
[2011/10/25 05:59:26 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Origin
[2010/12/11 01:12:13 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Razer
[2012/01/26 02:46:34 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\RegGenie
[2011/12/26 21:16:52 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\SecondLife
[2011/12/28 20:56:01 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\SystemRequirementsLab
[2012/04/21 10:59:29 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\TestApp
[2012/01/18 20:44:23 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Thunderbird
[2011/12/10 02:34:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Trine2
[2011/12/29 09:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Ubisoft
[2012/03/29 14:16:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\uTorrent
[2010/12/11 11:18:25 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Windows Live Writer
[2012/03/10 21:32:03 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

------------

TDSSKiller:

15:02:10.0109 1080 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
15:02:10.0409 1080 ============================================================
15:02:10.0409 1080 Current date / time: 2012/04/27 15:02:10.0409
15:02:10.0409 1080 SystemInfo:
15:02:10.0409 1080
15:02:10.0409 1080 OS Version: 6.1.7601 ServicePack: 1.0
15:02:10.0409 1080 Product type: Workstation
15:02:10.0409 1080 ComputerName: LIGHTNING-PC
15:02:10.0409 1080 UserName: Lightning
15:02:10.0409 1080 Windows directory: C:\Windows
15:02:10.0409 1080 System windows directory: C:\Windows
15:02:10.0409 1080 Running under WOW64
15:02:10.0409 1080 Processor architecture: Intel x64
15:02:10.0409 1080 Number of processors: 12
15:02:10.0409 1080 Page size: 0x1000
15:02:10.0409 1080 Boot type: Normal boot
15:02:10.0409 1080 ============================================================
15:02:10.0701 1080 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1600000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:02:10.0713 1080 ============================================================
15:02:10.0713 1080 \Device\Harddisk0\DR0:
15:02:10.0713 1080 MBR partitions:
15:02:10.0713 1080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x100D000
15:02:10.0713 1080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1021000, BlocksNum 0xE7DE9800
15:02:10.0713 1080 ============================================================
15:02:10.0766 1080 C: <-> \Device\Harddisk0\DR0\Partition1
15:02:10.0766 1080 ============================================================
15:02:10.0766 1080 Initialize success
15:02:10.0766 1080 ============================================================
15:02:45.0546 4744 ============================================================
15:02:45.0546 4744 Scan started
15:02:45.0546 4744 Mode: Manual; SigCheck; TDLFS;
15:02:45.0546 4744 ============================================================
15:02:45.0875 4744 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:02:45.0940 4744 !SASCORE - ok
15:02:46.0104 4744 1394hub - ok
15:02:46.0205 4744 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:02:46.0241 4744 1394ohci - ok
15:02:46.0315 4744 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:02:46.0341 4744 ACPI - ok
15:02:46.0370 4744 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:02:46.0417 4744 AcpiPmi - ok
15:02:46.0571 4744 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:02:46.0643 4744 AdobeFlashPlayerUpdateSvc - ok
15:02:46.0666 4744 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:02:46.0685 4744 adp94xx - ok
15:02:46.0719 4744 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:02:46.0731 4744 adpahci - ok
15:02:46.0760 4744 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:02:46.0771 4744 adpu320 - ok
15:02:46.0796 4744 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:02:46.0840 4744 AeLookupSvc - ok
15:02:46.0928 4744 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:02:46.0965 4744 AFD - ok
15:02:46.0985 4744 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:02:46.0999 4744 agp440 - ok
15:02:47.0031 4744 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:02:47.0084 4744 ALG - ok
15:02:47.0147 4744 AlienFusionService (63eaf9f1a60c44e26f6ef22e8f479d76) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
15:02:47.0162 4744 AlienFusionService - ok
15:02:47.0179 4744 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:02:47.0188 4744 aliide - ok
15:02:47.0225 4744 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:02:47.0236 4744 amdide - ok
15:02:47.0242 4744 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:02:47.0268 4744 AmdK8 - ok
15:02:47.0273 4744 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:02:47.0310 4744 AmdPPM - ok
15:02:47.0374 4744 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:02:47.0387 4744 amdsata - ok
15:02:47.0438 4744 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:02:47.0455 4744 amdsbs - ok
15:02:47.0465 4744 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:02:47.0480 4744 amdxata - ok
15:02:47.0511 4744 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:02:47.0560 4744 AppID - ok
15:02:47.0580 4744 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:02:47.0628 4744 AppIDSvc - ok
15:02:47.0696 4744 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:02:47.0740 4744 Appinfo - ok
15:02:47.0791 4744 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:02:47.0809 4744 AppMgmt - ok
15:02:47.0829 4744 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:02:47.0840 4744 arc - ok
15:02:47.0872 4744 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:02:47.0899 4744 arcsas - ok
15:02:48.0066 4744 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:02:48.0090 4744 aspnet_state - ok
15:02:48.0111 4744 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:02:48.0168 4744 AsyncMac - ok
15:02:48.0197 4744 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:02:48.0209 4744 atapi - ok
15:02:48.0260 4744 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:02:48.0311 4744 AudioEndpointBuilder - ok
15:02:48.0314 4744 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:02:48.0346 4744 AudioSrv - ok
15:02:48.0372 4744 AWOPFilterDriver (0e15300e54fdce8939e8651873117636) C:\Windows\system32\drivers\AWOPFilterDriver.sys
15:02:48.0411 4744 AWOPFilterDriver - ok
15:02:48.0485 4744 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:02:48.0514 4744 AxInstSV - ok
15:02:48.0568 4744 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:02:48.0584 4744 b06bdrv - ok
15:02:48.0598 4744 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:02:48.0638 4744 b57nd60a - ok
15:02:48.0697 4744 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:02:48.0729 4744 BDESVC - ok
15:02:48.0758 4744 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:02:48.0802 4744 Beep - ok
15:02:48.0902 4744 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:02:48.0953 4744 BFE - ok
15:02:49.0006 4744 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:02:49.0056 4744 BITS - ok
15:02:49.0086 4744 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:02:49.0108 4744 blbdrive - ok
15:02:49.0183 4744 Blfp (8ab4719971b7280313835c28616ea7b4) C:\Windows\system32\DRIVERS\basp.sys
15:02:49.0215 4744 Blfp - ok
15:02:49.0253 4744 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:02:49.0272 4744 bowser - ok
15:02:49.0371 4744 BrcmMgmtAgent (f742f89449e6d345425c2fef9158b008) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
15:02:49.0436 4744 BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - warning
15:02:49.0436 4744 BrcmMgmtAgent - detected UnsignedFile.Multi.Generic (1)
15:02:49.0461 4744 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:02:49.0472 4744 BrFiltLo - ok
15:02:49.0486 4744 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:02:49.0497 4744 BrFiltUp - ok
15:02:49.0544 4744 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:02:49.0567 4744 BridgeMP - ok
15:02:49.0592 4744 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:02:49.0630 4744 Browser - ok
15:02:49.0673 4744 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:02:49.0686 4744 Brserid - ok
15:02:49.0704 4744 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:02:49.0731 4744 BrSerWdm - ok
15:02:49.0734 4744 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:02:49.0745 4744 BrUsbMdm - ok
15:02:49.0747 4744 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:02:49.0758 4744 BrUsbSer - ok
15:02:49.0780 4744 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:02:49.0816 4744 BthEnum - ok
15:02:49.0855 4744 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:02:49.0883 4744 BTHMODEM - ok
15:02:49.0922 4744 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:02:49.0950 4744 BthPan - ok
15:02:49.0998 4744 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
15:02:50.0022 4744 BTHPORT - ok
15:02:50.0070 4744 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:02:50.0122 4744 bthserv - ok
15:02:50.0146 4744 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
15:02:50.0157 4744 BTHUSB - ok
15:02:50.0243 4744 btwampfl (0e78584d5faca0509dfa97bd8b635075) C:\Windows\system32\drivers\btwampfl.sys
15:02:50.0263 4744 btwampfl - ok
15:02:50.0301 4744 btwaudio (409c4117e6027672ef41e68ace1468ad) C:\Windows\system32\drivers\btwaudio.sys
15:02:50.0313 4744 btwaudio - ok
15:02:50.0358 4744 btwavdt (8ca7cabd13316abace386d9f380b4cf3) C:\Windows\system32\drivers\btwavdt.sys
15:02:50.0372 4744 btwavdt - ok
15:02:50.0444 4744 btwdins (1249ede2280f9a1564c946afddcd59d5) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:02:50.0520 4744 btwdins - ok
15:02:50.0596 4744 BTWDPAN (41933521a618475644b6e8d8487af326) C:\Windows\system32\DRIVERS\btwdpan.sys
15:02:50.0615 4744 BTWDPAN - ok
15:02:50.0620 4744 btwl2cap (b9354f9f111c64f2495b60f1e24cb453) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:02:50.0633 4744 btwl2cap - ok
15:02:50.0648 4744 btwrchid (71a04f2d9deb21b162561eb574d7d629) C:\Windows\system32\DRIVERS\btwrchid.sys
15:02:50.0661 4744 btwrchid - ok
15:02:50.0670 4744 catchme - ok
15:02:50.0688 4744 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:02:50.0721 4744 cdfs - ok
15:02:50.0788 4744 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:02:50.0820 4744 cdrom - ok
15:02:50.0889 4744 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:02:50.0951 4744 CertPropSvc - ok
15:02:50.0999 4744 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:02:51.0011 4744 circlass - ok
15:02:51.0059 4744 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:02:51.0073 4744 CLFS - ok
15:02:51.0138 4744 CLKMSVC10_9EC60124 (fdff50af8a708a23b7de1d69c285a2ae) c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
15:02:51.0184 4744 CLKMSVC10_9EC60124 - ok
15:02:51.0261 4744 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:02:51.0308 4744 clr_optimization_v2.0.50727_32 - ok
15:02:51.0357 4744 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:02:51.0373 4744 clr_optimization_v2.0.50727_64 - ok
15:02:51.0482 4744 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:02:51.0499 4744 clr_optimization_v4.0.30319_32 - ok
15:02:51.0534 4744 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:02:51.0552 4744 clr_optimization_v4.0.30319_64 - ok
15:02:51.0559 4744 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:02:51.0598 4744 CmBatt - ok
15:02:51.0631 4744 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:02:51.0644 4744 cmdide - ok
15:02:51.0712 4744 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:02:51.0764 4744 CNG - ok
15:02:51.0792 4744 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:02:51.0806 4744 Compbatt - ok
15:02:51.0844 4744 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:02:51.0876 4744 CompositeBus - ok
15:02:51.0887 4744 COMSysApp - ok
15:02:51.0961 4744 cpuz135 (76355d5eafdfa3e9b7580b9153de1f30) C:\Windows\system32\drivers\cpuz135_x64.sys
15:02:51.0977 4744 cpuz135 - ok
15:02:51.0981 4744 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:02:51.0997 4744 crcdisk - ok
15:02:52.0061 4744 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
15:02:52.0198 4744 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
15:02:52.0198 4744 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
15:02:52.0257 4744 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
15:02:52.0347 4744 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
15:02:52.0347 4744 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
15:02:52.0387 4744 Creative Media Toolbox 6 Licensing Service (d03466c36ef0e5c7694ff38b45271d9d) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
15:02:52.0471 4744 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
15:02:52.0471 4744 Creative Media Toolbox 6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
15:02:52.0533 4744 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:02:52.0577 4744 CryptSvc - ok
15:02:52.0629 4744 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:02:52.0659 4744 CSC - ok
15:02:52.0734 4744 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:02:52.0755 4744 CscService - ok
15:02:52.0815 4744 CT20XUT (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS
15:02:52.0826 4744 CT20XUT - ok
15:02:52.0836 4744 CT20XUT.SYS (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS
15:02:52.0848 4744 CT20XUT.SYS - ok
15:02:52.0899 4744 ctac32k (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys
15:02:52.0913 4744 ctac32k - ok
15:02:52.0947 4744 ctaud2k (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys
15:02:52.0963 4744 ctaud2k - ok
15:02:53.0031 4744 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
15:02:53.0095 4744 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
