Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

possible virus [Solved]

Started by Lucky Dearly , Jul 24 2012 05:25 AM

This topic is locked

#1
Lucky Dearly

Posted 24 July 2012 - 05:25 AM

Member

Member
349 posts

Hey guys, a couple of days ago I had a virus sneak onto my pc with a fake spyware scan, needless to say I managed to get rid of some of it but I suspect it's still there, whenever i log onto my profile the explorer would freeze up prompting me to crt+alt+del to use the task manager to close the explorer so I can log in as normal

here's an OTL log of what I got.

Thanks in advance

OTL logfile created on: 7/24/2012 4:06:27 AM - Run 5
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\nwofan\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.46 Gb Total Space | 2.48 Gb Free Space | 0.87% Space Free | Partition Type: NTFS
Drive D: | 11.63 Gb Total Space | 1.59 Gb Free Space | 13.63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded
Drive K: | 297.44 Gb Total Space | 11.44 Gb Free Space | 3.85% Space Free | Partition Type: NTFS

Computer Name: GAMERPC
Current User Name: nwofan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2012/06/28 02:05:00 | 002,160,024 | ---- | M] (ManyCam LLC) -- C:\Program Files\ManyCam\Bin\ManyCam.exe
PRC - [2012/06/19 12:35:50 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012/06/06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/05/30 10:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM7\aim.exe
PRC - [2012/05/29 10:37:22 | 025,249,400 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2012/05/24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012/04/27 19:05:40 | 000,613,208 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster 3\gbtray.exe
PRC - [2012/04/25 11:21:12 | 001,039,192 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/03/08 17:44:02 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2012/02/01 19:07:56 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/10/15 01:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/08/10 12:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/08/08 15:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/11 14:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/06/17 10:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/03 14:50:59 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
PRC - [2011/03/28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 05:17:30 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2010/11/05 16:11:52 | 000,081,920 | R--- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\NServiceEntry.exe
PRC - [2010/08/01 14:45:22 | 004,950,936 | ---- | M] (Pando Networks) -- C:\Program Files\Pando Networks\Pando\pando.exe
PRC - [2010/06/02 19:42:33 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\nwofan\Desktop\OTL.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/08 00:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1241069855\ee\aolsoftware.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/08/28 13:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/13 18:14:21 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe

========== Modules (SafeList) ==========

MOD - [2011/08/11 16:37:26 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2011/07/15 21:27:30 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2010/11/20 05:21:26 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2010/11/20 05:21:04 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2010/11/20 05:20:29 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2010/11/20 05:18:12 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/06/02 19:42:33 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\nwofan\Desktop\OTL.exe
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Spooler)
SRV - [2012/07/22 19:12:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/19 12:35:50 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012/05/02 00:44:04 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/03/08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/11/28 19:00:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/15 11:02:12 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/08/10 12:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/17 10:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/05/03 14:56:02 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/05/03 14:50:59 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Start_Pending] -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/02/18 23:30:54 | 000,805,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/11/20 05:21:33 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2010/11/20 05:21:24 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2010/11/20 05:20:57 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2010/11/20 05:19:28 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2010/11/20 05:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 05:18:06 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2010/11/20 05:17:30 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2010/11/05 16:11:52 | 000,081,920 | R--- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/07/25 03:00:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/04/29 03:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2012/07/23 20:22:50 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/28 11:58:06 | 000,049,240 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stdriver32.sys -- (stdriver)
DRV - [2012/03/08 18:32:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2012/02/22 03:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/01/10 23:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2011/10/15 01:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/04/04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2011/03/10 22:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2011/03/10 22:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2011/03/10 22:38:51 | 000,332,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2011/03/10 22:38:37 | 000,080,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\amdsata.sys -- (amdsata)
DRV - [2011/03/10 22:38:37 | 000,022,400 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\amdxata.sys -- (amdxata)
DRV - [2011/02/07 17:36:00 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2011/01/01 10:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:30:14 | 000,160,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vhdmp.sys -- (vhdmp)
DRV - [2010/11/20 05:30:10 | 000,173,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2010/11/20 05:29:53 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 03:07:39 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.svs -- (NDProxy)
DRV - [2010/11/20 03:01:12 | 000,164,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:50:21 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2010/11/20 02:29:49 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2010/11/20 02:24:56 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/20 01:47:55 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\acpipmi.sys -- (AcpiPmi)
DRV - [2010/11/01 06:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2010/08/19 19:24:34 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2010/07/29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2009/10/20 12:08:44 | 000,037,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/10/01 22:03:40 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/08/04 10:48:20 | 002,744,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/08/04 10:40:04 | 000,226,816 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2009/08/04 10:39:02 | 000,157,440 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV - [2009/07/30 17:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 18:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 16:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 15:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 15:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2009/07/13 15:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 15:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/06/22 22:34:38 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/05/22 16:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/04/29 03:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/17 10:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/13 05:58:30 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2009/02/13 05:57:28 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2009/02/13 05:56:32 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/09/09 17:58:08 | 000,020,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/21 09:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/05/22 02:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/07/03 15:05:00 | 000,162,944 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2007/02/15 17:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2007/02/08 06:45:14 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2006/12/24 06:15:18 | 000,027,904 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xPADFL02.sys -- (XPADFL02)
DRV - [2006/11/29 15:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-tyc8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files\searchresults7\searchresultsDx.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaultthis.engineName: "IncrediMail MediaBar 4 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...rud=15-06-2012"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-tyc8"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-tyc8"
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.wwe.com"
FF - prefs.js..keyword.URL: "http://www.ask.com/w...YYYYY^YY^US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKLM\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/06/29 03:37:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/25 14:36:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 18:30:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/22 18:30:20 | 000,000,000 | ---D | M]