15:02:53.0095 4744 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
15:02:53.0149 4744 CTEXFIFX (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS
15:02:53.0181 4744 CTEXFIFX - ok
15:02:53.0193 4744 CTEXFIFX.SYS (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS
15:02:53.0216 4744 CTEXFIFX.SYS - ok
15:02:53.0248 4744 CTHWIUT (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS
15:02:53.0258 4744 CTHWIUT - ok
15:02:53.0260 4744 CTHWIUT.SYS (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS
15:02:53.0270 4744 CTHWIUT.SYS - ok
15:02:53.0289 4744 ctprxy2k (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys
15:02:53.0298 4744 ctprxy2k - ok
15:02:53.0322 4744 ctsfm2k (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys
15:02:53.0333 4744 ctsfm2k - ok
15:02:53.0367 4744 DAdderFltr (5bc67f1efb6b1d039b151cf7353ec742) C:\Windows\system32\drivers\dadder.sys
15:02:53.0410 4744 DAdderFltr - ok
15:02:53.0434 4744 danewFltr (329bc03a1ccd45941df52dc021d27ac5) C:\Windows\system32\drivers\danew.sys
15:02:53.0442 4744 danewFltr - ok
15:02:53.0508 4744 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:02:53.0555 4744 DcomLaunch - ok
15:02:53.0610 4744 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:02:53.0658 4744 defragsvc - ok
15:02:53.0697 4744 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:02:53.0728 4744 DfsC - ok
15:02:53.0758 4744 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:02:53.0788 4744 Dhcp - ok
15:02:53.0817 4744 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:02:53.0848 4744 discache - ok
15:02:53.0872 4744 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:02:53.0883 4744 Disk - ok
15:02:53.0932 4744 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:02:53.0964 4744 Dnscache - ok
15:02:54.0008 4744 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:02:54.0046 4744 dot3svc - ok
15:02:54.0113 4744 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:02:54.0153 4744 DPS - ok
15:02:54.0188 4744 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:02:54.0211 4744 drmkaud - ok
15:02:54.0271 4744 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:02:54.0291 4744 DXGKrnl - ok
15:02:54.0315 4744 EagleX64 - ok
15:02:54.0362 4744 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:02:54.0416 4744 EapHost - ok
15:02:54.0518 4744 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:02:54.0548 4744 ebdrv - ok
15:02:54.0586 4744 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:02:54.0620 4744 EFS - ok
15:02:54.0721 4744 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:02:54.0747 4744 ehRecvr - ok
15:02:54.0779 4744 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:02:54.0800 4744 ehSched - ok
15:02:54.0848 4744 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:02:54.0864 4744 elxstor - ok
15:02:54.0895 4744 emupia (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys
15:02:54.0906 4744 emupia - ok
15:02:54.0935 4744 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:02:54.0959 4744 ErrDev - ok
15:02:55.0000 4744 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:02:55.0031 4744 EventSystem - ok
15:02:55.0062 4744 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:02:55.0100 4744 exfat - ok
15:02:55.0143 4744 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:02:55.0187 4744 fastfat - ok
15:02:55.0281 4744 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:02:55.0368 4744 Fax - ok
15:02:55.0402 4744 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:02:55.0440 4744 fdc - ok
15:02:55.0463 4744 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:02:55.0503 4744 fdPHost - ok
15:02:55.0507 4744 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:02:55.0550 4744 FDResPub - ok
15:02:55.0580 4744 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:02:55.0591 4744 FileInfo - ok
15:02:55.0613 4744 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:02:55.0663 4744 Filetrace - ok
15:02:55.0743 4744 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:02:55.0791 4744 FLEXnet Licensing Service - ok
15:02:55.0827 4744 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:02:55.0837 4744 flpydisk - ok
15:02:55.0879 4744 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:02:55.0893 4744 FltMgr - ok
15:02:55.0979 4744 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:02:56.0017 4744 FontCache - ok
15:02:56.0089 4744 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:02:56.0110 4744 FontCache3.0.0.0 - ok
15:02:56.0142 4744 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:02:56.0157 4744 FsDepends - ok
15:02:56.0186 4744 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:02:56.0200 4744 Fs_Rec - ok
15:02:56.0287 4744 Futuremark SystemInfo Service (0d015d3584704ec814a58276232f143b) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
15:02:56.0318 4744 Futuremark SystemInfo Service - ok
15:02:56.0359 4744 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:02:56.0373 4744 fvevol - ok
15:02:56.0377 4744 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:02:56.0388 4744 gagp30kx - ok
15:02:56.0463 4744 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:02:56.0520 4744 gpsvc - ok
15:02:56.0599 4744 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:02:56.0651 4744 gupdate - ok
15:02:56.0673 4744 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:02:56.0706 4744 gupdatem - ok
15:02:56.0800 4744 ha20x22k (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys
15:02:56.0829 4744 ha20x22k - ok
15:02:56.0888 4744 ha20x2k (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys
15:02:56.0920 4744 ha20x2k - ok
15:02:56.0956 4744 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:02:56.0975 4744 hcw85cir - ok
15:02:57.0015 4744 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:02:57.0039 4744 HdAudAddService - ok
15:02:57.0083 4744 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:02:57.0106 4744 HDAudBus - ok
15:02:57.0128 4744 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:02:57.0150 4744 HidBatt - ok
15:02:57.0190 4744 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:02:57.0217 4744 HidBth - ok
15:02:57.0223 4744 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:02:57.0244 4744 HidIr - ok
15:02:57.0286 4744 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:02:57.0338 4744 hidserv - ok
15:02:57.0383 4744 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:02:57.0402 4744 HidUsb - ok
15:02:57.0455 4744 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:02:57.0506 4744 hkmsvc - ok
15:02:57.0559 4744 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:02:57.0585 4744 HomeGroupListener - ok
15:02:57.0616 4744 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:02:57.0646 4744 HomeGroupProvider - ok
15:02:57.0686 4744 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:02:57.0696 4744 HpSAMD - ok
15:02:57.0755 4744 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:02:57.0799 4744 HTTP - ok
15:02:57.0839 4744 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:02:57.0849 4744 hwpolicy - ok
15:02:57.0899 4744 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:02:57.0910 4744 i8042prt - ok
15:02:57.0964 4744 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
15:02:57.0984 4744 iaStor - ok
15:02:58.0024 4744 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
15:02:58.0038 4744 IAStorDataMgrSvc - ok
15:02:58.0071 4744 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:02:58.0088 4744 iaStorV - ok
15:02:58.0156 4744 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:02:58.0182 4744 idsvc - ok
15:02:58.0214 4744 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:02:58.0223 4744 iirsp - ok
15:02:58.0278 4744 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:02:58.0336 4744 IKEEXT - ok
15:02:58.0378 4744 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:02:58.0388 4744 intelide - ok
15:02:58.0417 4744 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:02:58.0428 4744 intelppm - ok
15:02:58.0473 4744 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:02:58.0513 4744 IPBusEnum - ok
15:02:58.0571 4744 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:02:58.0613 4744 IpFilterDriver - ok
15:02:58.0651 4744 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:02:58.0702 4744 iphlpsvc - ok
15:02:58.0756 4744 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:02:58.0786 4744 IPMIDRV - ok
15:02:58.0828 4744 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:02:58.0862 4744 IPNAT - ok
15:02:58.0888 4744 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:02:58.0912 4744 IRENUM - ok
15:02:58.0960 4744 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:02:58.0972 4744 isapnp - ok
15:02:59.0010 4744 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:02:59.0026 4744 iScsiPrt - ok
15:02:59.0080 4744 JRAID (c0d9ba660a41ee8a269ef804e6cd0d7b) C:\Windows\system32\DRIVERS\jraid.sys
15:02:59.0091 4744 JRAID - ok
15:02:59.0187 4744 k57nd60a (f163bb6827f41d61594efd5e6c00ad4a) C:\Windows\system32\DRIVERS\k57nd60a.sys
15:02:59.0228 4744 k57nd60a - ok
15:02:59.0257 4744 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:02:59.0276 4744 kbdclass - ok
15:02:59.0307 4744 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:02:59.0326 4744 kbdhid - ok
15:02:59.0357 4744 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:02:59.0382 4744 KeyIso - ok
15:02:59.0429 4744 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:02:59.0450 4744 KSecDD - ok
15:02:59.0475 4744 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:02:59.0499 4744 KSecPkg - ok
15:02:59.0518 4744 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:02:59.0564 4744 ksthunk - ok
15:02:59.0635 4744 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:02:59.0693 4744 KtmRm - ok
15:02:59.0766 4744 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:02:59.0810 4744 LanmanServer - ok
15:02:59.0871 4744 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:02:59.0913 4744 LanmanWorkstation - ok
15:02:59.0928 4744 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:02:59.0965 4744 lltdio - ok
15:03:00.0020 4744 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:03:00.0052 4744 lltdsvc - ok
15:03:00.0086 4744 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:03:00.0113 4744 lmhosts - ok
15:03:00.0156 4744 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:03:00.0167 4744 LSI_FC - ok
15:03:00.0173 4744 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:03:00.0184 4744 LSI_SAS - ok
15:03:00.0220 4744 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:03:00.0243 4744 LSI_SAS2 - ok
15:03:00.0278 4744 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:03:00.0299 4744 LSI_SCSI - ok
15:03:00.0323 4744 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:03:00.0375 4744 luafv - ok
15:03:00.0433 4744 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:03:00.0443 4744 MBAMProtector - ok
15:03:00.0539 4744 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:03:00.0601 4744 MBAMService - ok
15:03:00.0638 4744 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:03:00.0681 4744 Mcx2Svc - ok
15:03:00.0713 4744 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:03:00.0723 4744 megasas - ok
15:03:00.0762 4744 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:03:00.0777 4744 MegaSR - ok
15:03:00.0803 4744 mio (8fa3c6a34458bc78c9b13ce08b277faf) C:\Windows\system32\DRIVERS\mio.sys
15:03:00.0811 4744 mio - ok
15:03:00.0872 4744 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:03:00.0912 4744 MMCSS - ok
15:03:00.0915 4744 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:03:00.0945 4744 Modem - ok
15:03:01.0001 4744 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:03:01.0023 4744 monitor - ok
15:03:01.0146 4744 MotoHelper (290750346f5937b02f62594b8eb03215) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
15:03:01.0189 4744 MotoHelper - ok
15:03:01.0222 4744 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:03:01.0233 4744 mouclass - ok
15:03:01.0251 4744 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:03:01.0274 4744 mouhid - ok
15:03:01.0339 4744 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:03:01.0354 4744 mountmgr - ok
15:03:01.0430 4744 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:03:01.0478 4744 MozillaMaintenance - ok
15:03:01.0521 4744 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
15:03:01.0534 4744 MpFilter - ok
15:03:01.0590 4744 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:03:01.0613 4744 mpio - ok
15:03:01.0633 4744 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:03:01.0651 4744 MpNWMon - ok
15:03:01.0657 4744 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:03:01.0680 4744 mpsdrv - ok
15:03:01.0725 4744 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:03:01.0768 4744 MpsSvc - ok
15:03:01.0788 4744 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:03:01.0819 4744 MRxDAV - ok
15:03:01.0875 4744 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:03:01.0907 4744 mrxsmb - ok
15:03:01.0951 4744 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:03:01.0979 4744 mrxsmb10 - ok
15:03:01.0987 4744 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:03:02.0003 4744 mrxsmb20 - ok
15:03:02.0049 4744 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:03:02.0063 4744 msahci - ok
15:03:02.0126 4744 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:03:02.0142 4744 msdsm - ok
15:03:02.0189 4744 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:03:02.0218 4744 MSDTC - ok
15:03:02.0251 4744 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:03:02.0273 4744 Msfs - ok
15:03:02.0284 4744 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:03:02.0319 4744 mshidkmdf - ok
15:03:02.0354 4744 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:03:02.0379 4744 msisadrv - ok
15:03:02.0424 4744 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:03:02.0469 4744 MSiSCSI - ok
15:03:02.0471 4744 msiserver - ok
15:03:02.0497 4744 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:03:02.0524 4744 MSKSSRV - ok
15:03:02.0598 4744 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
15:03:02.0609 4744 MsMpSvc - ok
15:03:02.0626 4744 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:03:02.0661 4744 MSPCLOCK - ok
15:03:02.0680 4744 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:03:02.0716 4744 MSPQM - ok
15:03:02.0757 4744 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:03:02.0772 4744 MsRPC - ok
15:03:02.0790 4744 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:03:02.0800 4744 mssmbios - ok
15:03:02.0803 4744 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:03:02.0824 4744 MSTEE - ok
15:03:02.0826 4744 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:03:02.0837 4744 MTConfig - ok
15:03:02.0850 4744 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:03:02.0861 4744 Mup - ok
15:03:02.0914 4744 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:03:02.0956 4744 napagent - ok
15:03:02.0993 4744 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:03:03.0022 4744 NativeWifiP - ok
15:03:03.0100 4744 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:03:03.0128 4744 NDIS - ok
15:03:03.0154 4744 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:03:03.0176 4744 NdisCap - ok
15:03:03.0183 4744 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:03:03.0211 4744 NdisTapi - ok
15:03:03.0230 4744 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:03:03.0252 4744 Ndisuio - ok
15:03:03.0310 4744 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:03:03.0341 4744 NdisWan - ok
15:03:03.0383 4744 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:03:03.0405 4744 NDProxy - ok
15:03:03.0494 4744 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:03:03.0575 4744 Nero BackItUp Scheduler 4.0 - ok
15:03:03.0587 4744 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:03:03.0621 4744 NetBIOS - ok
15:03:03.0641 4744 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:03:03.0683 4744 NetBT - ok
15:03:03.0686 4744 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:03.0699 4744 Netlogon - ok
15:03:03.0746 4744 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:03:03.0774 4744 Netman - ok
15:03:03.0899 4744 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:03.0922 4744 NetMsmqActivator - ok
15:03:03.0925 4744 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:03.0943 4744 NetPipeActivator - ok
15:03:03.0985 4744 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:03:04.0026 4744 netprofm - ok
15:03:04.0029 4744 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:04.0044 4744 NetTcpActivator - ok
15:03:04.0046 4744 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:04.0062 4744 NetTcpPortSharing - ok
15:03:04.0124 4744 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:03:04.0136 4744 nfrd960 - ok
15:03:04.0148 4744 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:03:04.0158 4744 NisDrv - ok
15:03:04.0196 4744 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
15:03:04.0217 4744 NisSrv - ok
15:03:04.0272 4744 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:03:04.0310 4744 NlaSvc - ok
15:03:04.0327 4744 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:03:04.0349 4744 Npfs - ok
15:03:04.0388 4744 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:03:04.0421 4744 nsi - ok
15:03:04.0460 4744 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:03:04.0482 4744 nsiproxy - ok
15:03:04.0558 4744 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:03:04.0585 4744 Ntfs - ok
15:03:04.0650 4744 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:03:04.0687 4744 Null - ok
15:03:04.0744 4744 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
15:03:04.0761 4744 NVHDA - ok
15:03:04.0949 4744 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:03:05.0536 4744 nvlddmkm - ok
15:03:05.0586 4744 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:03:05.0598 4744 nvraid - ok
15:03:05.0618 4744 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:03:05.0640 4744 nvstor - ok
15:03:05.0731 4744 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
15:03:05.0793 4744 nvsvc - ok
15:03:05.0933 4744 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:03:06.0004 4744 nvUpdatusService - ok
15:03:06.0049 4744 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:03:06.0062 4744 nv_agp - ok
15:03:06.0120 4744 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:03:06.0148 4744 ohci1394 - ok
15:03:06.0184 4744 ossrv (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys
15:03:06.0201 4744 ossrv - ok
15:03:06.0243 4744 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:03:06.0282 4744 p2pimsvc - ok
15:03:06.0333 4744 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:03:06.0373 4744 p2psvc - ok
15:03:06.0414 4744 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:03:06.0426 4744 Parport - ok
15:03:06.0487 4744 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:03:06.0511 4744 partmgr - ok
15:03:06.0551 4744 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:03:06.0590 4744 PcaSvc - ok
15:03:06.0631 4744 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:03:06.0650 4744 pci - ok
15:03:06.0681 4744 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:03:06.0690 4744 pciide - ok
15:03:06.0726 4744 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:03:06.0738 4744 pcmcia - ok
15:03:06.0753 4744 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:03:06.0764 4744 pcw - ok
15:03:06.0810 4744 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:03:06.0847 4744 PEAUTH - ok
15:03:06.0912 4744 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:03:06.0936 4744 PeerDistSvc - ok
15:03:07.0018 4744 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:03:07.0034 4744 PerfHost - ok
15:03:07.0100 4744 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:03:07.0147 4744 pla - ok
15:03:07.0218 4744 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:03:07.0246 4744 PlugPlay - ok
15:03:07.0278 4744 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:03:07.0304 4744 PNRPAutoReg - ok
15:03:07.0320 4744 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:03:07.0340 4744 PNRPsvc - ok
15:03:07.0407 4744 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:03:07.0438 4744 PolicyAgent - ok
15:03:07.0482 4744 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:03:07.0527 4744 Power - ok
15:03:07.0596 4744 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:03:07.0625 4744 PptpMiniport - ok
15:03:07.0640 4744 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:03:07.0651 4744 Processor - ok
15:03:07.0679 4744 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:03:07.0711 4744 ProfSvc - ok
15:03:07.0739 4744 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:07.0753 4744 ProtectedStorage - ok
15:03:07.0807 4744 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:03:07.0831 4744 Psched - ok
15:03:07.0863 4744 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
15:03:07.0872 4744 PSI - ok
15:03:07.0926 4744 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:03:07.0948 4744 ql2300 - ok
15:03:07.0980 4744 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:03:07.0990 4744 ql40xx - ok
15:03:08.0002 4744 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:03:08.0032 4744 QWAVE - ok
15:03:08.0052 4744 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:03:08.0079 4744 QWAVEdrv - ok
15:03:08.0084 4744 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:03:08.0106 4744 RasAcd - ok
15:03:08.0136 4744 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:03:08.0167 4744 RasAgileVpn - ok
15:03:08.0194 4744 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:03:08.0223 4744 RasAuto - ok
15:03:08.0248 4744 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:03:08.0271 4744 Rasl2tp - ok
15:03:08.0298 4744 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:03:08.0329 4744 RasMan - ok
15:03:08.0364 4744 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:03:08.0403 4744 RasPppoe - ok
15:03:08.0420 4744 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:03:08.0443 4744 RasSstp - ok
15:03:08.0486 4744 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:03:08.0524 4744 rdbss - ok
15:03:08.0526 4744 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:03:08.0538 4744 rdpbus - ok
15:03:08.0551 4744 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:03:08.0572 4744 RDPCDD - ok
15:03:08.0597 4744 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:03:08.0610 4744 RDPDR - ok
15:03:08.0633 4744 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:03:08.0664 4744 RDPENCDD - ok
15:03:08.0693 4744 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:03:08.0715 4744 RDPREFMP - ok
15:03:08.0746 4744 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
15:03:08.0774 4744 RdpVideoMiniport - ok
15:03:08.0843 4744 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:03:08.0869 4744 RDPWD - ok
15:03:08.0932 4744 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:03:08.0956 4744 rdyboost - ok
15:03:08.0972 4744 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:03:09.0028 4744 RemoteAccess - ok
15:03:09.0068 4744 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:03:09.0130 4744 RemoteRegistry - ok
15:03:09.0175 4744 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:03:09.0202 4744 RFCOMM - ok
15:03:09.0243 4744 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:03:09.0279 4744 RpcEptMapper - ok
15:03:09.0298 4744 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:03:09.0326 4744 RpcLocator - ok
15:03:09.0385 4744 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:03:09.0426 4744 RpcSs - ok
15:03:09.0448 4744 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:03:09.0477 4744 rspndr - ok
15:03:09.0543 4744 RzSynapse (24510c4a77aba3b07aefa840db888637) C:\Windows\system32\DRIVERS\RzSynapse.sys
15:03:09.0559 4744 RzSynapse - ok
15:03:09.0586 4744 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:03:09.0612 4744 s3cap - ok
15:03:09.0614 4744 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:09.0634 4744 SamSs - ok
15:03:09.0731 4744 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:03:09.0751 4744 SASDIFSV - ok
15:03:09.0754 4744 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:03:09.0767 4744 SASKUTIL - ok
15:03:09.0812 4744 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:03:09.0830 4744 sbp2port - ok
15:03:09.0872 4744 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:03:09.0919 4744 SCardSvr - ok
15:03:09.0964 4744 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:03:10.0014 4744 scfilter - ok
15:03:10.0085 4744 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:03:10.0151 4744 Schedule - ok
15:03:10.0177 4744 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:03:10.0206 4744 SCPolicySvc - ok
15:03:10.0237 4744 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:03:10.0271 4744 SDRSVC - ok
15:03:10.0290 4744 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:03:10.0313 4744 secdrv - ok
15:03:10.0328 4744 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:03:10.0357 4744 seclogon - ok
15:03:10.0435 4744 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
15:03:10.0514 4744 Secunia PSI Agent - ok
15:03:10.0577 4744 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe
15:03:10.0648 4744 Secunia Update Agent - ok
15:03:10.0654 4744 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:03:10.0692 4744 SENS - ok
15:03:10.0712 4744 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:03:10.0730 4744 SensrSvc - ok
15:03:10.0758 4744 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:03:10.0777 4744 Serenum - ok
15:03:10.0791 4744 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:03:10.0802 4744 Serial - ok
15:03:10.0817 4744 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:03:10.0827 4744 sermouse - ok
15:03:10.0862 4744 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:03:10.0912 4744 SessionEnv - ok
15:03:10.0942 4744 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:03:10.0957 4744 sffdisk - ok
15:03:10.0978 4744 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:03:10.0989 4744 sffp_mmc - ok
15:03:10.0995 4744 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:03:11.0022 4744 sffp_sd - ok
15:03:11.0044 4744 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:03:11.0054 4744 sfloppy - ok
15:03:11.0143 4744 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\AlienRespawn\sftservice.EXE
15:03:11.0202 4744 SftService - ok
15:03:11.0245 4744 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:03:11.0286 4744 SharedAccess - ok
15:03:11.0350 4744 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:03:11.0381 4744 ShellHWDetection - ok
15:03:11.0405 4744 SI3132 (0f498dee92fd73dd999bae4d506367f5) C:\Windows\system32\DRIVERS\SI3132.sys
15:03:11.0415 4744 SI3132 - ok
15:03:11.0420 4744 SiFilter (127ce10e01f53f2edaca7fe42e5631ea) C:\Windows\system32\DRIVERS\SiWinAcc.sys
15:03:11.0429 4744 SiFilter - ok
15:03:11.0504 4744 SiHbaWakeupService (da7724632d582cdb3ee6a6d529f5a24e) C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
15:03:11.0536 4744 SiHbaWakeupService ( UnsignedFile.Multi.Generic ) - warning
15:03:11.0536 4744 SiHbaWakeupService - detected UnsignedFile.Multi.Generic (1)
15:03:11.0551 4744 SiRemFil (b742c37002b8ebef6e230df9b4b28546) C:\Windows\system32\DRIVERS\SiRemFil.sys