[2010/07/24 21:13:09 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Mozilla\Extensions
[2012/07/18 00:03:33 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions
[2010/07/24 21:13:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/21 20:04:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/21 23:32:19 | 000,000,000 | ---D | M] (Search Results Toolbar) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{6f895323-a0d1-4844-b5d1-89e3962fa2b2}
[2012/07/18 00:03:33 | 000,000,000 | ---D | M] (IncrediMail MediaBar 4 Community Toolbar) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{90eee664-34b1-422a-a782-779af65cdf6d}
[2012/06/15 01:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2012/03/16 02:23:48 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]
[2012/06/29 03:36:42 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]
[2010/09/18 13:20:13 | 000,001,490 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\AIM Search.xml
[2012/07/20 23:27:05 | 000,002,562 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\aol-search-1.xml
[2010/09/23 00:04:58 | 000,002,342 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\aol-search.xml
[2011/07/13 17:56:04 | 000,002,354 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\aol-web-search.xml
[2012/07/20 23:26:30 | 000,002,577 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\askcom.xml
[2011/02/09 20:45:52 | 000,001,919 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\bing-zugo.xml
[2011/08/29 17:51:44 | 000,000,947 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\conduit.xml
[2010/08/09 19:14:28 | 000,002,059 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\daemon-search.xml
[2012/01/01 21:12:05 | 000,002,191 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\MyStart Search.xml
[2011/12/11 22:30:57 | 000,001,210 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\search.xml
[2012/06/18 05:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/05 00:57:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/02 00:44:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/11/11 00:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2012/06/20 09:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2012/03/04 00:42:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2012/06/20 09:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/07/11 14:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2011/01/15 04:46:37 | 000,002,242 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml
[2012/06/21 23:32:40 | 000,002,275 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\ask.xml
[2012/07/10 01:26:39 | 000,003,750 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
[2012/03/16 02:23:05 | 000,002,288 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2012/05/02 00:44:02 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/09/19 19:21:58 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2012/05/02 00:44:02 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/23 20:05:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Search Results Toolbar) - {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files\searchresults7\searchresultsDx.dll (Ask.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\20.0.1132.57\npchrome_frame.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files\searchresults7\searchresultsDx.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1241069855\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [Recordpad] C:\Program Files\NCH Software\Recordpad\recordpad.exe (NCH Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [fltMosk] C:\Users\nwofan\AppData\Local\Temp\BdeUfc.DLL (FRISK Software International)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [Pando] C:\Program Files\Pando Networks\Pando\Pando.exe (Pando Networks)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\nwofan\Desktop\Emulators\uTorrent.exe ()
O4 - Startup: C:\Users\nwofan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\nwofan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} http://clients.futur...y/FMSI_v420.cab (FuturemarkSystemInfoX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\20.0.1132.57\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\nwofan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\nwofan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 14:12:18 | 000,000,088 | ---- | M] () - H:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010/05/10 22:02:29 | 000,000,000 | ---D | M] - K:\Automatically Add to iTunes -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/07/24 02:22:17 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{4D77D986-E01A-4937-A578-CB4A3227D161}
[2012/07/24 02:21:50 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{54798C51-9A24-42B2-9AA9-31BAD1E3E580}
[2012/07/23 20:22:50 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/23 14:21:03 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B6B708B2-4B21-4EAF-BF14-81DE7155D8A7}
[2012/07/23 14:20:47 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1B4F60D3-2C3A-4990-A3A6-9FF9CAB80A56}
[2012/07/22 23:04:45 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/22 23:02:43 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\nwofan\Desktop\tdsskiller.exe
[2012/07/22 22:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\ZC2.10
[2012/07/22 17:08:18 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1E4B0E0F-242C-4859-AE19-0A96AF9D2D07}
[2012/07/22 17:07:46 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{4C87F2BA-238B-4C1C-BC1E-348FCF7C3022}
[2012/07/22 02:33:10 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{78AE4BCE-C4FE-4CD4-9B90-3F4A298A28FE}
[2012/07/22 02:32:58 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{7B5CC40F-9E95-41F8-B351-85242A756FF3}
[2012/07/21 18:20:43 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/07/21 15:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\036E193203F39BF10282E7AFF875EF7E
[2012/07/21 14:32:22 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{7B7D43A9-4592-4587-AAB8-7CE01D3E00A8}
[2012/07/21 14:32:09 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{594ECA15-4A28-48D9-A3EE-A3122F1AF614}
[2012/07/21 02:31:33 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{06F343EF-8EF9-45A6-80F3-08CF3D79D652}
[2012/07/21 02:31:22 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{3F0CDE60-38F5-4ABD-BC42-4F09E44B012D}
[2012/07/20 14:30:48 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{7B5F9FB3-271E-4F31-86D7-B346EA1339BC}
[2012/07/20 14:30:29 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{19C6B44E-CED7-4C7E-963D-02F66EA0C46E}
[2012/07/20 02:29:19 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{D97FF008-F613-4AFE-ADFA-975D9A041DBF}
[2012/07/19 14:28:48 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{DB1343C6-42C5-43B8-8130-5B1948DE1397}
[2012/07/19 14:28:26 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{F3EDD579-DD57-467C-8135-A66257816242}
[2012/07/19 02:27:55 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{F255C063-5FAE-4914-B11F-AD9FE425C04C}
[2012/07/19 02:27:43 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{37190D1F-1764-42A7-9C13-50B9D9B710F7}
[2012/07/18 14:27:13 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{0AD4B6DE-885C-4624-99AD-6C46AD8FB480}
[2012/07/18 14:27:02 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{D6C30B99-1244-4D32-B5A9-226EF4D03306}
[2012/07/18 02:26:25 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5765B611-6F22-47CA-907E-C07773F2D2FF}
[2012/07/18 02:25:50 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{8E754009-B28B-4B6F-A422-EE00CE7821D5}
[2012/07/18 00:05:27 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\uTorrent
[2012/07/17 14:25:09 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{670F8C41-EE1C-4350-8421-4BC36CEB2413}
[2012/07/17 14:24:58 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{6437BBE9-35B9-4089-995F-F05B5A6971A1}
[2012/07/17 02:24:28 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{ED0ADE4C-3033-4737-B41C-8D9C495BE258}
[2012/07/16 14:23:30 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{655FE350-6AFE-4439-B460-9B20C4B5BF62}
[2012/07/16 14:23:04 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{538C8A81-4074-499D-B45D-77436FA8AD04}
[2012/07/15 18:34:34 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{A63428DC-078C-4A9B-A975-2F9D61D84FF3}
[2012/07/15 18:34:16 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{0D01F767-7281-458A-BE6B-93D5FAE43869}
[2012/07/14 15:21:47 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{9AC52828-336E-4665-B748-3055013B91F2}
[2012/07/14 15:21:03 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{82F0279B-28B3-46B4-A98D-9BF26B70079C}
[2012/07/13 15:39:35 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{04C23DEF-647B-4533-963E-ED7B03BD3B6C}
[2012/07/13 15:39:23 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{43A7B398-A897-4DD0-B74B-0A60E990B82A}
[2012/07/13 03:38:52 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{A9DB3F5D-7837-4560-A8F4-8A102246EBE9}
[2012/07/12 19:44:51 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\LOVE
[2012/07/12 17:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\DLLSuite
[2012/07/12 16:54:42 | 000,279,067 | ---- | C] (The GLib developer community) -- C:\Windows\System32\libgobject-2.0-0.dll
[2012/07/12 15:38:07 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{0CB97B55-D28E-4352-A1BE-0209984AA38D}
[2012/07/12 15:37:48 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{D571518E-17CC-4FC1-BCB5-A77BC420DDE7}
[2012/07/12 03:35:15 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\Systweak
[2012/07/12 03:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro
[2012/07/12 02:31:12 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5E69CA6C-C28F-4EFD-8364-BF81F9EEEF99}
[2012/07/11 14:30:28 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{C6F06400-BC8C-41C8-AC63-8F46B0143F99}
[2012/07/11 14:30:17 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{4842AD01-C13C-47C9-BFA8-37F1F1E7AB74}
[2012/07/11 02:29:47 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E6030F4D-4215-47CF-B61C-1A14D47588AC}
[2012/07/11 02:29:34 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{0FAD0F4E-6702-4B46-93A6-13DDF31D6060}
[2012/07/10 14:29:04 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{82D674F1-9FDE-44A2-A4CD-C5705ADCC1F8}
[2012/07/10 14:28:52 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{C44C38F8-45BD-43B3-A8F8-ECA87ED25247}
[2012/07/10 02:28:21 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{C0257068-A502-4AE5-A126-FADF2BC312C5}
[2012/07/10 02:14:20 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\Z-Net I
[2012/07/10 02:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\Z-Net I
[2012/07/09 14:27:12 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E32F0BB2-5807-4AB6-9D3D-67C94B5466D6}
[2012/07/09 14:26:51 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{A0595E2B-2DD7-4217-AD95-E5FA03B7DEF5}
[2012/07/08 16:09:53 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{D88B4F20-C248-4BBC-8250-F3D1D9DEDAFA}
[2012/07/08 16:09:28 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B6273CAA-2350-47B1-B3F7-CF96A3FB8D3B}
[2012/07/08 00:15:47 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{64E37A7E-BAAD-4D28-8836-931C35C77E59}
[2012/07/07 12:15:16 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5C95ED1A-B40D-4B90-91CD-6BB15E1C3947}
[2012/07/07 12:15:04 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{79991369-2131-40E0-9EE8-8DA576935EB8}
[2012/07/07 00:14:33 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{2905A165-C2ED-49C3-AE89-2D2BAFDC4A19}
[2012/07/07 00:14:20 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B7EE126A-4A1C-43F9-A2E9-77AA393BA28D}
[2012/07/06 12:13:16 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{4D51A857-393B-40F7-B6B4-26079821DCEC}
[2012/07/06 12:12:53 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{7E1004BB-F5A4-4E51-B0DA-59AFADD61CC7}
[2012/07/05 21:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/07/05 15:12:47 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E505BB9C-F0EB-42B7-8C0C-F28F6A1E614C}
[2012/07/05 15:12:28 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{836D27F3-AD21-4106-B9A8-CF5E731AC542}
[2012/07/05 02:59:00 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{7A115591-32E3-4648-8992-58BF4BE95909}
[2012/07/05 02:58:47 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{49EB7CA9-0FCC-44D2-87AC-90764B6440D8}
[2012/07/04 23:42:36 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/04 23:42:36 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/04 14:57:46 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{D836E910-F858-4CBA-8674-372F6B1D6402}
[2012/07/04 14:57:18 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{96C8E57E-C402-418F-A8EF-4AF9A40A1ADE}
[2012/07/04 01:55:59 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{CB90B72A-C012-4A7B-AE71-117AAD047350}
[2012/07/04 01:55:48 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{0DF0364D-E023-4AF2-9748-27D617DE573F}
[2012/07/03 16:04:02 | 000,000,000 | ---D | C] -- C:\Users\nwofan\Documents\Vegas Movie Studio HD 11.0 Projects
[2012/07/03 13:55:04 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1E599775-58DB-46E1-92B8-DD1B9B3F8FCC}
[2012/07/03 13:54:52 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{15DA8FF9-93AD-4786-9658-4D8CEEDDF1F7}
[2012/07/03 01:39:38 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{C23F7185-ED64-41BD-A141-1A35CDAD3872}
[2012/07/02 13:38:42 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{965EF948-BE13-4EEF-8343-56C078FEE24C}
[2012/07/02 13:38:26 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{77384B5D-219C-414F-9175-29E5D026A2B5}
[2012/07/01 17:11:02 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{471FDF67-E573-4BD3-9E92-DB84661DF685}
[2012/07/01 17:10:22 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{073C23FE-E730-4506-A3C3-19405939180C}
[2012/06/30 15:01:03 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{FDDD6475-D1F6-4F0B-AC2A-5156E10B1430}
[2012/06/30 15:00:51 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B0811C71-FAC2-4FB8-82F9-6677331AE6C4}
[2012/06/30 03:00:16 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5BB43318-EE41-4523-BC34-E96B69832E49}
[2012/06/30 03:00:02 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{FDC66CDE-C52E-46AC-B1AE-E6A8BCB4D0D0}
[2012/06/29 14:59:29 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B47FB324-1A2C-4865-B331-C8086AB85F31}
[2012/06/29 14:59:15 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{BDB236BF-7466-4435-A710-F9FBE32A23C5}
[2012/06/29 03:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam
[2012/06/29 03:35:39 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\ManyCam
[2012/06/29 02:57:51 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{4FE103FC-978D-4845-B817-4982CCC03E3A}
[2012/06/29 02:57:16 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{620A0CE7-A89A-4A25-9D19-22EB4A21D95F}
[2012/06/29 01:48:31 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{6E68EE79-E659-43D0-9DE9-9C939F244AD3}
[2012/06/29 01:48:14 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{D3AFBA38-AB25-4889-B9C1-6191C34E1B5B}
[2012/06/28 13:47:04 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{DC757890-F804-4A43-924F-141BB997B525}
[2012/06/28 13:46:41 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E6EDFC8F-D5B2-4ABB-A4F0-67E81805BD95}
[2012/06/28 01:32:08 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{70C563DF-31F8-46B1-9F86-DD980CDCC7C0}
[2012/06/28 01:31:56 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B39DBFA5-9B52-45D2-809D-8F615EAB2415}
[2012/06/28 01:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2012/06/28 01:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/06/27 13:31:24 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{9CFEA195-0A8F-460B-A5F3-9DF542D25BEF}
[2012/06/27 13:31:12 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{48D2D124-61B8-4F96-9F54-5E648B3B80AC}
[2012/06/27 01:30:34 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{74FE9A35-106C-4CA7-AA36-E115AC6B4285}
[2012/06/27 01:30:21 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{DDCC2B4D-68A3-4F3E-811A-636AE4B2BA35}
[2012/06/26 13:29:48 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{CAD1B8E0-898E-42FA-8875-E8B33C2BE9E0}
[2012/06/26 13:29:25 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{88ED21D3-24D3-440A-8ECC-D34D39215124}
[2012/06/26 01:28:44 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{F0D088AE-19DC-4CE2-BF10-0ECAC8CF7B29}
[2012/06/25 13:27:27 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E5A36BED-99F9-4F78-873C-7ECF61FA4CA9}
[2012/06/25 13:27:03 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{361623E6-4568-42EF-B65B-4C4B094B1C52}
[2012/06/24 21:42:30 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{53FC5C89-1D49-4BAA-BFC6-24A6CDFC030B}
[2012/06/24 21:42:19 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{8365A66D-50BC-403F-BA2C-9DDC36B06BCD}
[2012/06/24 09:41:06 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E05DD40D-326B-4688-B946-D5181984AB0D}
[2012/06/24 09:40:24 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{4EBB0131-328C-4C3D-B042-C6236A2DC8AA}
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/24 04:14:29 | 009,699,328 | ---- | M] () -- C:\Users\nwofan\ntuser.dat
[2012/07/24 03:59:47 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/24 03:59:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/07/24 03:59:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/24 03:59:14 | 2414,780,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/24 03:57:06 | 006,291,456 | -H-- | M] () -- C:\Users\nwofan\AppData\Local\IconCache.db
[2012/07/24 03:56:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1868571618-3835447236-223175164-1000UA.job
[2012/07/24 03:37:41 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/24 03:33:10 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/24 01:56:09 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1868571618-3835447236-223175164-1000Core.job
[2012/07/23 20:22:50 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/23 17:47:41 | 000,014,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 17:47:41 | 000,014,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 01:21:14 | 000,000,593 | ---- | M] () -- C:\Users\nwofan\Desktop\Throwing_Weapon_Script-9700-0-0.zip
[2012/07/22 23:02:43 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\nwofan\Desktop\tdsskiller.exe
[2012/07/22 19:12:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/22 19:12:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/22 18:33:31 | 000,002,090 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2012/07/22 18:32:36 | 000,778,660 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2012/07/22 18:32:36 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/22 18:32:36 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/21 01:58:35 | 000,000,728 | ---- | M] () -- C:\Users\nwofan\Desktop\Left 4 Dead 2.lnk
[2012/07/21 01:58:35 | 000,000,692 | ---- | M] () -- C:\Users\nwofan\L4D2 Updater.lnk
[2012/07/21 01:58:35 | 000,000,624 | ---- | M] () -- C:\Users\nwofan\Mutation Mod.lnk
[2012/07/19 03:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\ErrorEND.job
[2012/07/16 17:57:54 | 008,871,936 | ---- | M] () -- C:\Users\nwofan\ntuser.dat.iobit
[2012/07/16 01:00:50 | 000,241,834 | ---- | M] () -- C:\Users\nwofan\Documents\Twotoneraffle.jpg
[2012/07/15 22:34:16 | 000,388,368 | ---- | M] () -- C:\Users\nwofan\Documents\Twotoneraffle.png
[2012/07/14 17:06:57 | 000,000,378 | ---- | M] () -- C:\Windows\SMB2ed.ini
[2012/07/13 18:05:05 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/13 02:33:13 | 000,001,237 | ---- | M] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2012/07/12 16:54:44 | 000,279,067 | ---- | M] (The GLib developer community) -- C:\Windows\System32\libgobject-2.0-0.dll
[2012/07/12 02:32:08 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/10 02:14:20 | 000,001,759 | ---- | M] () -- C:\Users\nwofan\Desktop\Z-Net I.lnk
[2012/07/05 21:22:44 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/05 15:24:44 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/01 08:11:32 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for nwofan.job
[2012/07/01 02:16:09 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2012/06/29 14:20:05 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/06/29 03:37:45 | 000,000,356 | ---- | M] () -- C:\swupdate.conf
[2012/06/29 03:37:23 | 000,524,288 | -HS- | M] () -- C:\Users\nwofan\ntuser.dat{9195c1ba-c1ce-11e1-8e5a-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2012/06/29 03:37:23 | 000,524,288 | -HS- | M] () -- C:\Users\nwofan\ntuser.dat{9195c1ba-c1ce-11e1-8e5a-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2012/06/29 03:37:23 | 000,065,536 | -HS- | M] () -- C:\Users\nwofan\ntuser.dat{9195c1ba-c1ce-11e1-8e5a-00038a000015}.TM.blf
[2012/06/29 02:57:20 | 000,115,288 | ---- | M] () -- C:\Users\nwofan\AppData\Local\GDIPFONTCACHEV1.DAT
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/23 01:21:13 | 000,000,593 | ---- | C] () -- C:\Users\nwofan\Desktop\Throwing_Weapon_Script-9700-0-0.zip
[2012/07/22 19:12:30 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/21 01:58:35 | 000,000,728 | ---- | C] () -- C:\Users\nwofan\Desktop\Left 4 Dead 2.lnk
[2012/07/21 01:58:35 | 000,000,692 | ---- | C] () -- C:\Users\nwofan\L4D2 Updater.lnk
[2012/07/21 01:58:35 | 000,000,624 | ---- | C] () -- C:\Users\nwofan\Mutation Mod.lnk
[2012/07/16 01:00:49 | 000,241,834 | ---- | C] () -- C:\Users\nwofan\Documents\Twotoneraffle.jpg
[2012/07/15 22:34:14 | 000,388,368 | ---- | C] () -- C:\Users\nwofan\Documents\Twotoneraffle.png
[2012/07/10 02:14:20 | 000,001,759 | ---- | C] () -- C:\Users\nwofan\Desktop\Z-Net I.lnk
[2012/07/05 21:22:44 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/05 15:24:44 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2012/06/29 02:55:44 | 000,524,288 | -HS- | C] () -- C:\Users\nwofan\ntuser.dat{9195c1ba-c1ce-11e1-8e5a-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2012/06/29 02:55:44 | 000,524,288 | -HS- | C] () -- C:\Users\nwofan\ntuser.dat{9195c1ba-c1ce-11e1-8e5a-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2012/06/29 02:55:44 | 000,065,536 | -HS- | C] () -- C:\Users\nwofan\ntuser.dat{9195c1ba-c1ce-11e1-8e5a-00038a000015}.TM.blf
[2012/06/29 00:47:36 | 008,871,936 | ---- | C] () -- C:\Users\nwofan\ntuser.dat.iobit
[2012/01/06 01:52:37 | 001,936,528 | ---- | C] () -- C:\Windows\System32\ltmm15.dll
[2011/07/11 11:53:36 | 000,000,020 | ---- | C] () -- C:\Windows\System32\NDADMIND.DLL
[2011/06/29 22:42:32 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/23 20:48:06 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/08/16 14:41:08 | 000,000,378 | ---- | C] () -- C:\Windows\SMB2ed.ini
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/03/18 17:59:06 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/02/28 00:44:32 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/10 12:37:57 | 000,016,896 | ---- | C] () -- C:\Windows\System32\tupvcumd.dll
[2009/11/10 12:37:57 | 000,014,848 | ---- | C] () -- C:\Windows\System32\drivers\tupvckmd.sys
[2009/10/20 12:08:44 | 000,037,248 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2009/10/08 20:05:10 | 000,000,325 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 18:12:53 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/04 04:20:01 | 000,003,766 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/05/04 04:20:01 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\08751F20E9.sys
[2009/05/04 03:05:26 | 000,000,882 | ---- | C] () -- C:\Windows\DC.ini
[2008/12/16 17:30:52 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/12/16 17:30:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/03/09 01:12:32 | 000,027,648 | -HS- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007/03/06 03:14:48 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/03/06 03:14:48 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/02/07 17:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AMV_DecDLL.dll
[2005/09/13 16:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\System32\drivers\ADFUUD.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C980DA7D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >

#2
Essexboy

Posted 24 August 2012 - 01:05 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi Mac asked me to look at this..

I will need some updated data first. Could you delete the OTL copy that you have and run this latest version

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
Lucky Dearly

Posted 24 August 2012 - 06:34 PM

Member

Topic Starter
Member
349 posts

Okay here's the OTL Log

OTL logfile created on: 8/24/2012 5:11:27 PM - Run 7
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\nwofan\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.43% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 66.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.46 Gb Total Space | 16.98 Gb Free Space | 5.93% Space Free | Partition Type: NTFS
Drive D: | 11.63 Gb Total Space | 1.59 Gb Free Space | 13.63% Space Free | Partition Type: NTFS
Drive H: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 297.44 Gb Total Space | 9.23 Gb Free Space | 3.10% Space Free | Partition Type: NTFS

Computer Name: GAMERPC | User Name: nwofan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/24 16:28:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\nwofan\Desktop\OTL.exe
PRC - [2012/08/23 02:58:33 | 000,690,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/05/30 10:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM7\aim.exe
PRC - [2012/05/29 10:37:22 | 025,249,400 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2012/04/27 19:05:40 | 000,613,208 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster 3\gbtray.exe
PRC - [2012/04/19 08:50:10 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/04/19 08:50:10 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/03/14 11:45:00 | 000,529,520 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\Install\{32D098D9-F96C-44BC-8FFC-5DF43EDAD9B4}\GoogleToolbarInstaller_updater_signed.exe
PRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2012/01/11 21:44:56 | 000,210,744 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn2\ytbb.exe
PRC - [2011/11/25 04:13:04 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/10/17 14:04:30 | 000,580,464 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\TWC\DigiDo\AffinegyService.exe
PRC - [2011/10/17 14:04:28 | 008,445,296 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\TWC\DigiDo\DigiDo.exe
PRC - [2011/10/17 14:04:28 | 001,458,544 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\TWC\DigiDo\TrayApp.exe
PRC - [2011/10/15 01:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/08/10 12:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/08/08 15:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/11 14:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/06/23 21:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/17 10:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/03 14:50:59 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/05 16:11:52 | 000,081,920 | R--- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\NServiceEntry.exe
PRC - [2010/08/01 14:45:22 | 004,950,936 | ---- | M] (Pando Networks) -- C:\Program Files\Pando Networks\Pando\pando.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/08 00:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1241069855\ee\aolsoftware.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/08/28 13:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/30 10:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files\AIM7\nssckbi.dll
MOD - [2012/04/13 12:04:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/04/13 12:00:04 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll
MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/02/22 20:49:38 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2011/11/10 22:43:26 | 000,138,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
MOD - [2011/10/17 14:04:32 | 000,022,896 | ---- | M] () -- C:\Program Files\TWC\DigiDo\AffinegyServicePS.dll
MOD - [2011/10/17 13:54:02 | 001,686,016 | ---- | M] () -- C:\Program Files\TWC\DigiDo\gateways\ArrisTG852GLOC.dll
MOD - [2011/10/17 13:49:22 | 000,333,824 | ---- | M] () -- C:\Program Files\TWC\DigiDo\DigiDoFlavor.dll
MOD - [2011/08/13 13:48:49 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
MOD - [2011/08/13 13:15:09 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8b3b6ed74cb3d94695b0eaf94a362d42\UIAutomationTypes.ni.dll
MOD - [2011/08/13 13:15:08 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
MOD - [2011/08/13 13:14:49 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
MOD - [2011/08/13 13:14:34 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/08/13 12:55:29 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/08/13 12:53:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/08/13 12:53:23 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b7d1c271ec6b4df64c95563fc81ffc2f\System.Data.ni.dll
MOD - [2011/08/13 12:52:58 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/13 12:52:49 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/13 12:52:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/13 12:52:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/13 03:09:00 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/13 03:08:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/08/08 15:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2010/12/09 18:34:10 | 000,119,808 | ---- | M] () -- C:\Program Files\TWC\DigiDo\imageformats\qjpeg4.dll
MOD - [2010/12/04 19:38:04 | 001,242,112 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2010/12/04 19:38:02 | 002,010,624 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_core220.dll
MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/08/11 20:29:04 | 007,187,456 | ---- | M] () -- C:\Program Files\TWC\DigiDo\QtGui4.dll
MOD - [2010/08/11 20:29:02 | 000,325,632 | ---- | M] () -- C:\Program Files\TWC\DigiDo\QtXml4.dll
MOD - [2010/08/11 20:29:00 | 001,954,304 | ---- | M] () -- C:\Program Files\TWC\DigiDo\QtCore4.dll
MOD - [2010/08/11 20:29:00 | 000,847,360 | ---- | M] () -- C:\Program Files\TWC\DigiDo\QtNetwork4.dll
MOD - [2010/07/24 20:51:43 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/06/30 00:12:54 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/06/30 00:12:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/06/30 00:12:42 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/06/30 00:12:40 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/06/30 00:12:40 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/06/30 00:12:40 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/06/30 00:12:36 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/12/08 18:50:04 | 003,565,056 | ---- | M] () -- C:\Program Files\Replay Converter\ffdshow.ax
MOD - [2009/08/28 13:52:58 | 000,931,112 | ---- | M] () -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/07/03 14:18:14 | 000,131,072 | ---- | M] () -- C:\Program Files\PIXELA\Everio MediaBrowser\px_mpega.dll
MOD - [2007/06/16 17:18:20 | 000,032,768 | ---- | M] () -- C:\Program Files\MP3 Player Utilities 4.19\AMVConverter\AmvTransform.dll
MOD - [2005/06/28 13:59:48 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2012/08/23 02:58:35 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/09 12:28:04 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/27 15:22:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/11/28 19:00:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/17 14:04:30 | 000,580,464 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\TWC\DigiDo\AffinegyService.exe -- (AffinegyService)
SRV - [2011/08/15 11:02:12 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/08/10 12:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/17 10:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/05/03 14:56:02 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/05/03 14:50:59 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/11/05 16:11:52 | 000,081,920 | R--- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/25 03:00:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/04/29 03:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motport.sys -- (motport)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\nwofan\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/23 20:22:50 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/28 11:58:06 | 000,049,240 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stdriver32.sys -- (stdriver)
DRV - [2012/02/22 03:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/01/10 23:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2011/10/15 01:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/04/04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2011/02/07 17:36:00 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2011/01/01 10:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 03:07:39 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.svs -- (NDProxy)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/01 06:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2010/07/29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2009/10/20 12:08:44 | 000,037,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/10/01 22:03:40 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/08/04 10:40:04 | 000,226,816 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00)
DRV - [2009/08/04 10:39:02 | 000,157,440 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmx00.sys -- (SWMX00)
DRV - [2009/07/30 17:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/07/13 15:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 15:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/06/22 22:34:38 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009/04/29 03:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/13 05:58:30 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2009/02/13 05:56:32 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/09/09 17:58:08 | 000,020,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2008/07/21 09:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/05/22 02:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/07/03 15:05:00 | 000,162,944 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2007/02/15 17:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2007/02/08 06:45:14 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2006/12/24 06:15:18 | 000,027,904 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xPADFL02.sys -- (XPADFL02)
DRV - [2006/11/29 15:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-tyc8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{08C2FE8D-012D-4327-B7C9-37C8EC2D2B7F}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=11-06-2012
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKLM\..\SearchScopes\{F53CD4AF-28F0-43FB-B3FF-5D396282D957}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP50
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\URLSearchHook: {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files\searchresults7\searchresultsDx.dll (Ask.com)
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{056650C7-9810-4555-BEB0-2C6700D7A155}: "URL" = http://search.jword....e={searchTerms}
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{08C2FE8D-012D-4327-B7C9-37C8EC2D2B7F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000248c5c47fb
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=11-06-2012
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{710E5CC8-F44D-465F-A979-5AA39C16A2EF}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{789F138B-EDB8-4248-9EFE-93433AC99690}: "URL" = http://search.avg.co...}&iy=b&ychte=us
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{7E4F0419-36BD-4A62-A765-05EADE918250}: "URL" = http://search.yahoo....f-8&fr=chr-yie8
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{879D7D8E-2FBB-4319-AC19-EFC55E153DBA}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{92B59854-86B8-4635-A4F5-CB78C30F550A}: "URL" = http://websearch.ask...09-59BC25CFDB2C
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{933C395A-2DDE-40D6-91C6-A13371E6FF89}: "URL" = http://delicious.com...p={searchTerms}
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-07-10 01:26:50&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpr...q={searchTerms}
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{B88BE29A-6F35-4D3D-B6B1-CD47D165B6B7}: "URL" = http://search.yahoo....ms}&fr=chr-tyc8
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = http://www.ask.com/w...q={searchTerms}
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...id=80469&lng=en
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{CB90FB56-786A-45CE-A0AF-2D9E17EDFF8D}: "URL" = http://www.google.co...1I7DXTB_enUS459
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6R83lZWlx8&i=26
IE - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaultthis.engineName: "IncrediMail MediaBar 4 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...rud=15-06-2012"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-tyc8"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-tyc8"
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.wwe.com"
FF - prefs.js..keyword.URL: "http://www.ask.com/w...YYYYY^YY^US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\nwofan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\nwofan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\nwofan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\nwofan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/06/29 03:37:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/25 14:36:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/27 15:22:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/16 19:54:26 | 000,000,000 | ---D | M]