15:03:11.0559 4744 SiRemFil - ok
15:03:11.0590 4744 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:03:11.0599 4744 SiSRaid2 - ok
15:03:11.0611 4744 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:03:11.0621 4744 SiSRaid4 - ok
15:03:11.0639 4744 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:03:11.0662 4744 Smb - ok
15:03:11.0682 4744 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:03:11.0723 4744 SNMPTRAP - ok
15:03:11.0725 4744 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:03:11.0735 4744 spldr - ok
15:03:11.0796 4744 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:03:11.0851 4744 Spooler - ok
15:03:11.0961 4744 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:03:12.0033 4744 sppsvc - ok
15:03:12.0070 4744 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:03:12.0117 4744 sppuinotify - ok
15:03:12.0177 4744 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:03:12.0206 4744 srv - ok
15:03:12.0276 4744 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:03:12.0290 4744 srv2 - ok
15:03:12.0346 4744 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:03:12.0359 4744 srvnet - ok
15:03:12.0387 4744 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:03:12.0418 4744 SSDPSRV - ok
15:03:12.0455 4744 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:03:12.0490 4744 SstpSvc - ok
15:03:12.0515 4744 Steam Client Service - ok
15:03:12.0524 4744 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:03:12.0534 4744 stexstor - ok
15:03:12.0572 4744 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:03:12.0607 4744 stisvc - ok
15:03:12.0648 4744 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:03:12.0658 4744 storflt - ok
15:03:12.0679 4744 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:03:12.0689 4744 storvsc - ok
15:03:12.0721 4744 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:03:12.0747 4744 swenum - ok
15:03:12.0856 4744 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:03:12.0904 4744 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
15:03:12.0904 4744 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
15:03:12.0923 4744 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:03:12.0970 4744 swprv - ok
15:03:12.0980 4744 Synth3dVsc - ok
15:03:13.0057 4744 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:03:13.0124 4744 SysMain - ok
15:03:13.0179 4744 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:03:13.0211 4744 TabletInputService - ok
15:03:13.0269 4744 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:03:13.0331 4744 TapiSrv - ok
15:03:13.0359 4744 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:03:13.0388 4744 TBS - ok
15:03:13.0486 4744 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:03:13.0527 4744 Tcpip - ok
15:03:13.0551 4744 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:03:13.0581 4744 TCPIP6 - ok
15:03:13.0614 4744 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:03:13.0644 4744 tcpipreg - ok
15:03:13.0655 4744 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:03:13.0673 4744 TDPIPE - ok
15:03:13.0705 4744 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:03:13.0731 4744 TDTCP - ok
15:03:13.0789 4744 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:03:13.0832 4744 tdx - ok
15:03:13.0866 4744 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:03:13.0877 4744 TermDD - ok
15:03:13.0939 4744 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:03:13.0972 4744 TermService - ok
15:03:13.0991 4744 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:03:14.0034 4744 Themes - ok
15:03:14.0084 4744 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:03:14.0110 4744 THREADORDER - ok
15:03:14.0133 4744 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:03:14.0177 4744 TrkWks - ok
15:03:14.0236 4744 TrojanKillerDriver (9bf9e809fbb2d5d0403b32b15abe5f30) C:\Windows\system32\DRIVERS\gtkdrv.sys
15:03:14.0245 4744 TrojanKillerDriver - ok
15:03:14.0292 4744 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:03:14.0330 4744 TrustedInstaller - ok
15:03:14.0346 4744 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:03:14.0382 4744 tssecsrv - ok
15:03:14.0419 4744 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:03:14.0430 4744 TsUsbFlt - ok
15:03:14.0438 4744 tsusbhub - ok
15:03:14.0507 4744 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:03:14.0554 4744 tunnel - ok
15:03:14.0592 4744 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:03:14.0630 4744 uagp35 - ok
15:03:14.0658 4744 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:03:14.0684 4744 udfs - ok
15:03:14.0713 4744 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:03:14.0729 4744 UI0Detect - ok
15:03:14.0770 4744 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:03:14.0787 4744 uliagpkx - ok
15:03:14.0803 4744 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:03:14.0813 4744 umbus - ok
15:03:14.0839 4744 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:03:14.0851 4744 UmPass - ok
15:03:14.0886 4744 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:03:14.0931 4744 UmRdpService - ok
15:03:14.0974 4744 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:03:15.0017 4744 upnphost - ok
15:03:15.0041 4744 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:03:15.0064 4744 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
15:03:15.0064 4744 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
15:03:15.0126 4744 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:03:15.0139 4744 usbccgp - ok
15:03:15.0201 4744 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:03:15.0219 4744 usbcir - ok
15:03:15.0249 4744 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:03:15.0271 4744 usbehci - ok
15:03:15.0310 4744 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:03:15.0338 4744 usbhub - ok
15:03:15.0382 4744 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:03:15.0396 4744 usbohci - ok
15:03:15.0416 4744 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:03:15.0448 4744 usbprint - ok
15:03:15.0488 4744 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:03:15.0504 4744 USBSTOR - ok
15:03:15.0536 4744 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:03:15.0575 4744 usbuhci - ok
15:03:15.0589 4744 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:03:15.0651 4744 UxSms - ok
15:03:15.0681 4744 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:15.0695 4744 VaultSvc - ok
15:03:15.0716 4744 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:03:15.0725 4744 vdrvroot - ok
15:03:15.0791 4744 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:03:15.0827 4744 vds - ok
15:03:15.0847 4744 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:03:15.0860 4744 vga - ok
15:03:15.0879 4744 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:03:15.0908 4744 VgaSave - ok
15:03:15.0914 4744 VGPU - ok
15:03:15.0979 4744 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:03:15.0992 4744 vhdmp - ok
15:03:16.0030 4744 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:03:16.0039 4744 viaide - ok
15:03:16.0088 4744 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:03:16.0100 4744 vmbus - ok
15:03:16.0115 4744 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:03:16.0137 4744 VMBusHID - ok
15:03:16.0175 4744 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:03:16.0188 4744 volmgr - ok
15:03:16.0242 4744 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:03:16.0260 4744 volmgrx - ok
15:03:16.0297 4744 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:03:16.0314 4744 volsnap - ok
15:03:16.0367 4744 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:03:16.0382 4744 vsmraid - ok
15:03:16.0469 4744 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:03:16.0523 4744 VSS - ok
15:03:16.0544 4744 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:03:16.0569 4744 vwifibus - ok
15:03:16.0628 4744 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:03:16.0665 4744 W32Time - ok
15:03:16.0685 4744 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:03:16.0696 4744 WacomPen - ok
15:03:16.0718 4744 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:03:16.0755 4744 WANARP - ok
15:03:16.0757 4744 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:03:16.0780 4744 Wanarpv6 - ok
15:03:16.0864 4744 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:03:17.0012 4744 WatAdminSvc - ok
15:03:17.0093 4744 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:03:17.0167 4744 wbengine - ok
15:03:17.0201 4744 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:03:17.0221 4744 WbioSrvc - ok
15:03:17.0259 4744 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:03:17.0290 4744 wcncsvc - ok
15:03:17.0327 4744 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:03:17.0359 4744 WcsPlugInService - ok
15:03:17.0379 4744 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:03:17.0389 4744 Wd - ok
15:03:17.0439 4744 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:03:17.0455 4744 Wdf01000 - ok
15:03:17.0487 4744 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:03:17.0522 4744 WdiServiceHost - ok
15:03:17.0524 4744 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:03:17.0544 4744 WdiSystemHost - ok
15:03:17.0605 4744 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:03:17.0642 4744 WebClient - ok
15:03:17.0681 4744 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:03:17.0712 4744 Wecsvc - ok
15:03:17.0725 4744 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:03:17.0764 4744 wercplsupport - ok
15:03:17.0798 4744 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:03:17.0832 4744 WerSvc - ok
15:03:17.0837 4744 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:03:17.0859 4744 WfpLwf - ok
15:03:17.0927 4744 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
15:03:17.0950 4744 WimFltr - ok
15:03:17.0953 4744 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:03:17.0966 4744 WIMMount - ok
15:03:17.0996 4744 WinDefend - ok
15:03:18.0000 4744 WinHttpAutoProxySvc - ok
15:03:18.0067 4744 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:03:18.0098 4744 Winmgmt - ok
15:03:18.0183 4744 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:03:18.0245 4744 WinRM - ok
15:03:18.0282 4744 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:03:18.0296 4744 WinUsb - ok
15:03:18.0354 4744 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:03:18.0388 4744 Wlansvc - ok
15:03:18.0556 4744 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:03:18.0632 4744 wlidsvc - ok
15:03:18.0649 4744 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:03:18.0672 4744 WmiAcpi - ok
15:03:18.0710 4744 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:03:18.0742 4744 wmiApSrv - ok
15:03:18.0750 4744 WMPNetworkSvc - ok
15:03:18.0772 4744 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:03:18.0805 4744 WPCSvc - ok
15:03:18.0856 4744 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:03:18.0880 4744 WPDBusEnum - ok
15:03:18.0891 4744 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:03:18.0934 4744 ws2ifsl - ok
15:03:19.0000 4744 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:03:19.0040 4744 wscsvc - ok
15:03:19.0042 4744 WSearch - ok
15:03:19.0147 4744 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:03:19.0208 4744 wuauserv - ok
15:03:19.0240 4744 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:03:19.0274 4744 WudfPf - ok
15:03:19.0306 4744 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:03:19.0330 4744 WUDFRd - ok
15:03:19.0378 4744 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:03:19.0408 4744 wudfsvc - ok
15:03:19.0451 4744 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:03:19.0501 4744 WwanSvc - ok
15:03:19.0582 4744 X6va005 - ok
15:03:19.0646 4744 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
15:03:19.0657 4744 xusb21 - ok
15:03:19.0671 4744 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
15:03:19.0774 4744 \Device\Harddisk0\DR0 - ok
15:03:19.0775 4744 Boot (0x1200) (2de108a7b6d24c3ea0eee04e7a746eb9) \Device\Harddisk0\DR0\Partition0
15:03:19.0776 4744 \Device\Harddisk0\DR0\Partition0 - ok
15:03:19.0778 4744 Boot (0x1200) (dcbf64ef4a42ee28f080bcc20101557e) \Device\Harddisk0\DR0\Partition1
15:03:19.0778 4744 \Device\Harddisk0\DR0\Partition1 - ok
15:03:19.0778 4744 ============================================================
15:03:19.0778 4744 Scan finished
15:03:19.0778 4744 ============================================================
15:03:19.0784 5520 Detected object count: 8
15:03:19.0784 5520 Actual detected object count: 8
15:05:51.0575 5520 BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:51.0575 5520 BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:51.0576 5520 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:51.0576 5520 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:51.0577 5520 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:51.0577 5520 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:51.0578 5520 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:51.0578 5520 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:51.0579 5520 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:51.0579 5520 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:51.0580 5520 SiHbaWakeupService ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:51.0580 5520 SiHbaWakeupService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:51.0581 5520 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:51.0581 5520 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:51.0582 5520 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:51.0582 5520 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:06:39.0216 0428 Deinitialize success

#9
godawgs

Posted 28 April 2012 - 06:44 AM

Teacher

Retired Staff
8,228 posts

Hi Madelynn,

Good job so far. Let's now check for any malware stragglers and then we can start wrapping this thing up.

Step-1.

Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.

:REG
[HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions]
"{7DCBEF25-8151-11E1-826D-B8AC6F996F26}"=-

:COMMANDS
[REBOOT]

on your desktop.
3. Place the mouse pointer inside the Posted Image

textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image

button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image

button. Post the log it produces in your next reply.

Step-2.

Run MalwareBytes

Open MalwareBytes
Click the Update tab and update the program.
Click the Scanner tab and click the radio button beside Perform Full Scan
Click the Scan button
When the scan is finished a message box will appear, click the OK button to close the message box and continue with the removal process.
You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
Make sure that the box beside everything found is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step-3.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Step-4.

Run SecurityCheck

Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe(you may have to right click the file and click Run as Administrator) and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-5.

Things For Your Next Post:
1. The new OTL.txt log
2. The MalwareBytes log
3. The ESET log
4. The Checkup.txt log

#10
Madelynn

Posted 29 April 2012 - 06:32 PM

Member

Topic Starter
Member
15 posts

I ran the fix and the second scan and everything. It all came back fine and I had a bluescreen (been having them for awhile) randomly. Curious did the virus I have affectd to Broadcom NetLink Gigabit Ethernet drivers? Bluescreenview always says it's caused by: k57nd60a.sys, Crash Address: ntoskrnl.exe+7cc50 KMODE_EXCEPTION_NOT_HANDLED

I wonder if it is. I can never find an update though for my driver or how to even fix it. Just curious if that virus I had, did this, and was giving me bluescreens since back in December.

#11
godawgs

Posted 30 April 2012 - 12:08 PM

Teacher

Retired Staff
8,228 posts

Hi Madelynn,

Well that came out of the blue (no pun intended) :lol:

. You never mentioned that you were getting Blue Screens. For future reference, Blue Screens are serious. Windows uses them to help troubleshoot problems and then shuts the system down before permanent damage is done. So when we are finished here, if you ever get another one and go to a forum for help, you should list that in the initial post. It will help those helping you.

Did you install any new hardware or update any drivers around the time the Blue Screens began (December)?
I want you to see if there are any yellow exclamation marks (!) or red (X)'s by any of the devices in Device Manager and take a screen shot of the Network Devices section of Device Manager and attach it to your next reply.
Then we are going run a new OTL scan and check the k57nd60a.sys file. I'm also gonna need you to post the ESET scan log and the Checkup.txt file I asked for in my last post.

Step-1.

Check the Network Driver(s)

Click the Start Orb.
Right click on Computer
In the menu that comes up click Manage and click Continue on the UAC warning. The Computer Management screen will open.
In the left hand column click Device Manager
In the list to the right click the + beside Network Adapters and take a screen shot of the page to post here. To Do That:
- Press the Alt key and without releasing it, press the Print Scrn key, then release them. This will put a snapshot of the window in the clipboard.
- Click the Start Orb, put the mouse pointer over All Programs and click Accessories on the menu that comes up.
- Click Paint. The Paint program will open up.
- Click Edit on the menu bar. Click Paste. This will put the image into Paint
- Click File then Save. The Save as window will open.
- Click the Browse Folders button in the lower left and then click Desktop from the list on the left. This will put the file on the desktop.
- In the File Name box type dvcmgr
- Make sure the Save as type: is set to JPEG and click the Save button. There will be a new file on the desktop named dvcmgr.jpeg (or dvcmgr.jpg)
Attach that file to your next post. Read the directions here to see how to do that.

Step-2.

Posted Image

OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image

box in OTL. To do that:

Highlight everything inside the code box, right click the mouse and click Copy.

/MD5START
k57nd60a.sys
/MD5STOP

2. Re-open OTL on the desktop. To do that:

Double click on the OTL icon to run it. Make sure all other windows are closed.
You will see a console like the one below:
Check the box beside Scan All Users at the top of the console
Make sure the Output box at the top is set to Standard Output.
Check the boxes beside LOP Check and Purity Check.
Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted. The scan won't take long.
When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
Please copy the contents of this file and paste it into your reply. To do that:
On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Step-3.

Things For Your Next Post:
1. The Device Manager screen shot and tell me if there are any exclamation marks or red X's in Device Manager
2. The new OTL.txt log
3. The ESET scan log
4. The Checkup.txt log

Edited by godawgs, 30 April 2012 - 12:21 PM.