[2010/07/24 21:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Extensions
[2012/08/23 16:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions
[2010/07/24 21:13:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/21 20:04:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/21 23:32:19 | 000,000,000 | ---D | M] (Search Results Toolbar) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{6f895323-a0d1-4844-b5d1-89e3962fa2b2}
[2012/07/18 00:03:33 | 000,000,000 | ---D | M] (IncrediMail MediaBar 4 Community Toolbar) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{90eee664-34b1-422a-a782-779af65cdf6d}
[2012/06/15 01:14:35 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2012/03/16 02:23:48 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]
[2012/08/23 16:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\staged
[2012/06/29 03:36:42 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\[email protected]
[2010/09/18 13:20:13 | 000,001,490 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\AIM Search.xml
[2012/08/17 22:55:19 | 000,002,562 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\aol-search-1.xml
[2010/09/23 00:04:58 | 000,002,342 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\aol-search.xml
[2011/07/13 17:56:04 | 000,002,354 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\aol-web-search.xml
[2012/08/23 15:56:22 | 000,002,577 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\askcom.xml
[2011/02/09 20:45:52 | 000,001,919 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\bing-zugo.xml
[2011/08/29 17:51:44 | 000,000,947 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\conduit.xml
[2010/08/09 19:14:28 | 000,002,059 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\daemon-search.xml
[2012/01/01 21:12:05 | 000,002,191 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\MyStart Search.xml
[2011/12/11 22:30:57 | 000,001,210 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\search.xml
[2012/08/07 03:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/05 00:57:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/07 03:39:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/27 15:22:35 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/11/11 00:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2012/06/20 09:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 09:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/07/11 14:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/01/15 04:46:37 | 000,002,242 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\AOL Search.xml
[2012/06/21 23:32:40 | 000,002,275 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ask.xml
[2012/07/10 01:26:39 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/16 02:23:05 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/07/27 15:22:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/19 19:21:58 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/07/27 15:22:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://isearch.avg.c...sa&d=2012-07-10 01:26:50&v=11.1.0.12&sap=hp
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://isearch.avg.c...sa&d=2012-07-10 01:26:50&v=11.1.0.12&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\nwofan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\nwofan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Ask Toolbar = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodnbkkemkkaekocofmphoadofkdh\7.15.1.22466_0\
CHR - Extension: Entanglement = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: SiteAdvisor = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: Skype Click to Call = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\
CHR - Extension: Poppit = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2011/11/23 20:05:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Search Results Toolbar) - {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files\searchresults7\searchresultsDx.dll (Ask.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\21.0.1180.83\npchrome_frame.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files\searchresults7\searchresultsDx.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [DigiDo] C:\Program Files\TWC\DigiDo\TrayApp.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1241069855\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [Recordpad] C:\Program Files\NCH Software\Recordpad\recordpad.exe (NCH Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000..\Run: [AIM] C:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000..\Run: [fltMosk] C:\Users\nwofan\AppData\Local\Temp\BdeUfc.dll (FRISK Software International)
O4 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000..\Run: [Pando] C:\Program Files\Pando Networks\Pando\Pando.exe (Pando Networks)
O4 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000..\Run: [uTorrent] C:\Users\nwofan\Desktop\Emulators\uTorrent.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" File not found
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" File not found
O4 - Startup: C:\Users\nwofan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\nwofan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Veronica Valencia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect119b.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} http://clients.futur...y/FMSI_v420.cab (FuturemarkSystemInfoX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56E290B4-FA5A-48A1-8671-5D6776B62B14}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{611D4670-149B-4053-9713-D1F4F7A58D99}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D23BAA9-C145-4F8D-9FB1-A4855C4888B1}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\21.0.1180.83\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\nwofan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\nwofan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 14:12:18 | 000,000,088 | ---- | M] () - H:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010/05/10 22:02:29 | 000,000,000 | ---D | M] - K:\Automatically Add to iTunes -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found
NetSvcs: BITS - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/24 16:28:00 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\nwofan\Desktop\OTL.exe
[2012/08/24 14:41:19 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{DED83123-A744-4525-938F-C2F3D6508E12}
[2012/08/24 02:40:55 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{216BBD6D-4553-4525-A772-DEE458E9C2FC}
[2012/08/23 14:40:16 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{654CAFAA-C76F-4692-A596-085A9A110575}
[2012/08/23 02:39:51 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{EF26AF5F-5838-4AA2-8CD7-E6066DCB7E27}
[2012/08/22 14:39:22 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{F9F94378-9E92-43E3-A875-4678C77EFE46}
[2012/08/22 02:27:30 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{F3377930-E872-484A-B0EE-458EB6DA7329}
[2012/08/21 14:27:17 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{23E3B134-57E0-4FDD-B739-A9D7A9E477AC}
[2012/08/21 01:01:55 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1F6DF794-B70D-4EA4-AE56-72CCDAFDBE61}
[2012/08/20 14:55:51 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\mIRC
[2012/08/20 14:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2012/08/20 14:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2012/08/20 13:01:39 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{267CD68E-7A11-4DEF-AC64-51887E45FF66}
[2012/08/20 05:20:08 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/08/19 18:01:24 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{77FEE854-E692-4E7C-A194-8C3490584E68}
[2012/08/18 15:08:52 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{6A4AAA90-ED28-4FBB-AFAF-A668EC1489FB}
[2012/08/18 15:08:40 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{06E0F347-F1A2-4A20-A418-960622EFBB1A}
[2012/08/18 03:08:10 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1495C6EA-4F80-44AA-ABA9-89772706F4B0}
[2012/08/18 03:07:58 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5537A3C0-DC6E-4125-B27A-A2D1A641DEEB}
[2012/08/17 14:31:20 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{CBEE64CE-E0AC-4BC9-B665-C2A3EE66C144}
[2012/08/17 14:31:09 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{36764094-91AF-4977-B032-6134ABD25D78}
[2012/08/17 02:30:32 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1D9D5A41-C328-4F06-8D08-72B9A53B80F4}
[2012/08/17 02:30:09 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{59319123-4C7D-48AC-85D7-849D2C279E8A}
[2012/08/16 14:29:21 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{F2C4908B-E596-44F8-8F86-8C9B8A5DF185}
[2012/08/16 14:28:59 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{583CEA25-4F7B-4569-89F4-3D598B9A0CD1}
[2012/08/16 02:06:07 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B8E9A680-612F-4C36-AE52-1A7AD1A2294F}
[2012/08/16 02:05:56 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{AC30CA4D-D100-493E-A91A-32D5516EC08C}
[2012/08/15 14:05:16 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1619E7B0-0B4A-49C6-9755-874F5AF5C018}
[2012/08/15 14:05:00 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5C10C36A-0685-4D58-96F7-3EF8496A0402}
[2012/08/15 01:55:20 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{4B9EE450-3BC7-4FB6-873A-247661A10F0D}
[2012/08/15 01:55:03 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{BC237B0B-3676-40B0-9D70-EEB3964DB780}
[2012/08/14 13:54:33 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{D10BBF68-EB29-4127-A112-7DC5CE14D456}
[2012/08/14 13:54:21 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{10671934-ADB0-45EC-A1DA-3BF21561F203}
[2012/08/14 01:53:11 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{FEEA58F9-0651-45C5-8936-8DB4F79BDAAD}
[2012/08/14 01:52:41 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{005C6EF7-73A8-4424-B817-5DEC43147002}
[2012/08/13 13:51:55 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{BD1DFC89-5AB0-4ACB-92A3-6E4E6C0A9E93}
[2012/08/13 13:51:38 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{0ED9CDF2-3D50-46D1-8531-8455404E4954}
[2012/08/12 16:49:10 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B35FD1AC-78BD-44E8-8FCA-ECCC382BF869}
[2012/08/12 16:48:46 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{57114FB5-9C61-4EDB-BD5E-224B58B5C36D}
[2012/08/12 03:43:17 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{762D380B-427B-44BD-9DD3-44413DC7A37F}
[2012/08/12 03:43:06 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{06CFB999-AFE1-444F-B762-6AA7011F0A88}
[2012/08/11 15:42:49 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B9AC1C6F-D728-4F56-9C53-C8915F20411F}
[2012/08/11 15:42:31 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{8282CD65-5F9C-40B8-9978-F62516D900EB}
[2012/08/11 03:40:28 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{ACA155A4-A5EB-441A-99C2-2981B06AE615}
[2012/08/11 03:40:13 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{34D08F17-CC9F-42CD-BD7E-DD77BFD6113E}
[2012/08/10 15:39:35 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{79EAAEE8-0D94-479E-83EF-638E2060B419}
[2012/08/10 15:39:18 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{AE33ABA8-AA68-461A-BCBB-4B9E4E7FC60E}
[2012/08/10 02:48:21 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{EBBC1F0F-D3B4-4A0C-B38F-688A538F61E2}
[2012/08/10 02:48:09 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{6CF093DF-341C-49BE-8D35-2BC7212FA717}
[2012/08/09 19:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TWC
[2012/08/09 19:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\TWC
[2012/08/09 19:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Affinegy
[2012/08/09 14:31:19 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{7120763D-089C-4268-A9DC-36ED4A15B984}
[2012/08/09 14:31:07 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{EFEFF18C-C95D-46DF-9045-0560293233F2}
[2012/08/09 12:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/08/09 12:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012/08/09 02:29:57 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{71BA6572-01A9-4C51-9F2F-BFB43745BF27}