#12
Madelynn

Posted 30 April 2012 - 02:59 PM

Member

Topic Starter
Member
15 posts

Hey thanks for the reply. I bet it's this computer dying. I do have backup memory if that is the case but I don't know if it's compatible. I did the mem test and all that several times. All the hardware tests and things I could find, probably over 10 times each, and nothing was ever found. I reslotted memory and video cards, dust check etc.

Here's the info you asked for. I can put the eset scan later. I didn't find anything, I just have to leave and it runs forever. I want to make sure I can at least get you this info first:

Scan:

OTL logfile created on: 4/30/2012 3:32:06 PM - Run 7
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Lightning\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 6.98 Gb Available Physical Memory | 58.20% Memory free
23.98 Gb Paging File | 18.30 Gb Available in Paging File | 76.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1854.96 Gb Total Space | 1267.66 Gb Free Space | 68.34% Space Free | Partition Type: NTFS

Computer Name: LIGHTNING-PC | User Name: Lightning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/25 20:57:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
PRC - [2012/04/25 20:34:42 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/29 09:34:42 | 003,402,376 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/04/12 15:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/11/05 17:50:08 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2010/11/05 17:46:10 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/07/07 13:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
PRC - [2009/04/09 12:06:00 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2007/12/19 12:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/25 20:34:42 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/14 04:09:15 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/04/13 13:40:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/13 13:40:31 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/13 03:07:06 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll
MOD - [2012/04/13 03:06:59 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll
MOD - [2012/04/13 03:06:56 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll
MOD - [2012/04/13 03:06:51 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll
MOD - [2012/04/13 03:06:50 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll
MOD - [2012/03/29 09:34:08 | 018,604,544 | ---- | M] () -- C:\Program Files (x86)\Origin\QtWebKit4.dll
MOD - [2012/03/29 09:34:06 | 009,440,256 | ---- | M] () -- C:\Program Files (x86)\Origin\QtGui4.dll
MOD - [2012/03/29 09:34:06 | 003,564,544 | ---- | M] () -- C:\Program Files (x86)\Origin\QtXmlPatterns4.dll
MOD - [2012/03/29 09:34:06 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\Origin\QtNetwork4.dll
MOD - [2012/03/29 09:34:06 | 000,413,184 | ---- | M] () -- C:\Program Files (x86)\Origin\QtXml4.dll
MOD - [2012/03/29 09:34:04 | 002,694,144 | ---- | M] () -- C:\Program Files (x86)\Origin\QtCore4.dll
MOD - [2012/03/29 09:34:02 | 000,312,320 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff4.dll
MOD - [2012/03/29 09:34:00 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng4.dll
MOD - [2012/03/29 09:34:00 | 000,211,456 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll
MOD - [2012/03/29 09:34:00 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico4.dll
MOD - [2012/03/29 09:34:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif4.dll
MOD - [2012/02/16 12:41:17 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
MOD - [2012/02/16 12:40:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 12:18:29 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
MOD - [2012/02/16 01:58:01 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll
MOD - [2012/02/16 01:57:58 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
MOD - [2012/02/16 01:57:56 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
MOD - [2012/02/16 01:57:54 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
MOD - [2012/02/16 01:57:53 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012/02/16 01:57:50 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll
MOD - [2012/02/16 01:57:49 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2012/02/15 04:53:43 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll
MOD - [2012/02/15 04:11:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 04:11:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 04:11:14 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 04:11:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 04:11:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2012/01/08 09:43:53 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2012/01/08 09:43:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2010/01/12 16:36:00 | 000,177,664 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/12/29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/20 12:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/14 18:11:02 | 000,163,328 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV:64bit: - [2010/11/05 17:42:44 | 000,015,296 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/25 20:34:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/20 20:25:35 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/14 04:09:16 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2012/01/06 05:28:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2012/01/06 05:24:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/12/09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
SRV - [2010/12/07 16:27:45 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/07 16:15:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/26 19:10:14 | 000,232,944 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe -- (SiHbaWakeupService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/05 03:49:56 | 000,019,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -- (AWOPFilterDriver)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 07:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/01/04 09:28:36 | 000,016,640 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011/09/20 18:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/09/20 18:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/09/20 18:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/09/20 18:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/09/20 18:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/09/20 18:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/08/22 16:14:14 | 000,121,856 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/02 12:39:40 | 000,432,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/19 16:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/27 15:36:32 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/13 12:39:52 | 000,014,928 | ---- | M] (Dell/Alienware) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mio.sys -- (mio)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/07 15:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 15:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 15:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 15:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 15:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 15:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 15:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/07/07 15:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/03/22 18:29:12 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/29 21:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2009/07/29 21:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009/07/29 21:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/21 19:08:10 | 000,012,800 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2007/08/02 18:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..\SearchScopes,DefaultScope = {EDA8FA1E-2D67-497A-A3BD-C22850C3975C}
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..\SearchScopes\{EDA8FA1E-2D67-497A-A3BD-C22850C3975C}: "URL" = http://searchya.com/...q={searchTerms}
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "SearchYa!"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 20:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/17 13:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/18 20:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/12/10 23:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Extensions
[2012/04/25 20:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions
[2011/09/23 09:13:43 | 000,000,000 | ---D | M] () -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012/04/24 15:20:41 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/03/01 02:49:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/21 13:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\[email protected]
[2012/04/25 20:34:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/17 03:07:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/04/25 20:34:41 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/19 10:08:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/25 20:34:41 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/25 20:34:41 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/25 20:34:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/04/25 20:34:41 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/18 07:01:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [Launch Keyboard CI] c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe (Alienware)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-633762127-47815373-1907182395-1010..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-633762127-47815373-1907182395-1010..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-633762127-47815373-1907182395-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1010\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1010\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1010\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1010\..Trusted Domains: sony.com ([]* in )
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB42CC01-1514-42B3-83F5-38FDAD6D4393}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/30 04:32:23 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{007421F4-B7A9-4A7F-9FDC-F39CE8B9E252}
[2012/04/30 04:32:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E7C6821C-F57E-4B7D-97FA-091C8C4BE880}
[2012/04/29 16:31:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{1358A382-AB1E-4928-8B00-1748C215A250}
[2012/04/29 16:31:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{FC5B258E-EA63-4770-AA99-9F518A903DF4}
[2012/04/29 06:33:15 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{40F7C910-B02E-4C0C-A106-A53A8A18DA96}
[2012/04/28 03:11:32 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{68375E77-8201-4288-83F8-1FB58BC1AB16}
[2012/04/28 03:11:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{3C47B299-3EB5-4555-BF9D-70394E50959D}
[2012/04/27 15:10:57 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{988034D2-DF2F-43FD-917A-C08C587DD6D3}
[2012/04/27 15:10:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BE77D127-68BA-458B-9222-75B3E079C8B9}
[2012/04/27 14:53:38 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lightning\Desktop\tdsskiller.exe
[2012/04/27 02:49:32 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{65762524-24B2-4D84-8158-E049581A1416}
[2012/04/27 02:49:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B0F5A489-60E3-4D32-B394-26491296C063}
[2012/04/26 18:29:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/26 18:21:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Desktop\GooredFix Backups
[2012/04/26 18:16:26 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Lightning\Desktop\GooredFix.exe
[2012/04/25 20:57:04 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
[2012/04/25 20:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/25 20:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/21 13:33:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/21 13:20:21 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/04/21 13:20:21 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/04/21 13:20:21 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/04/21 13:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/21 11:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/04/21 11:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012/04/21 11:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/04/21 10:59:38 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/04/21 10:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/04/21 10:59:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\TestApp
[2012/04/21 10:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/04/20 06:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/04/20 06:52:29 | 006,074,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/04/20 06:52:29 | 003,089,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/04/20 06:52:29 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/04/20 06:52:29 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/04/20 06:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/04/20 06:51:58 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012/04/20 06:51:57 | 025,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/04/20 06:51:57 | 025,222,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/04/20 06:51:57 | 019,444,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/04/20 06:51:57 | 017,642,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/04/20 06:51:57 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/04/20 06:51:57 | 015,009,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/04/20 06:51:57 | 009,717,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/04/20 06:51:57 | 008,008,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/04/20 06:51:57 | 007,713,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/04/20 06:51:57 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/04/20 06:51:57 | 002,872,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/04/20 06:51:57 | 002,672,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/04/20 06:51:57 | 002,660,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/04/20 06:51:57 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/04/20 06:51:57 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/04/20 06:51:57 | 002,301,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/04/20 06:51:57 | 001,737,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/04/20 06:51:57 | 001,466,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/04/20 06:51:57 | 000,962,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/04/20 06:51:57 | 000,812,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/04/20 06:51:57 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012/04/20 06:51:57 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012/04/20 06:51:57 | 000,260,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/04/20 06:51:57 | 000,215,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/04/20 06:51:57 | 000,188,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/04/20 06:51:57 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/04/20 06:51:57 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/04/20 06:51:57 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/04/19 16:57:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\SniperV2 Demo
[2012/04/18 12:39:06 | 000,000,000 | ---D | C] -- C:\Crash
[2012/04/17 15:25:25 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/17 03:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/17 03:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/04/15 16:46:50 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/15 16:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/04/13 03:03:19 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/13 03:03:18 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/13 03:03:18 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/13 03:00:28 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/13 03:00:28 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/13 03:00:27 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/12 13:17:29 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/12 13:17:29 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/12 13:17:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/12 13:17:29 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/12 13:17:28 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/12 13:17:28 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/12 13:17:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/08 03:04:42 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}
[2012/04/08 02:17:20 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Documents\PassMark
[2012/04/08 02:17:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\PassMark
[2012/04/08 02:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
[2012/04/07 20:02:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\Motorola
[2012/04/07 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012/04/07 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/04/07 20:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2012/04/05 16:26:55 | 166,448,312 | ---- | C] (NVIDIA Corporation) -- C:\Users\Lightning\Desktop\296.10-desktop-win7-winvista-64bit-english-whql.exe
[2012/04/04 19:39:40 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Documents\Disney Interactive Studios
[2012/04/04 19:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Disney Interactive Studios
[2012/04/04 18:18:11 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Desktop\Tron Evolution
[2012/04/03 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\FOG Downloader
[2012/04/03 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\eligium_v0_92_10_13_en
[2012/04/03 15:38:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/04/02 18:23:59 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\com.beatport.BeatportDownloader
[2012/04/02 18:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Beatport Downloader
[2012/04/01 14:09:03 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/01 13:36:03 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