[2012/08/08 14:28:46 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{4F219519-5DE6-465D-B7BB-342521B7D861}
[2012/08/08 14:28:34 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{49C44B75-49D5-4926-9AF5-DC0615E98BC2}
[2012/08/08 02:28:03 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{F9EDB12F-1B8A-49F5-A71C-592349A1F446}
[2012/08/08 02:27:51 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1A7AAB53-3F9E-419A-9998-4A1340B66B2F}
[2012/08/07 14:27:21 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{97433981-6F14-4D0F-AE17-A376C64D91D2}
[2012/08/07 14:27:10 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{315E2639-E175-4646-B160-A6C1E8FA33CE}
[2012/08/07 02:26:40 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{21A613E0-04A9-4043-B9B6-38B871008D41}
[2012/08/06 14:26:01 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{8B2182C3-936A-430A-AC81-311F8FE0A2A4}
[2012/08/06 14:25:49 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{28E46C80-8A84-48A4-BE13-7C1D207D88F8}
[2012/08/05 16:21:08 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{922746AB-6979-4FB3-95AD-F6A7A2D6B682}
[2012/08/05 16:20:47 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1BDAB777-3B96-4032-9716-CDB0B1488DB4}
[2012/08/04 15:13:27 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{85C3C26D-953D-484C-B093-9082EA90A144}
[2012/08/04 15:13:06 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B8D337E3-D6A4-4B51-A6FC-B623483DA1FB}
[2012/08/03 16:13:18 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{19F14472-0FB8-4E7F-A1D2-5AC8D1258034}
[2012/08/03 16:12:54 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{BEB15028-31D0-45A8-AA32-E43A27A5BCCB}
[2012/08/03 02:56:54 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{A25AF1DE-60D5-4603-9210-D499C832D9A0}
[2012/08/03 02:56:37 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5511C085-C341-413D-A2F2-C709321DD721}
[2012/08/02 18:26:23 | 000,000,000 | ---D | C] -- C:\Users\nwofan\Desktop\nes
[2012/08/02 18:25:01 | 000,000,000 | R--D | C] -- C:\Users\nwofan\Desktop\Nintendo
[2012/08/02 17:17:53 | 000,000,000 | ---D | C] -- C:\Users\nwofan\Desktop\FightingIsMagic
[2012/08/02 14:56:08 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{2D92EFA0-5DF2-47B6-9523-19D267A28835}
[2012/08/02 14:55:57 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{D37D8464-7FF3-4B5A-8126-4DEF6EE3EC07}
[2012/08/02 02:55:28 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{F5E9AFCD-9A97-468B-B83E-0E2201BAEEE8}
[2012/08/02 02:55:05 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{EE1B376A-5000-4975-A088-7E68FD97F4F9}
[2012/08/01 14:54:36 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{961D78CF-E3CB-459A-A17C-EAB72DCEAF79}
[2012/08/01 14:54:25 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{0D30952A-2A40-4F6E-A514-079C648A0D74}
[2012/08/01 02:53:39 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{A1864ABE-EFE2-461D-BF0A-E093AA6B5619}
[2012/07/31 14:53:12 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{2CDC0075-9D9D-4CCC-964C-99806914C00E}
[2012/07/31 14:52:49 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{A35DEF74-6069-40A4-ABA6-122543E72856}
[2012/07/31 02:51:55 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B7C7A128-8EB3-455E-A378-6ADF0EB1B091}
[2012/07/30 14:51:04 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{A9AE4ADC-CBE3-4BE9-A178-96F069F99543}
[2012/07/30 14:50:34 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{4D68201D-8413-4F00-91FC-52B9855EF3FA}
[2012/07/29 17:33:30 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E71F7F01-736B-4216-819E-CD5820814D3B}
[2012/07/29 17:32:56 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{49A5641A-4073-48D9-B061-76E09A3CC556}
[2012/07/29 02:39:27 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B287FA90-098F-4B3C-8275-905CF5CFB133}
[2012/07/28 14:39:00 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{53B24085-20D7-478E-A1B4-3850FC638FFF}
[2012/07/28 14:38:48 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{7ECAF057-3300-4C37-91F3-10A489A054CB}
[2012/07/28 02:38:14 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{0933C8F4-6628-42D7-92FF-1DED2C8D08A3}
[2012/07/28 02:38:01 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{85E26AA6-0731-4D00-812C-048D6FB6DEC8}
[2012/07/27 14:37:17 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{29138572-D0D1-4C36-9229-96C530120AE6}
[2012/07/27 14:37:05 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E53EC8B6-6DEF-4857-9F05-855F1CE29BDF}
[2012/07/27 02:36:36 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{96B1DA6B-7308-4925-84A5-AB846275ABE8}
[2012/07/27 01:40:12 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zelda Classic 1.92 beta 183
[2012/07/26 23:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zelda Classic 1.92 beta 183
[2012/07/26 14:35:59 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{FF7FA8B5-1CB9-451A-8929-ABBF45DFD3BC}
[2012/07/26 14:35:48 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{F0E8290E-13C7-47B5-8B98-BB28B33D5D7B}
[2012/07/26 02:35:15 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{096FAABE-5BCA-422A-A80F-07755E011657}
[2012/06/19 02:00:54 | 001,973,368 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\nwofan\avg_remover_stf_x86_2012_2125.exe
[2012/02/24 00:29:50 | 030,218,224 | ---- | C] (IObit ) -- C:\Users\nwofan\asc-setup.exe
[2011/08/24 21:44:08 | 015,432,864 | ---- | C] (ManyCam LLC) -- C:\Users\nwofan\ManyCam.exe
[2011/08/04 20:31:01 | 000,243,360 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\nwofan\uninstall_flash_player.exe
[2010/07/22 00:24:52 | 001,048,576 | ---- | C] (Hazar Co.) -- C:\Users\nwofan\RemoveWAT.exe
[1998/04/26 22:00:00 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DAO350.DLL
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/24 16:56:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1868571618-3835447236-223175164-1000UA.job
[2012/08/24 16:33:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/24 16:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/24 16:28:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\nwofan\Desktop\OTL.exe
[2012/08/24 13:07:19 | 000,014,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/24 13:07:18 | 000,014,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/24 13:06:19 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/24 12:43:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/24 12:43:49 | 2414,780,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/24 01:56:22 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1868571618-3835447236-223175164-1000Core.job
[2012/08/23 16:09:43 | 001,425,268 | ---- | M] () -- C:\Users\nwofan\Desktop\SuperZeroMission-Captured.png
[2012/08/23 15:38:15 | 000,119,827 | ---- | M] () -- C:\Users\nwofan\Desktop\MetroidSuperZeroMission.png
[2012/08/23 03:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\ErrorEND.job
[2012/08/21 15:36:59 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/20 14:55:51 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2012/08/20 03:13:22 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/08/17 22:02:08 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/17 22:02:08 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/16 03:59:34 | 000,450,240 | ---- | M] () -- C:\Users\nwofan\Desktop\SM-Eris-2012.png
[2012/08/15 02:35:11 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/08/13 18:43:02 | 000,245,208 | ---- | M] () -- C:\Users\nwofan\Documents\Lucky wip.png
[2012/08/12 16:50:26 | 000,001,297 | ---- | M] () -- C:\Users\nwofan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/11 02:53:33 | 000,005,120 | ---- | M] () -- C:\Users\nwofan\Documents\netread.dll
[2012/08/11 02:50:33 | 017,897,044 | ---- | M] () -- C:\Users\nwofan\Documents\MLP MS.exe
[2012/08/09 19:57:13 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\DigiDo.lnk
[2012/08/09 17:28:58 | 000,001,152 | ---- | M] () -- C:\Users\nwofan\Desktop\SkyrimLauncher.exe - Shortcut.lnk
[2012/08/09 03:22:05 | 000,001,029 | ---- | M] () -- C:\Users\nwofan\Application Data\Microsoft\Internet Explorer\Quick Launch\Nexus Mod Manager.lnk
[2012/08/09 03:22:04 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/08/07 04:19:48 | 000,001,163 | ---- | M] () -- C:\Users\nwofan\Desktop\skse_loader.exe - Shortcut.lnk
[2012/08/07 00:00:25 | 000,000,641 | ---- | M] () -- C:\Users\nwofan\Desktop\Zelda Classic 1.92 beta 183.lnk
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/23 16:09:39 | 001,425,268 | ---- | C] () -- C:\Users\nwofan\Desktop\SuperZeroMission-Captured.png
[2012/08/23 15:41:47 | 000,119,827 | ---- | C] () -- C:\Users\nwofan\Desktop\MetroidSuperZeroMission.png
[2012/08/20 14:55:51 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2012/08/20 14:53:07 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/20 03:13:22 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/08/16 03:58:53 | 000,450,240 | ---- | C] () -- C:\Users\nwofan\Desktop\SM-Eris-2012.png
[2012/08/13 18:43:02 | 000,245,208 | ---- | C] () -- C:\Users\nwofan\Documents\Lucky wip.png
[2012/08/11 02:53:32 | 000,005,120 | ---- | C] () -- C:\Users\nwofan\Documents\netread.dll
[2012/08/11 02:48:27 | 017,897,044 | ---- | C] () -- C:\Users\nwofan\Documents\MLP MS.exe
[2012/08/09 19:57:13 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\DigiDo.lnk
[2012/08/09 12:27:33 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/08/07 04:19:15 | 000,001,163 | ---- | C] () -- C:\Users\nwofan\Desktop\skse_loader.exe - Shortcut.lnk
[2012/07/27 01:40:12 | 000,000,641 | ---- | C] () -- C:\Users\nwofan\Desktop\Zelda Classic 1.92 beta 183.lnk
[2012/07/21 15:18:43 | 000,000,804 | ---- | C] () -- C:\Windows\$NtUninstallKB61914$\1573301276\L\00000004.@
[2012/07/21 01:58:35 | 000,000,692 | ---- | C] () -- C:\Users\nwofan\L4D2 Updater.lnk
[2012/07/21 01:58:35 | 000,000,624 | ---- | C] () -- C:\Users\nwofan\Mutation Mod.lnk
[2012/06/19 01:52:14 | 001,632,470 | ---- | C] () -- C:\Users\nwofan\AVGInstLog.cab
[2012/06/13 21:47:09 | 000,028,046 | ---- | C] () -- C:\Users\nwofan\Two Tone Badge.JPG
[2012/06/08 20:59:30 | 000,004,027 | ---- | C] () -- C:\Users\nwofan\RP for today.rtf
[2012/06/07 00:33:59 | 002,886,982 | ---- | C] () -- C:\Users\nwofan\For Two-Tone.bmp
[2012/05/25 01:49:25 | 000,016,298 | ---- | C] () -- C:\Users\nwofan\1303432436.inflationcouplingist_101.rtf
[2012/03/17 15:35:06 | 000,129,493 | ---- | C] () -- C:\Users\nwofan\PICE0BC.tmp.jpg
[2012/01/20 00:44:16 | 000,000,107 | ---- | C] () -- C:\Users\nwofan\AppData\Roaming\Editroid.config
[2012/01/06 01:52:37 | 001,936,528 | ---- | C] () -- C:\Windows\System32\ltmm15.dll
[2011/12/05 22:51:28 | 000,001,270 | -HS- | C] () -- C:\Users\nwofan\AppData\Local\2c57wc1t07m582
[2011/12/05 22:51:28 | 000,001,270 | -HS- | C] () -- C:\ProgramData\2c57wc1t07m582
[2011/12/02 22:12:19 | 000,066,764 | ---- | C] () -- C:\Users\nwofan\Picture 27.jpg
[2011/12/02 02:26:05 | 000,001,126 | -HS- | C] () -- C:\Users\nwofan\AppData\Local\836580j5j142h321i213x2mvr4g5
[2011/12/02 02:26:05 | 000,001,126 | -HS- | C] () -- C:\ProgramData\836580j5j142h321i213x2mvr4g5
[2011/12/01 01:15:21 | 000,001,258 | -HS- | C] () -- C:\Users\nwofan\AppData\Local\a6rp56u7mc4xjx
[2011/12/01 01:15:21 | 000,001,258 | -HS- | C] () -- C:\ProgramData\a6rp56u7mc4xjx
[2011/11/29 08:04:31 | 000,002,242 | ---- | C] () -- C:\Users\nwofan\Norton PC Checkup.LNK
[2011/11/23 04:05:06 | 000,000,512 | ---- | C] () -- C:\Users\nwofan\MBR.dat
[2011/11/23 00:29:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/23 00:29:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/23 00:29:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/23 00:29:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/23 00:29:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/04 00:07:06 | 000,236,336 | ---- | C] () -- C:\Users\nwofan\Babs playing in her panties.png
[2011/10/30 03:50:58 | 001,040,772 | ---- | C] () -- C:\Users\nwofan\TT and my new_005.png
[2011/10/30 03:50:58 | 001,039,211 | ---- | C] () -- C:\Users\nwofan\TT and my new_007.png
[2011/10/30 03:50:58 | 001,024,654 | ---- | C] () -- C:\Users\nwofan\TT and my new_002.png
[2011/10/30 03:50:58 | 000,989,946 | ---- | C] () -- C:\Users\nwofan\TT and my new_001.png
[2011/10/30 03:50:58 | 000,984,485 | ---- | C] () -- C:\Users\nwofan\TT and my new_004.png
[2011/10/30 03:50:58 | 000,737,247 | ---- | C] () -- C:\Users\nwofan\TT and my new_003.png
[2011/10/30 03:50:58 | 000,541,559 | ---- | C] () -- C:\Users\nwofan\TT and my new_006.png
[2011/10/11 17:21:13 | 000,120,264 | ---- | C] () -- C:\Users\nwofan\Riverrecolor.jpg
[2011/09/15 18:26:28 | 000,000,865 | ---- | C] () -- C:\Users\nwofan\.recently-used.xbel
[2011/09/15 00:11:56 | 000,360,946 | ---- | C] () -- C:\Users\nwofan\cwps-1099843-1.jpg
[2011/09/06 03:00:28 | 000,270,336 | ---- | C] () -- C:\Users\nwofan\Cadpig_goes_bad.wps
[2011/09/06 02:57:23 | 000,007,326 | ---- | C] () -- C:\Users\nwofan\lucky-char.jpg
[2011/09/05 03:24:57 | 000,770,414 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_008.png
[2011/09/05 03:24:57 | 000,745,688 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_006.png
[2011/09/05 03:24:57 | 000,728,934 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_009.png
[2011/09/05 03:24:57 | 000,706,288 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_013.png
[2011/09/05 03:24:57 | 000,699,558 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_002.png
[2011/09/05 03:24:57 | 000,695,738 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_003.png
[2011/09/05 03:24:57 | 000,687,334 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_004.png
[2011/09/05 03:24:57 | 000,671,988 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_011.png
[2011/09/05 03:24:57 | 000,638,994 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_012.png
[2011/09/05 03:24:57 | 000,626,365 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_005.png
[2011/09/05 03:24:57 | 000,594,443 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_001.png
[2011/09/05 03:24:57 | 000,503,753 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_010.png
[2011/09/05 03:24:57 | 000,334,133 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_007.png
[2011/09/03 02:53:56 | 000,454,306 | ---- | C] () -- C:\Users\nwofan\diaper buster 1.png
[2011/08/28 19:57:01 | 000,000,985 | ---- | C] () -- C:\Users\nwofan\Free M4a to MP3 Converter.lnk
[2011/08/28 19:57:01 | 000,000,980 | ---- | C] () -- C:\Users\nwofan\My Music Tools.lnk
[2011/08/28 01:02:05 | 000,001,903 | ---- | C] () -- C:\Users\nwofan\MOTOROLA MEDIA LINK.lnk
[2011/08/13 03:24:50 | 000,280,739 | ---- | C] () -- C:\Users\nwofan\pretty_kitty_by_toddlergirl-d397r7f.png
[2011/08/08 00:10:43 | 001,923,244 | ---- | C] () -- C:\Users\nwofan\IMAG0026.jpg
[2011/08/08 00:10:43 | 001,649,591 | ---- | C] () -- C:\Users\nwofan\IMAG0028.jpg
[2011/08/08 00:10:43 | 001,643,789 | ---- | C] () -- C:\Users\nwofan\IMAG0027.jpg
[2011/07/27 14:30:27 | 001,525,339 | ---- | C] () -- C:\Users\nwofan\IMAG0449.jpg
[2011/07/25 21:07:38 | 004,386,885 | ---- | C] () -- C:\Users\nwofan\autosave.fxs
[2011/07/22 23:17:38 | 000,245,778 | ---- | C] () -- C:\Users\nwofan\SL error.jpg
[2011/07/11 11:53:36 | 000,000,020 | ---- | C] () -- C:\Windows\System32\NDADMIND.DLL
[2011/07/03 04:12:06 | 000,035,876 | ---- | C] () -- C:\Users\nwofan\CP RP.rtf
[2011/06/30 22:58:39 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/30 22:56:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/29 22:42:32 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/06/21 03:43:01 | 000,000,017 | ---- | C] () -- C:\Users\nwofan\AppData\Local\resmon.resmoncfg
[2011/06/21 03:13:52 | 000,212,973 | ---- | C] () -- C:\ProgramData\LUInstall.LiveUpdate
[2011/06/04 18:40:32 | 000,151,190 | ---- | C] () -- C:\Users\nwofan\FalloutNewVegasSOTTglitch.jpg
[2011/05/28 15:51:41 | 001,687,242 | ---- | C] () -- C:\Users\nwofan\TTandtheTARDIS_001.png
[2011/05/05 19:15:59 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/08 19:26:15 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat
[2011/03/23 20:48:06 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/03/20 19:42:28 | 000,010,138 | -HS- | C] () -- C:\ProgramData\656nu88vr46o46434852dexedp8y387cbt2pw58838r
[2011/03/20 19:42:28 | 000,010,068 | -HS- | C] () -- C:\Users\nwofan\AppData\Local\656nu88vr46o46434852dexedp8y387cbt2pw58838r
[2011/02/05 23:13:50 | 000,260,146 | ---- | C] () -- C:\Users\nwofan\Scallop_Stamp_Template_by_plztikphishphood.psd
[2011/02/04 15:37:19 | 000,539,687 | ---- | C] () -- C:\Users\nwofan\plush Two-tone with bottle.JPG
[2011/02/02 22:40:53 | 005,120,640 | ---- | C] () -- C:\Users\nwofan\WWE Kurt Angle theme (You suck choir).mp3
[2011/02/02 22:33:54 | 007,036,992 | ---- | C] () -- C:\Users\nwofan\nWo theme (voodoo child w_ voices).mp3
[2011/02/02 22:29:33 | 004,258,368 | ---- | C] () -- C:\Users\nwofan\Hulk Hogan Entrance Video.mp3
[2011/01/27 14:18:58 | 000,888,184 | ---- | C] () -- C:\Users\nwofan\108_2517.JPG
[2011/01/27 14:18:58 | 000,762,761 | ---- | C] () -- C:\Users\nwofan\108_2518.JPG
[2011/01/27 14:18:58 | 000,559,296 | ---- | C] () -- C:\Users\nwofan\108_2519.JPG
[2011/01/18 13:00:02 | 004,305,600 | ---- | C] () -- C:\Users\nwofan\Angry Video Game Nerd Full Theme Song.mp3
[2011/01/04 02:27:21 | 000,069,275 | ---- | C] () -- C:\Users\nwofan\autograph.jpg
[2010/12/31 23:11:56 | 000,163,898 | ---- | C] () -- C:\Users\nwofan\wof 100K win.jpg
[2010/12/31 03:22:14 | 000,070,015 | ---- | C] () -- C:\Users\nwofan\Peach Boss Goddess.jpg
[2010/12/04 16:20:27 | 008,481,615 | ---- | C] () -- C:\Users\nwofan\mara_jade.zip
[2010/11/19 22:07:12 | 000,450,821 | ---- | C] () -- C:\Users\nwofan\101 Dalmatians Style1.png
[2010/11/19 22:03:17 | 000,365,675 | ---- | C] () -- C:\Users\nwofan\101 Dalmatians Banner 1.png
[2010/11/02 21:24:47 | 000,005,395 | ---- | C] () -- C:\Users\nwofan\1288751380.luckybolt20_thebigcrossover.rtf
[2010/10/25 18:15:31 | 000,162,488 | ---- | C] () -- C:\Users\nwofan\George of the Jungle2.wav
[2010/10/25 18:15:11 | 000,162,488 | ---- | C] () -- C:\Users\nwofan\George of the Jungle.wav2.wav
[2010/10/25 18:13:26 | 000,162,488 | ---- | C] () -- C:\Users\nwofan\George of the Jungle.wav
[2010/10/19 22:57:21 | 002,713,862 | ---- | C] () -- C:\Users\nwofan\1279523769_arumontwolf_1279489370_constantine_auromwolf.png
[2010/10/19 22:57:21 | 001,110,929 | ---- | C] () -- C:\Users\nwofan\Ychan - r - wolf - wolf 6.jpg
[2010/10/19 22:57:21 | 000,235,899 | ---- | C] () -- C:\Users\nwofan\m_1281890420297_fluff-kevlar_fkevlar_aryteweb.jpg
[2010/10/19 22:57:21 | 000,202,017 | ---- | C] () -- C:\Users\nwofan\Ychan - r - wolf - 81529.jpg
[2010/10/19 22:57:21 | 000,130,082 | ---- | C] () -- C:\Users\nwofan\m_1284928089033_W_CANISLUPUS.jpg
[2010/10/13 01:03:55 | 000,065,536 | ---- | C] () -- C:\Users\nwofan\f261e365-0eb3-49cc-a7a4-388fb1eeeb0f.jpg
[2010/10/13 01:03:55 | 000,032,768 | ---- | C] () -- C:\Users\nwofan\67fcc669-29fd-4962-b862-0236bf649d88.jpg
[2010/09/09 16:16:38 | 001,131,946 | ---- | C] () -- C:\Users\nwofan\108_2508.JPG
[2010/09/09 00:47:25 | 002,192,034 | ---- | C] () -- C:\Users\nwofan\Wonkatastic.gif
[2010/09/07 02:17:44 | 000,082,123 | ---- | C] () -- C:\Users\nwofan\Joker1.jpg
[2010/08/28 01:53:21 | 000,281,818 | ---- | C] () -- C:\Users\nwofan\whomper2-065.jpg
[2010/08/20 02:45:26 | 000,027,200 | ---- | C] () -- C:\Users\nwofan\sally.jpg
[2010/07/28 00:08:12 | 000,051,151 | ---- | C] () -- C:\Users\nwofan\bff.jpg
[2010/07/25 02:13:50 | 000,010,752 | ---- | C] () -- C:\Users\nwofan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/24 22:26:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/22 00:46:53 | 001,032,326 | ---- | C] () -- C:\Users\nwofan\nWo Theme - Hulk Hogan TNA Theme w-Quotes_19477679.mp3
[2010/07/11 03:51:02 | 000,971,336 | ---- | C] () -- C:\Users\nwofan\SoMuchWork.wmv
[2010/07/08 01:05:52 | 003,162,583 | ---- | C] () -- C:\Users\nwofan\Simpsons - Garden of Eden.flv
[2010/07/08 01:02:00 | 000,380,206 | ---- | C] () -- C:\Users\nwofan\Breaking the law.flv
[2010/07/07 23:45:38 | 009,403,779 | ---- | C] () -- C:\Users\nwofan\bnb - Tornado.flv
[2010/07/06 00:06:47 | 001,440,054 | ---- | C] () -- C:\Users\nwofan\alex.bmp
[2010/07/05 00:05:22 | 000,061,621 | ---- | C] () -- C:\Users\nwofan\Babs in her pajama top.jpg
[2010/07/05 00:03:34 | 000,065,146 | ---- | C] () -- C:\Users\nwofan\Buster in his pajama top.jpg
[2010/07/03 01:37:26 | 000,025,645 | ---- | C] () -- C:\Users\nwofan\Picture 10.jpg
[2010/07/02 22:55:21 | 000,056,392 | ---- | C] () -- C:\Users\nwofan\ECP_00010.jpg
[2010/06/18 22:12:11 | 000,725,701 | ---- | C] () -- C:\Users\nwofan\104_2340.JPG
[2010/06/18 02:27:08 | 003,023,232 | ---- | C] () -- C:\Users\nwofan\Terminator Theme.mp3
[2010/06/03 03:36:37 | 000,663,651 | ---- | C] () -- C:\Users\nwofan\khorneberzerkers.png
[2010/06/03 03:36:37 | 000,590,923 | ---- | C] () -- C:\Users\nwofan\Tacticageniuspool.jpg
[2010/06/03 03:36:37 | 000,475,100 | ---- | C] () -- C:\Users\nwofan\fuangrymarine.jpg
[2010/06/03 03:36:37 | 000,101,917 | ---- | C] () -- C:\Users\nwofan\1259637709948.jpg
[2010/06/03 03:36:37 | 000,083,417 | ---- | C] () -- C:\Users\nwofan\Bolter.jpg
[2010/06/03 03:36:37 | 000,067,018 | ---- | C] () -- C:\Users\nwofan\segway-rough-riders-imperial-guard-warhammer-40k-segway-roug-demotivational-poster-1255553637.jpg
[2010/06/03 03:36:37 | 000,050,329 | ---- | C] () -- C:\Users\nwofan\1259637858517.png
[2010/06/03 03:36:37 | 000,044,681 | ---- | C] () -- C:\Users\nwofan\60474_Tactical_facepalm.jpg
[2010/06/03 03:36:37 | 000,029,665 | ---- | C] () -- C:\Users\nwofan\nachof-10.jpg
[2010/06/01 23:04:45 | 000,139,152 | ---- | C] () -- C:\Users\nwofan\AppData\Roaming\PnkBstrK.sys
[2010/06/01 23:04:45 | 000,014,994 | ---- | C] () -- C:\Users\nwofan\AppData\Roaming\wklnhst.dat
[2010/05/31 16:21:28 | 000,283,626 | ---- | C] () -- C:\Users\nwofan\template.jpg
[2010/05/29 22:43:21 | 000,048,925 | ---- | C] () -- C:\Users\nwofan\ECP_00004.jpg
[2010/05/29 22:42:14 | 000,050,421 | ---- | C] () -- C:\Users\nwofan\ECP_00003.jpg
[2010/05/29 22:41:36 | 000,051,934 | ---- | C] () -- C:\Users\nwofan\ECP_00002.jpg
[2010/04/27 02:27:01 | 000,058,335 | ---- | C] () -- C:\Users\nwofan\1581j5l.gif
[2010/04/26 01:04:08 | 000,018,460 | ---- | C] () -- C:\Users\nwofan\KARISCREST.jpg
[2010/04/26 01:04:01 | 000,018,503 | ---- | C] () -- C:\Users\nwofan\TKSCREST.jpg
[2010/04/04 20:50:12 | 000,008,528 | ---- | C] () -- C:\Users\nwofan\wrongcollarcolor[1].jpg
[2010/03/13 21:25:55 | 000,000,915 | ---- | C] () -- C:\Users\nwofan\Ventrilo.lnk
[2009/12/31 22:31:37 | 000,246,761 | ---- | C] () -- C:\Users\nwofan\WWE & UFC Titles.rar
[2009/11/10 12:37:56 | 000,000,802 | ---- | C] () -- C:\Users\nwofan\TunesUp20.lnk
[2009/09/28 11:02:40 | 000,000,179 | ---- | C] () -- C:\Users\nwofan\PIXELA Product Registration.url
[2009/09/28 11:02:40 | 000,000,176 | ---- | C] () -- C:\Users\nwofan\Everio MediaBrowser Homepage.url
[2009/09/26 19:19:12 | 002,869,528 | ---- | C] () -- C:\Users\nwofan\Zach Gowen.wmv
[2009/09/18 03:25:01 | 000,218,857 | ---- | C] () -- C:\Users\nwofan\DSW.jpg
[2009/09/14 22:44:10 | 002,992,128 | ---- | C] () -- C:\Users\nwofan\Jerishow's Newest Theme 2009 BEST QUALITY.mp3
[2009/09/03 19:15:11 | 002,931,179 | ---- | C] () -- C:\Users\nwofan\The Brian Kendrick - Man With A Plan [Full].mp3
[2009/09/01 14:47:32 | 004,996,669 | ---- | C] () -- C:\Users\nwofan\Legacy.mp3
[2009/08/13 00:36:05 | 000,005,624 | ---- | C] () -- C:\Users\nwofan\sandworm texture.jpg
[2009/07/13 20:25:09 | 000,043,712 | ---- | C] () -- C:\Users\nwofan\brian-lawler-mugshot.jpg
[2009/07/11 23:59:13 | 000,405,054 | ---- | C] () -- C:\Users\nwofan\pee wee mug shot.bmp
[2009/07/07 21:24:18 | 022,730,332 | ---- | C] () -- C:\Users\nwofan\Hitler Original Bunker Scene No Subtitles.avi
[2009/05/11 20:32:46 | 000,001,900 | ---- | C] () -- C:\Users\nwofan\ArcSoft Products.lnk
[2009/04/30 00:55:34 | 001,142,980 | ---- | C] () -- C:\Users\nwofan\Scan0001.tif
[2009/04/29 14:44:36 | 000,000,816 | ---- | C] () -- C:\Users\nwofan\WinRAR.lnk
[2008/12/16 18:08:26 | 000,002,175 | ---- | C] () -- C:\Users\nwofan\Norton Internet Security.lnk