========== Files - Modified Within 30 Days ==========

[2012/04/30 15:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/30 15:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/30 13:24:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/30 13:00:29 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 13:00:29 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 12:57:18 | 000,796,090 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/30 12:57:18 | 000,671,192 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/30 12:57:18 | 000,126,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/30 12:53:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/30 12:53:01 | 1066,582,014 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/30 05:25:37 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/30 05:25:37 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/30 05:25:37 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/29 18:57:16 | 1204,275,736 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/29 18:27:04 | 000,879,714 | ---- | M] () -- C:\Users\Lightning\Desktop\SecurityCheck.exe
[2012/04/27 14:53:43 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lightning\Desktop\tdsskiller.exe
[2012/04/26 18:16:26 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Lightning\Desktop\GooredFix.exe
[2012/04/25 20:57:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
[2012/04/21 13:29:10 | 000,000,625 | ---- | M] () -- C:\Users\Lightning\Desktop\ComboFix - Shortcut.lnk
[2012/04/21 13:20:15 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/04/21 13:20:15 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/04/21 13:20:15 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/04/21 13:20:15 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/04/21 12:45:11 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 10:59:29 | 000,002,702 | ---- | M] () -- C:\Users\Lightning\Desktop\SDAV_Online_aff_GenericRevenueWire_207[1].exe.lnk
[2012/04/20 15:13:40 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/20 02:29:45 | 000,029,959 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Temp20.html
[2012/04/20 02:29:40 | 000,001,955 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Temp1.html
[2012/04/17 03:07:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/04/14 04:09:16 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/14 04:09:15 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/14 04:09:06 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/13 14:24:49 | 000,002,338 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/09 13:42:59 | 000,002,288 | ---- | M] () -- C:\Users\Lightning\Desktop\medbc reg.reg
[2012/04/06 22:49:50 | 000,001,355 | ---- | M] () -- C:\Users\Lightning\Documents\ZATANNA BOW.ucp
[2012/04/05 16:28:04 | 166,448,312 | ---- | M] (NVIDIA Corporation) -- C:\Users\Lightning\Desktop\296.10-desktop-win7-winvista-64bit-english-whql.exe
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 18:15:45 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/02 18:23:57 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk

========== Files Created - No Company Name ==========

[2012/04/29 18:27:00 | 000,879,714 | ---- | C] () -- C:\Users\Lightning\Desktop\SecurityCheck.exe
[2012/04/21 13:29:10 | 000,000,625 | ---- | C] () -- C:\Users\Lightning\Desktop\ComboFix - Shortcut.lnk
[2012/04/21 11:27:37 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 10:59:29 | 000,002,702 | ---- | C] () -- C:\Users\Lightning\Desktop\SDAV_Online_aff_GenericRevenueWire_207[1].exe.lnk
[2012/04/20 06:52:29 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/04/20 06:51:57 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/04/09 13:42:59 | 000,002,288 | ---- | C] () -- C:\Users\Lightning\Desktop\medbc reg.reg
[2012/04/06 22:49:50 | 000,001,355 | ---- | C] () -- C:\Users\Lightning\Documents\ZATANNA BOW.ucp
[2012/04/02 18:23:57 | 000,000,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beatport Downloader.lnk
[2012/04/02 18:23:57 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk
[2012/04/01 13:36:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/06 06:46:05 | 000,029,959 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Temp20.html
[2012/03/05 00:13:23 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/02/17 01:32:32 | 000,000,132 | ---- | C] () -- C:\Users\Lightning\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/02/15 15:39:16 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012/02/02 23:37:46 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012/02/02 23:37:39 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2012/02/02 23:37:39 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2012/01/08 02:47:18 | 000,001,955 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Temp1.html
[2012/01/01 05:49:12 | 000,007,606 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Resmon.ResmonCfg
[2011/12/29 09:07:52 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/12/12 22:43:29 | 000,110,168 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/07 22:42:00 | 002,089,984 | ---- | C] () -- C:\Windows\libmem.dll
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/10 23:41:48 | 000,000,097 | ---- | C] () -- C:\Users\Lightning\AppData\Local\fusioncache.dat
[2010/12/10 23:40:00 | 000,789,750 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/10 23:04:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/07 17:39:34 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/12/07 16:28:09 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/12/07 16:28:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/12/07 16:28:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010/12/07 16:16:02 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/07 16:16:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/11/05 17:49:42 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2010/07/07 14:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/07/07 13:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010/07/07 13:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010/07/07 13:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/07/07 13:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/07/07 13:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010/07/07 13:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

========== LOP Check ==========

[2011/09/23 23:32:18 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Amazon
[2012/02/16 11:24:04 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2012/01/20 00:04:09 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\BigHugeEngine
[2012/04/17 15:25:25 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/02 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\com.beatport.BeatportDownloader
[2012/01/24 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DarknessIIDemo
[2012/02/29 23:22:22 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DAZ 3D
[2012/01/25 18:23:24 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DriverFinder
[2012/04/03 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\FOG Downloader
[2011/10/28 00:50:48 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\GetRightToGo
[2012/04/16 19:33:43 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\imollo
[2012/01/01 21:42:57 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\iStonsoft
[2012/01/01 21:43:07 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\libimobiledevice
[2012/04/07 20:02:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Motorola
[2011/11/03 22:04:07 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\OnLive App
[2011/10/25 05:59:26 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Origin
[2010/12/11 01:12:13 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Razer
[2012/01/26 02:46:34 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\RegGenie
[2011/12/26 21:16:52 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\SecondLife
[2011/12/28 20:56:01 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\SystemRequirementsLab
[2012/04/21 10:59:29 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\TestApp
[2012/01/18 20:44:23 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Thunderbird
[2011/12/10 02:34:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Trine2
[2011/12/29 09:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Ubisoft
[2012/03/29 14:16:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\uTorrent
[2010/12/11 11:18:25 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Windows Live Writer
[2012/03/18 19:23:38 | 000,000,000 | ---D | M] -- C:\Users\virus\AppData\Roaming\Razer
[2012/03/10 21:32:03 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: K57ND60A.SYS >
[2009/06/10 15:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) MD5=7DBAFE10C1B777305C80BEA42FBDA710 -- C:\Windows\SysNative\DriverStore\FileRepository\netk57a.inf_amd64_neutral_8b26ad5d0cc037a9\k57nd60a.sys
[2009/06/10 15:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) MD5=7DBAFE10C1B777305C80BEA42FBDA710 -- C:\Windows\winsxs\amd64_netk57a.inf_31bf3856ad364e35_6.1.7600.16385_none_b67bb5081937ae73\k57nd60a.sys
[2009/10/16 03:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) MD5=9D7EA8C7215D8D4AE7BE110EEE61085D -- C:\dell\drivers\R258867\Vista_Win7\x64\k57nd60a.sys
[2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) MD5=9D7EA8C7215D8D4AE7BE110EEE61085D -- C:\Users\Lightning\AppData\Roaming\DriverFinder\Backup\Broadcom NetLink ™ Gigabit Ethernet #2 - 12.4.0.3\k57nd60a.sys
[2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) MD5=9D7EA8C7215D8D4AE7BE110EEE61085D -- C:\Windows\SysNative\DriverStore\FileRepository\k57nd60a.inf_amd64_neutral_d3dd108acd866855\k57nd60a.sys
[2011/08/02 12:39:40 | 000,432,680 | ---- | M] (Broadcom Corporation) MD5=F163BB6827F41D61594EFD5E6C00AD4A -- C:\Program Files\Broadcom\BDrvK57Inst\k57nd60a.sys
[2011/08/02 11:39:40 | 000,432,680 | ---- | M] (Broadcom Corporation) MD5=F163BB6827F41D61594EFD5E6C00AD4A -- C:\SWSetup\SP55285\k57nd60a.sys
[2011/08/02 12:39:40 | 000,432,680 | ---- | M] (Broadcom Corporation) MD5=F163BB6827F41D61594EFD5E6C00AD4A -- C:\Windows\SysNative\drivers\k57nd60a.sys
[2011/08/02 12:39:40 | 000,432,680 | ---- | M] (Broadcom Corporation) MD5=F163BB6827F41D61594EFD5E6C00AD4A -- C:\Windows\SysNative\DriverStore\FileRepository\k57nd60a.inf_amd64_neutral_bd1f872e17ad8a6f\k57nd60a.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