========== LOP Check ==========

[2011/11/28 06:24:54 | 000,000,000 | ---D | M] -- C:\Users\Alex Valencia 2\AppData\Roaming\AVG2012
[2012/06/07 05:20:24 | 000,000,000 | ---D | M] -- C:\Users\Alex Valencia 2\AppData\Roaming\ID Vault
[2012/02/24 16:11:27 | 000,000,000 | ---D | M] -- C:\Users\Alex Valencia 2\AppData\Roaming\IObit
[2012/04/07 23:28:54 | 000,000,000 | ---D | M] -- C:\Users\Alex Valencia 2\AppData\Roaming\motorola
[2012/02/07 08:14:49 | 000,000,000 | ---D | M] -- C:\Users\Alex Valencia 2\AppData\Roaming\Recordpad
[2011/09/07 22:23:22 | 000,000,000 | ---D | M] -- C:\Users\Alex Valencia 2\AppData\Roaming\Temp
[2011/09/07 22:23:22 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2011/09/07 22:23:22 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2011/11/28 10:49:24 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\AVG2012
[2010/08/16 06:30:59 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\AVG9
[2010/07/24 21:07:41 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\Blitware
[2010/07/24 21:07:44 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\funkitron
[2011/05/31 09:47:48 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\go
[2012/06/07 09:15:09 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\ID Vault
[2012/02/24 09:49:08 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\IObit
[2010/07/24 21:07:44 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\Ludia
[2011/05/15 10:47:24 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\MotioninJoy
[2012/05/29 10:29:15 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\motorola
[2011/08/12 11:56:10 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\NCH Swift Sound
[2012/05/26 10:19:17 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\ooVoo Details
[2010/07/24 21:07:53 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\PMCallCenter
[2011/06/01 15:01:59 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\Publish Providers
[2012/02/06 13:57:52 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\Recordpad
[2010/11/25 18:24:25 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\SecondLife
[2009/05/11 22:48:37 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\Skinux
[2012/07/02 06:34:49 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\Sony
[2011/06/23 13:26:00 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\Sony Creative Software Inc
[2011/11/28 13:02:22 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\Temp
[2010/07/24 21:07:55 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\Template
[2011/11/29 08:04:39 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\Tific
[2010/07/24 22:16:38 | 000,000,000 | ---D | M] -- C:\Users\Mario Valencia\AppData\Roaming\WinBatch
[2010/07/24 21:12:40 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\acccore
[2010/09/18 10:17:15 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Aim
[2012/06/21 23:32:38 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Ask.com
[2011/11/27 23:00:09 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\AVG2012
[2010/08/15 19:16:01 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\AVG9
[2012/02/24 01:29:36 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Azureus
[2012/03/16 02:23:02 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Babylon
[2010/07/24 21:12:43 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\BitComet
[2012/01/07 02:02:25 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\ConsumerSoft
[2012/02/24 01:29:36 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\DAEMON Tools Lite
[2012/02/24 01:29:36 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\DAEMON Tools Pro
[2010/10/25 14:52:42 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Datel
[2012/06/18 01:37:03 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Firestorm
[2010/07/24 21:12:44 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\fltk.org
[2010/07/24 21:12:44 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\funkitron
[2010/08/18 23:52:27 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\GameTuts
[2011/06/17 14:00:10 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\go
[2011/09/15 18:26:28 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\gtk-2.0
[2012/06/07 13:25:05 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\ID Vault
[2010/07/24 21:12:44 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\ImgBurn
[2012/04/02 14:10:00 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\IObit
[2010/07/24 21:12:44 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\iWin
[2012/07/12 19:44:51 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\LOVE
[2010/07/24 21:12:44 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Ludia
[2012/06/29 03:36:04 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\ManyCam
[2012/01/24 14:13:17 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\MaskMyIP
[2011/05/13 20:53:06 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\MotioninJoy
[2011/09/08 14:25:32 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Moyea
[2012/02/21 01:51:54 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Mupen64Plus
[2010/07/24 21:13:11 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\muvee Technologies
[2010/08/23 20:20:32 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\NCH Swift Sound
[2010/07/24 21:13:12 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Neopets Toolbar
[2012/01/24 03:49:30 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\ooVoo Details
[2012/06/04 01:03:53 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\OpenCandy
[2010/10/27 01:47:32 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\OpenOffice.org
[2010/07/24 21:13:12 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\PlayFirst
[2011/06/25 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Publish Providers
[2012/02/06 15:43:47 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Recordpad
[2011/03/23 21:35:55 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Reuben
[2012/06/16 03:11:49 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\SecondLife
[2010/09/30 19:33:21 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Sierra Wireless
[2009/05/12 13:19:56 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Skinux
[2011/07/08 22:13:46 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Sony
[2011/03/20 00:19:59 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Stella
[2011/01/21 15:18:41 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\SYSTEMAX Software Development
[2012/07/12 03:48:38 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Systweak
[2011/08/25 02:08:21 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\TeamViewer
[2012/08/17 21:31:04 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Temp
[2010/10/10 01:54:18 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Template
[2011/06/21 02:54:35 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\TeraCopy
[2012/07/18 00:05:41 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\uTorrent
[2011/05/31 02:27:46 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\VBA-M
[2010/07/24 21:13:20 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Vision Thing
[2011/04/03 20:19:22 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\wb
[2010/07/24 21:13:20 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Webcammax
[2010/08/01 14:46:33 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\WhiteSmokeTranslator
[2010/07/24 21:13:20 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\WildTangent
[2010/07/24 21:13:21 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\WinBatch
[2009/10/05 21:33:25 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Windows Live Writer
[2012/07/10 02:14:20 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Z-Net I
[2012/02/19 22:38:57 | 000,000,000 | ---D | M] -- C:\Users\Veronica Valencia\AppData\Roaming\AVG2012
[2010/08/21 08:35:16 | 000,000,000 | ---D | M] -- C:\Users\Veronica Valencia\AppData\Roaming\AVG9
[2012/04/10 19:26:33 | 000,000,000 | ---D | M] -- C:\Users\Veronica Valencia\AppData\Roaming\IObit
[2012/05/29 14:05:51 | 000,000,000 | ---D | M] -- C:\Users\Veronica Valencia\AppData\Roaming\NCH Swift Sound
[2011/04/25 08:43:19 | 000,000,000 | ---D | M] -- C:\Users\Veronica Valencia\AppData\Roaming\OpenOffice.org
[2012/02/19 22:38:39 | 000,000,000 | ---D | M] -- C:\Users\Veronica Valencia\AppData\Roaming\Recordpad
[2009/09/11 11:31:18 | 000,000,000 | ---D | M] -- C:\Users\Veronica Valencia\AppData\Roaming\Skinux
[2011/04/25 08:42:09 | 000,000,000 | ---D | M] -- C:\Users\Veronica Valencia\AppData\Roaming\Template
[2010/07/24 21:25:44 | 000,000,000 | ---D | M] -- C:\Users\Veronica Valencia\AppData\Roaming\WildTangent
[2010/07/24 21:25:44 | 000,000,000 | ---D | M] -- C:\Users\Veronica Valencia\AppData\Roaming\WinBatch
[2012/08/23 03:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\ErrorEND.job
[2012/06/29 14:20:05 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/08/02 13:03:41 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2008/04/11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 05:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\ERDNT\cache\qmgr.dll
[2010/11/20 05:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010/11/20 05:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 14:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 14:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CFG >
[2012/07/27 13:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 19:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/13 19:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 21:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 14:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 14:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2008/09/09 17:59:10 | 000,000,875 | ---- | M] () MD5=3382D191625A7528ED791FEDCCE3F212 -- C:\Program Files\PC-Doctor for Windows\Images\img16_16\services.png
[2008/09/09 17:59:22 | 000,002,244 | ---- | M] () MD5=8C5F2C34A5FB317B868565F9451BF74C -- C:\Program Files\PC-Doctor for Windows\Images\img32_32\services.png
[2008/09/09 17:59:32 | 000,006,479 | ---- | M] () MD5=AFCA60ED198BE9309943722FE8758392 -- C:\Program Files\PC-Doctor for Windows\Images\img64_64\services.png
[2008/09/09 17:59:28 | 000,004,193 | ---- | M] () MD5=E1C3A20056206C394E65B37CE1D43851 -- C:\Program Files\PC-Doctor for Windows\Images\img48_48\services.png
[2008/09/09 17:59:16 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\PC-Doctor for Windows\Images\img24_24\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/13 13:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 13:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.RDB >
[2012/04/19 08:43:10 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012/04/19 08:43:10 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb
[2012/04/13 06:55:44 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C980DA7D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

Didn't get the Extras.txt log though

#4
Essexboy

Posted 25 August 2012 - 04:34 AM

GeekU Moderator

Retired Staff
69,964 posts

OK lets remove the infections first before we look at the spoolserv problem

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Posted Image

:OTL
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O4 - HKU\S-1-5-21-1868571618-3835447236-223175164-1000..\Run: [fltMosk] C:\Users\nwofan\AppData\Local\Temp\BdeUfc.dll (FRISK Software International)
[2012/01/06 01:52:37 | 001,936,528 | ---- | C] () -- C:\Windows\System32\ltmm15.dll
[2011/12/05 22:51:28 | 000,001,270 | -HS- | C] () -- C:\Users\nwofan\AppData\Local\2c57wc1t07m582
[2011/12/05 22:51:28 | 000,001,270 | -HS- | C] () -- C:\ProgramData\2c57wc1t07m582
[2011/12/02 02:26:05 | 000,001,126 | -HS- | C] () -- C:\Users\nwofan\AppData\Local\836580j5j142h321i213x2mvr4g5
[2011/12/02 02:26:05 | 000,001,126 | -HS- | C] () -- C:\ProgramData\836580j5j142h321i213x2mvr4g5
[2011/12/01 01:15:21 | 000,001,258 | -HS- | C] () -- C:\Users\nwofan\AppData\Local\a6rp56u7mc4xjx
[2011/12/01 01:15:21 | 000,001,258 | -HS- | C] () -- C:\ProgramData\a6rp56u7mc4xjx
[2011/03/20 19:42:28 | 000,010,138 | -HS- | C] () -- C:\ProgramData\656nu88vr46o46434852dexedp8y387cbt2pw58838r
[2011/03/20 19:42:28 | 000,010,068 | -HS- | C] () -- C:\Users\nwofan\AppData\Local\656nu88vr46o46434852dexedp8y387cbt2pw58838r

:Reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] 
""="%systemroot%\system32\wbem\wbemess.dll" 
[-HKCU\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]
"DisplayName"="@%SystemRoot%\\system32\\qmgr.dll,-1000"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="@%SystemRoot%\\system32\\qmgr.dll,-1001"
"ObjectName"="LocalSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"DelayedAutoStart"=dword:00000001
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,45,00,76,00,65,00,\
  6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,\
  00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
  00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,\
  72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,\
  63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  71,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library"="bitsperf.dll"
"Open"="PerfMon_Open"
"Collect"="PerfMon_Collect"
"Close"="PerfMon_Close"
"InstallType"=dword:00000001
"PerfIniFile"="bitsctrs.ini"
"Last Counter"=dword:00000fc8
"Last Help"=dword:00000fc9
"First Counter"=dword:00000fb8
"First Help"=dword:00000fb9
"Object List"="4024"
"1008"=hex(b):50,94,22,ad,0d,ad,cc,01
"PerfMMFileName"="Global\\MMF_BITS_s"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security"=hex:01,00,14,80,94,00,00,00,a4,00,00,00,14,00,00,00,34,00,00,00,02,\
  00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
  00,00,20,02,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,\
  00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\
  20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,\
  00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,\
  00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00

:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

FOLLOWED BY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#5
Lucky Dearly

Posted 26 August 2012 - 11:11 AM

Member

Topic Starter
Member
349 posts

ComboFix 12-08-25.04 - nwofan 08/26/2012 9:14.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.2206 [GMT -7:00]
Running from: c:\users\nwofan\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Your Product\Uninstall
c:\program files\Your Product\Uninstall\IRIMG1.JPG
c:\program files\Your Product\Uninstall\IRIMG2.JPG
c:\program files\Your Product\Uninstall\uninstall.dat
c:\program files\Your Product\Uninstall\uninstall.xml
c:\users\nwofan\AppData\Roaming\Love
c:\users\nwofan\AppData\Roaming\Love\mari0\options.txt
c:\windows\$NtUninstallKB61914$
c:\windows\$NtUninstallKB61914$\1573301276\L\00000004.@
c:\windows\$NtUninstallKB61914$\1573301276\L\1afb2d56
c:\windows\$NtUninstallKB61914$\1573301276\L\201d3dde
c:\windows\$NtUninstallKB61914$\1573301276\L\ngoexmwu
c:\windows\system32\sysprep\CRYPTBASE.dll_
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-26 16:48 . 2012-08-26 16:48 -------- d-----w- c:\users\Veronica Valencia\AppData\Local\temp
2012-08-26 16:48 . 2012-08-26 16:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-26 16:48 . 2012-08-26 16:48 -------- d-----w- c:\users\Mario Valencia\AppData\Local\temp
2012-08-26 16:48 . 2012-08-26 16:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-26 16:48 . 2012-08-26 16:48 -------- d-----w- c:\users\Alex Valencia 2\AppData\Local\temp
2012-08-20 21:55 . 2012-08-25 10:29 -------- d-----w- c:\users\nwofan\AppData\Roaming\mIRC
2012-08-20 21:55 . 2012-08-20 21:55 -------- d-----w- c:\program files\mIRC
2012-08-20 21:42 . 2012-08-23 09:58 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-20 21:42 . 2012-08-23 09:58 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-20 12:20 . 2012-08-20 12:20 -------- d-----w- c:\windows\Panther
2012-08-10 02:57 . 2012-08-10 02:57 -------- d-----w- c:\programdata\Affinegy
2012-08-10 02:57 . 2012-08-10 02:57 -------- d-----w- c:\program files\TWC
2012-08-09 19:27 . 2012-08-26 05:57 -------- d-----w- c:\program files\Steam
2012-08-07 10:38 . 2012-08-07 10:38 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-27 22:22 . 2012-07-27 22:22 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-27 22:22 . 2012-07-27 22:22 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 10:38 . 2011-05-04 01:25 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-24 03:22 . 2012-07-24 03:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-23 06:09 . 2011-07-01 05:56 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-07-12 23:54 . 2012-07-12 23:54 279067 ----a-w- c:\windows\system32\libgobject-2.0-0.dll
2012-07-05 22:25 . 2012-07-05 22:25 18944 ----a-r- c:\users\nwofan\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-07-03 20:46 . 2009-11-21 10:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 16:56 . 2012-01-30 04:25 71104 ----a-w- c:\windows\CouponPrinter.ocx
2012-06-19 09:00 . 2012-06-19 09:00 1973368 ----a-w- c:\users\nwofan\avg_remover_stf_x86_2012_2125.exe
1998-04-27 05:00 . 1998-04-27 05:00 570128 ----a-w- c:\program files\Common Files\DAO350.DLL
2012-07-27 22:22 . 2011-04-02 10:07 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-01-12 1517368]
"{6f895323-a0d1-4844-b5d1-89e3962fa2b2}"= "c:\program files\searchresults7\searchresultsDx.dll" [2012-03-27 87008]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{6f895323-a0d1-4844-b5d1-89e3962fa2b2}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6f895323-a0d1-4844-b5d1-89e3962fa2b2}]
2012-03-27 06:44 87008 ----a-w- c:\program files\searchresults7\searchresultsDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6f895323-a0d1-4844-b5d1-89e3962fa2b2}"= "c:\program files\searchresults7\searchresultsDx.dll" [2012-03-27 87008]
.
[HKEY_CLASSES_ROOT\clsid\{6f895323-a0d1-4844-b5d1-89e3962fa2b2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800]
"Pando"="c:\program files\Pando Networks\Pando\Pando.exe" [2010-08-01 4950936]
"AIM"="c:\program files\AIM7\aim.exe" [2012-05-30 4331392]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-25 39408]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2012-05-29 25249400]
"uTorrent"="c:\users\nwofan\Desktop\Emulators\uTorrent.exe" [2012-02-04 219952]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-07 574296]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2012-06-28 2160024]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Steam"="c:\program files\Steam\steam.exe" [2012-08-09 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"HostManager"="c:\program files\Common Files\AOL\1241069855\ee\AOLSoftware.exe" [2010-03-08 41800]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Recordpad"="c:\program files\NCH Software\Recordpad\recordpad.exe" [2012-02-06 1240068]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"DigiDo"="c:\program files\TWC\DigiDo\TrayApp.exe" [2011-10-17 1458544]
"Conime"="c:\windows\system32\conime.exe" [BU]
.
c:\users\Veronica Valencia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
c:\users\nwofan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-11-23 576000]
OpenOffice.org 3.4.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MBCameraMonitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MBCameraMonitor.lnk
backup=c:\windows\pss\MBCameraMonitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Registration Tool.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run Registration Tool.lnk
backup=c:\windows\pss\Run Registration Tool.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TunesUp20.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TunesUp20.lnk
backup=c:\windows\pss\TunesUp20.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 15:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 08:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 03:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2009-08-01 01:38 283792 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2010-11-20 12:17 144384 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1241069855\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 15:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 22:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2010-06-30 07:14 1689144 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2008-07-21 13:30 12288 ----a-w- c:\program files\Hewlett-Packard\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2011-03-04 19:45 2741616 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-07-03 20:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-07-03 20:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2008-09-23 19:03 912688 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 22:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 02:11 210216 ----a-w- c:\program files\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 02:11 210216 ----a-w- c:\program files\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-09-11 23:32 210216 ----a-w- c:\program files\Cyberlink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-10-01 00:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
R2 gupdate1ca6243422bd392;Google Update Service (gupdate1ca6243422bd392);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 dsiarhwprog;dsiarhwprog;c:\windows\system32\Drivers\dsiarhwprog.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\program files\PC-Doctor for Windows\pcd5srvc.pkms [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
R3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys [x]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\NServiceEntry.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [x]
S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 19:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 09:58]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 20:20]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 20:20]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1868571618-3835447236-223175164-1000Core.job
- c:\users\nwofan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-16 01:23]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1868571618-3835447236-223175164-1000UA.job
- c:\users\nwofan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-16 01:23]
.
2012-08-26 c:\windows\Tasks\Norton Security Scan for nwofan.job
- c:\progra~1\NORTON~4\Engine\372~1.5\Nss.exe [2012-05-13 09:45]
.
2012-06-29 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wwe.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com/?fr=fp-tyc8
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v420.cab
FF - ProfilePath - c:\users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.wwe.com
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-KodakHomeCenter - c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe
SafeBoot-35643240.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
MSConfigStartUp-EKIJ5000StatusMonitor - c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
MSConfigStartUp-lxbkbmgr - c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\program files\PC-Doctor for Windows\pcd5srvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1868571618-3835447236-223175164-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:94,22,3e,75,1a,49,97,e5,88,35,c6,e4,55,54,fe,4f,08,44,c5,99,bd,30,72,
c0,47,7c,53,58,60,ae,e4,34,f1,e9,18,33,bd,04,e3,66,3b,80,ee,8a,15,af,18,1d,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1868571618-3835447236-223175164-1000\Software\SecuROM\License information*]
"datasecu"=hex:9a,f7,6e,4d,b6,50,f9,96,5c,c1,5b,41,bf,f9,ef,d5,ae,23,46,9b,10,
29,32,2b,43,47,9b,93,30,81,02,66,93,47,ec,72,3b,70,61,b1,65,01,d0,99,57,9d,\
"rkeysecu"=hex:a3,55,ea,db,ed,3a,3b,2e,64,c0,1f,5b,8f,6c,dd,1f
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1032)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\TWC\DigiDo\AffinegyService.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\taskhost.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files\IObit\Game Booster 3\gbtray.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-08-26 10:06:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-26 17:06
ComboFix2.txt 2011-11-24 03:18
ComboFix3.txt 2011-11-23 22:51
ComboFix4.txt 2011-11-23 10:45
.
Pre-Run: 17,761,562,624 bytes free
Post-Run: 17,853,448,192 bytes free
.
- - End Of File - - 16CC81309B0B5D97215B60C8B6697B1D