SC:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date! <---- I never use this browser. I use Firefox only.
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Secunia PSI (2.0.0.4003)
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0.)
Mozilla Thunderbird (x86 en-GB..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
Alienware Command Center ThermalController.exe
``````````End of Log````````````

Here's the Bluescreen View log, You can see the pattern:

==================================================
Dump File : 042912-19422-01.dmp
Crash Time : 4/29/2012 6:57:25 PM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000000
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : k57nd60a.sys
Caused By Address : k57nd60a.sys+3e730
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc50
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\042912-19422-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,112
==================================================

==================================================
Dump File : 042412-15662-01.dmp
Crash Time : 4/24/2012 3:00:53 PM
Bug Check String :
Bug Check Code : 0x00000124
Parameter 1 : 00000000`00000000
Parameter 2 : fffffa80`0e05a028
Parameter 3 : 00000000`f2000000
Parameter 4 : 00000000`00010005
Caused By Driver : hal.dll
Caused By Address : hal.dll+12a3b
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\042412-15662-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,120
==================================================

==================================================
Dump File : 042312-18111-01.dmp
Crash Time : 4/23/2012 4:48:35 AM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000000
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : k57nd60a.sys
Caused By Address : k57nd60a.sys+3e929
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc50
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\042312-18111-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,128
==================================================

==================================================
Dump File : 042012-18720-01.dmp
Crash Time : 4/20/2012 2:28:57 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 00000000`00000c00
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000008
Parameter 4 : 00000000`00000c00
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+1e2de2
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\042012-18720-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,128
==================================================

==================================================
Dump File : 040512-15818-01.dmp
Crash Time : 4/5/2012 4:05:38 PM
Bug Check String :
Bug Check Code : 0x00000124
Parameter 1 : 00000000`00000000
Parameter 2 : fffffa80`0e2dc028
Parameter 3 : 00000000`f2000000
Parameter 4 : 00000000`00010005
Caused By Driver : hal.dll
Caused By Address : hal.dll+12a3b
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cd40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\040512-15818-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,112
==================================================

==================================================
Dump File : 030812-21637-01.dmp
Crash Time : 3/8/2012 11:14:22 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00002551`a7a33ff8
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff800`0327cc39
Caused By Driver : USBPORT.SYS
Caused By Address : USBPORT.SYS+12aed
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030812-21637-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,120
==================================================

==================================================
Dump File : 030812-15069-01.dmp
Crash Time : 3/8/2012 7:48:19 AM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000000
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : k57nd60a.sys
Caused By Address : k57nd60a.sys+3521c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc10
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030812-15069-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 330,960
==================================================

==================================================
Dump File : 030812-18127-01.dmp
Crash Time : 3/8/2012 4:16:08 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : fffffa7f`97bd2cc0
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff880`068259ee
Caused By Driver : hidusb.sys
Caused By Address : hidusb.sys+49ee
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030812-18127-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 330,968
==================================================

==================================================
Dump File : 030612-28204-01.dmp
Crash Time : 3/6/2012 6:45:07 AM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000000
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7cc10
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17790 (win7sp1_gdr.120305-1505)
Processor : x64
Crash Address : ntoskrnl.exe+7cc10
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030612-28204-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,056
==================================================

==================================================
Dump File : 030412-18610-01.dmp
Crash Time : 3/4/2012 10:58:04 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`032d88f0
Caused By Driver : USBPORT.SYS
Caused By Address : USBPORT.SYS+1156a
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030412-18610-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 330,896
==================================================

==================================================
Dump File : 022312-18392-01.dmp
Crash Time : 2/23/2012 6:30:17 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 00000000`0008d7db
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff880`044cf560
Caused By Driver : USBPORT.SYS
Caused By Address : USBPORT.SYS+11560
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\022312-18392-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 290,968
==================================================

==================================================
Dump File : 022312-17877-01.dmp
Crash Time : 2/23/2012 3:39:34 AM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff800`0340cefe
Parameter 3 : fffff880`0ee12e00
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7cc40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17790 (win7sp1_gdr.120305-1505)
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\022312-17877-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,000
==================================================

==================================================
Dump File : 022012-19687-01.dmp
Crash Time : 2/20/2012 6:09:45 AM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`80050033
Parameter 3 : 00000000`000006f8
Parameter 4 : fffff800`032a4581
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7cc40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17790 (win7sp1_gdr.120305-1505)
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\022012-19687-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 290,976
==================================================

==================================================
Dump File : 013012-18579-01.dmp
Crash Time : 1/30/2012 7:46:03 AM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff800`032ee8c0
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000008
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7cc40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17790 (win7sp1_gdr.120305-1505)
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\013012-18579-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,000
==================================================

==================================================
Dump File : 012912-20872-01.dmp
Crash Time : 1/29/2012 6:21:53 AM
Bug Check String :
Bug Check Code : 0x00000101
Parameter 1 : 00000000`00000011
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`033e2180
Parameter 4 : 00000000`00000008
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7cc40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17790 (win7sp1_gdr.120305-1505)
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\012912-20872-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 262,144
==================================================

==================================================
Dump File : 012512-15459-01.dmp
Crash Time : 1/25/2012 5:49:49 PM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000096
Parameter 2 : fffff800`0329d8f0
Parameter 3 : fffff880`0e59a000
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7cc40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17790 (win7sp1_gdr.120305-1505)
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\012512-15459-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,000
==================================================

==================================================
Dump File : 010812-15787-01.dmp
Crash Time : 1/8/2012 2:20:27 AM
Bug Check String :
Bug Check Code : 0x00000124
Parameter 1 : 00000000`00000000
Parameter 2 : fffffa80`0dfdc028
Parameter 3 : 00000000`b2000000
Parameter 4 : 00000000`00010005
Caused By Driver : hal.dll
Caused By Address : hal.dll+12a3b
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\010812-15787-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 291,000
==================================================

==================================================
Dump File : 010612-16348-01.dmp
Crash Time : 1/6/2012 4:42:22 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00002100
Parameter 2 : 00000000`0000000e
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`032ab6a3
Caused By Driver : USBPORT.SYS
Caused By Address : USBPORT.SYS+1156a
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\010612-16348-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 290,992
==================================================

==================================================
Dump File : 122611-18517-01.dmp
Crash Time : 12/26/2011 4:57:26 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : ffffffff`ffffffff
Parameter 2 : 00000000`00000000
Parameter 3 : 00000000`00000008
Parameter 4 : ffffffff`ffffffff
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+705c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17790 (win7sp1_gdr.120305-1505)
Processor : x64
Crash Address : ntoskrnl.exe+705c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\122611-18517-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7600
Dump File Size : 290,936
==================================================

==================================================
Dump File : 122211-17175-01.dmp
Crash Time : 12/22/2011 3:32:05 AM
Bug Check String :
Bug Check Code : 0x00000124
Parameter 1 : 00000000`00000000
Parameter 2 : fffffa80`0e023028
Parameter 3 : 00000000`b2000000
Parameter 4 : 00000000`00010005
Caused By Driver : hal.dll
Caused By Address : hal.dll+12903
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+705c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\122211-17175-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7600
Dump File Size : 290,936
==================================================

==================================================
Dump File : 122211-16333-01.dmp
Crash Time : 12/22/2011 1:25:01 AM
Bug Check String : ATTEMPTED_WRITE_TO_READONLY_MEMORY
Bug Check Code : 0x000000be
Parameter 1 : fffff880`1082ec51
Parameter 2 : 80000003`28429121
Parameter 3 : fffff880`04267f00
Parameter 4 : 00000000`0000000b
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+814c51
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+705c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\122211-16333-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7600
Dump File Size : 290,936
==================================================

==================================================
Dump File : 121111-16785-01.dmp
Crash Time : 12/11/2011 4:26:01 AM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff800`03370dff
Parameter 3 : fffff880`0a090030
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+705c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17790 (win7sp1_gdr.120305-1505)
Processor : x64
Crash Address : ntoskrnl.exe+705c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\121111-16785-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7600
Dump File Size : 290,936
==================================================

Everything runs as excepted, just occasionally I get a bluescreen. Over all these crashes I have updated drivers, run all the tests you can imagine I'd run and tried to correct it, and aside from the bluescreen the computer runs fine in every way. Sometimes I wonder if it's memory, and I do have other memory here but I am unsure if it is compatible. I don't know if I'd have to set anything in the bios different... and I really don't know how. The computer ran 100% fine and I always run hardware monitor and never had any heat issues.

It might have had this problem before December, but I didn't notice it until around December. It was sometime after I installed iTunes actually, though that may be a coincidence. I removed iTunes before at least from the add/remove programs option, and still had the problem. I'm not sure why (and if) iTunes would have done it. It might have just been coincidence.

Attached Thumbnails

Edited by Madelynn, 30 April 2012 - 08:03 PM.

#13
godawgs

Posted 01 May 2012 - 05:48 PM

Teacher

Retired Staff
8,228 posts

Hi Madelynn,

Let's not panic yet. I don't think the computer is dying unless there's something else going on that you haven't mentioned. The Blue Screen stop message points to the driver for the Broadcom Ethernet controller. The screen shot of the Network Adapters shows that you have two Broadcom NetLink Gigabit Eathernet adapters, a regular one and one that has #2 beside it.
Do you have any idea why there are two there?

Let's disable one of them and see if that helps the blue screens. If they are still there we will re-enable it and disable the other one and see what that does.

Click the Start Orb and click Computer.
On the context menu right click on Manage and click Continue on the UAC warning. The Computer Management window will open.
Click Device Manager and in the list to the left click the + beside Network Adapters
Click on the Broadcom NetLink Gigabit Eathernet #2 adapter to highlight it. Then right click and click Properties
On the controller's property page click the Driver tab.
Click the Disable button and click OK
Close the Computer Management window and ReBoot windows.

Run the computer for a day or so. Put it through it's paces and see if the blue screen problem is still there. If it is:

Repeat the instructions above, but when you get to #6 click Enable and then OK
Then go back to #3 but click on the Broadcom NetLink Gigabit Eathernet adapter and disable it.

Run the computer for a day or so. Put it through it's paces and see if the blue screen problem is still there.

Let me know if disabling one of the adapters solved the problem and if it did which one.

#14
Madelynn

Posted 01 May 2012 - 06:14 PM

Member

Topic Starter
Member
15 posts

Okay I will give this a try. Sometimes a whole week can go with no problems and other times like when playing games, it will bluescreen. Might be when I am switching zones and information is transfering. My last Alienware also had two network adapters I don't know why. I wonder if I also have the correct driver installed, though it seems to be working so probably? Last night there was an update I saw for it on the Alienware/Dell page, but the install said I didn't meet requirements or failed or something. I'll give this a try though and see. I'm not really sure how to update it with the newest drivers if it won't even accept them. I'll test this though and see. Also thank you so far for all the effort you went through to help me, hopefully it's not too much trouble.

#15
Madelynn

Posted 01 May 2012 - 08:46 PM

Member

Topic Starter
Member
15 posts

Oddly enough I got a bluescreen

==================================================
Dump File : 050112-15194-01.dmp
Crash Time : 5/1/2012 9:39:31 PM
Bug Check String : DRIVER_CORRUPTED_EXPOOL
Bug Check Code : 0x000000c5
Parameter 1 : 00000000`00001333
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`039b20ae
Caused By Driver : USBPORT.SYS
Caused By Address : USBPORT.SYS+2d208
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\050112-15194-01.dmp
Processors Count : 12
Major Version : 15
Minor Version : 7601
Dump File Size : 330,984
==================================================

I just disabled/enabled the other now, I'll try that. I was playing a game and as soon as I triggered a cutscene, bluescreen. it wasn't a long load, instant, so not sure what caused it or if sound did. I've been struggling with this problem for a long time. That last report says driver corrupted. Maybe I have to uninstall it and reinstall but I am unsure what drivers.