Computer seems to be a bit faster now, also to note I did have a rootkit infection which combofix picked up on. I'll let the log speak for itself

#6
Essexboy

Posted 26 August 2012 - 12:43 PM

GeekU Moderator

Retired Staff
69,964 posts

Yep but it has now gone, OK time to fix the spoolserv problem. How is the computer behaving now ?

Run OTL with the following custom scan script and press quick scan

/md5start
spoolsv.*
/md5stop

One log will be generated post that here

#7
Lucky Dearly

Posted 26 August 2012 - 06:54 PM

Member

Topic Starter
Member
349 posts

it's running smoothly now

here's the OTL log

OTL logfile created on: 8/26/2012 5:09:55 PM - Run 8
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\nwofan\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 51.05% Memory free
6.00 Gb Paging File | 3.68 Gb Available in Paging File | 61.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.46 Gb Total Space | 16.70 Gb Free Space | 5.83% Space Free | Partition Type: NTFS
Drive D: | 11.63 Gb Total Space | 1.59 Gb Free Space | 13.63% Space Free | Partition Type: NTFS
Drive H: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 297.44 Gb Total Space | 9.23 Gb Free Space | 3.10% Space Free | Partition Type: NTFS

Computer Name: GAMERPC | User Name: nwofan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/24 16:28:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\nwofan\Desktop\OTL.exe
PRC - [2012/08/23 02:58:33 | 000,690,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
PRC - [2012/08/09 12:27:44 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/28 02:05:00 | 002,160,024 | ---- | M] (ManyCam LLC) -- C:\Program Files\ManyCam\Bin\ManyCam.exe
PRC - [2012/05/30 10:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM7\aim.exe
PRC - [2012/05/29 10:37:22 | 025,249,400 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2012/04/27 19:05:40 | 000,613,208 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster 3\gbtray.exe
PRC - [2012/04/19 08:50:10 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/04/19 08:50:10 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2012/02/03 21:46:30 | 000,219,952 | ---- | M] () -- C:\Users\nwofan\Desktop\Emulators\uTorrent.exe
PRC - [2011/12/14 13:51:21 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.7\waol.exe
PRC - [2011/12/14 13:51:19 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.7\shellmon.exe
PRC - [2011/11/25 04:13:04 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/10/17 14:04:30 | 000,580,464 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\TWC\DigiDo\AffinegyService.exe
PRC - [2011/10/17 14:04:28 | 008,445,296 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\TWC\DigiDo\DigiDo.exe
PRC - [2011/10/17 14:04:28 | 001,458,544 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\TWC\DigiDo\TrayApp.exe
PRC - [2011/10/15 01:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/08/10 12:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/08/08 15:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/11 14:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/06/23 21:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/17 10:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/03 14:50:59 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/05 16:11:52 | 000,081,920 | R--- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\NServiceEntry.exe
PRC - [2010/08/01 14:45:22 | 004,950,936 | ---- | M] (Pando Networks) -- C:\Program Files\Pando Networks\Pando\pando.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/08 00:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1241069855\ee\aolsoftware.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/08/28 13:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/26 16:56:00 | 000,033,792 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\YTMP7MC8AA\TAAA76F.tmp
MOD - [2012/08/26 16:55:39 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM52A6.tmp
MOD - [2012/08/26 16:55:39 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM51BA.tmp
MOD - [2012/08/26 16:55:39 | 000,085,504 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM5474.tmp
MOD - [2012/08/26 16:55:39 | 000,085,504 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM5472.tmp
MOD - [2012/08/26 16:55:39 | 000,085,504 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM5451.tmp
MOD - [2012/08/26 16:55:39 | 000,085,504 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM5410.tmp
MOD - [2012/08/26 16:55:38 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM50CE.tmp
MOD - [2012/08/26 16:55:38 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM4F56.tmp
MOD - [2012/08/26 16:55:38 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM4E5A.tmp
MOD - [2012/08/26 16:55:37 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM4D20.tmp
MOD - [2012/08/26 16:55:37 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM4BF6.tmp
MOD - [2012/08/26 16:55:37 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM4A6E.tmp
MOD - [2012/08/26 16:55:36 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM48F5.tmp
MOD - [2012/08/26 16:55:36 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM47EA.tmp
MOD - [2012/08/26 16:55:36 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM46A1.tmp
MOD - [2012/08/26 16:55:35 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM44DA.tmp
MOD - [2012/08/26 16:55:35 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM4362.tmp
MOD - [2012/08/26 16:55:34 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM41AB.tmp
MOD - [2012/08/26 16:55:34 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM4081.tmp
MOD - [2012/08/26 16:55:34 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM3F18.tmp
MOD - [2012/08/26 16:55:34 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM3E2C.tmp
MOD - [2012/08/26 16:55:33 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM3CC3.tmp
MOD - [2012/08/26 16:55:33 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM3B6A.tmp
MOD - [2012/08/26 16:55:32 | 000,120,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM3954.tmp
MOD - [2012/08/26 16:55:32 | 000,072,704 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM36EE.tmp
MOD - [2012/08/26 16:55:32 | 000,072,192 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM37EC.tmp
MOD - [2012/08/26 16:55:32 | 000,072,192 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM376D.tmp
MOD - [2012/08/26 16:55:32 | 000,072,192 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM36DC.tmp
MOD - [2012/08/26 16:55:31 | 000,075,776 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM32AE.tmp
MOD - [2012/08/26 16:55:31 | 000,064,000 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM338C.tmp
MOD - [2012/08/26 16:55:31 | 000,057,344 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM3554.tmp
MOD - [2012/08/26 16:55:31 | 000,053,760 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM3478.tmp
MOD - [2012/08/26 16:55:31 | 000,053,760 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM331D.tmp
MOD - [2012/08/26 16:55:30 | 000,075,776 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM3210.tmp
MOD - [2012/08/26 16:55:30 | 000,075,776 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM3160.tmp
MOD - [2012/08/26 16:55:30 | 000,075,776 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM30A3.tmp
MOD - [2012/08/26 16:55:30 | 000,075,776 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM2FE6.tmp
MOD - [2012/08/26 16:55:30 | 000,075,776 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM2EAA.tmp
MOD - [2012/08/26 16:55:30 | 000,075,776 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM2E88.tmp
MOD - [2012/08/26 16:55:30 | 000,075,776 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM2E67.tmp
MOD - [2012/08/26 16:55:30 | 000,068,608 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM2E46.tmp
MOD - [2012/08/26 16:55:30 | 000,056,832 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM2F09.tmp
MOD - [2012/08/26 16:55:30 | 000,056,320 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM31CF.tmp
MOD - [2012/08/26 16:55:29 | 000,075,776 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM2D18.tmp
MOD - [2012/08/26 16:55:29 | 000,056,320 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM2DA6.tmp
MOD - [2012/08/26 16:55:29 | 000,055,296 | ---- | M] () -- C:\Users\nwofan\AppData\Local\temp\XTMP1MC3VE\DEM2DF6.tmp
MOD - [2012/08/22 19:54:09 | 020,317,008 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/08/22 19:54:09 | 001,099,616 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/08/22 19:54:09 | 000,902,480 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/08/22 19:54:09 | 000,190,816 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/08/22 19:54:09 | 000,123,232 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/06/28 02:05:02 | 000,124,312 | ---- | M] () -- C:\Program Files\ManyCam\Bin\CrashRpt.dll
MOD - [2012/05/30 10:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files\AIM7\nssckbi.dll
MOD - [2012/04/13 12:04:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/04/13 12:00:04 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll
MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/02/22 20:49:38 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2012/02/03 21:46:30 | 000,219,952 | ---- | M] () -- C:\Users\nwofan\Desktop\Emulators\uTorrent.exe
MOD - [2011/12/14 13:51:21 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7\zlib.dll
MOD - [2011/10/17 14:04:32 | 000,022,896 | ---- | M] () -- C:\Program Files\TWC\DigiDo\AffinegyServicePS.dll
MOD - [2011/10/17 13:54:02 | 001,686,016 | ---- | M] () -- C:\Program Files\TWC\DigiDo\gateways\ArrisTG852GLOC.dll
MOD - [2011/10/17 13:49:22 | 000,333,824 | ---- | M] () -- C:\Program Files\TWC\DigiDo\DigiDoFlavor.dll
MOD - [2011/08/13 13:48:49 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
MOD - [2011/08/13 13:15:09 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8b3b6ed74cb3d94695b0eaf94a362d42\UIAutomationTypes.ni.dll
MOD - [2011/08/13 13:15:09 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\4a63fb97b3c648a28b8047697869ee7d\UIAutomationProvider.ni.dll
MOD - [2011/08/13 13:15:08 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
MOD - [2011/08/13 13:14:49 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
MOD - [2011/08/13 13:14:34 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/08/13 12:55:29 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/08/13 12:53:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/08/13 12:53:23 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b7d1c271ec6b4df64c95563fc81ffc2f\System.Data.ni.dll
MOD - [2011/08/13 12:52:58 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/13 12:52:49 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/13 12:52:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/13 12:52:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/13 12:52:24 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b614f2d2f13857c09c98b02944fc1c41\Accessibility.ni.dll
MOD - [2011/08/13 03:09:00 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/13 03:08:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/08/08 15:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2010/12/09 18:34:10 | 000,119,808 | ---- | M] () -- C:\Program Files\TWC\DigiDo\imageformats\qjpeg4.dll
MOD - [2010/12/04 19:38:12 | 000,241,152 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_objdetect220.dll
MOD - [2010/12/04 19:38:06 | 000,776,192 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_highgui220.dll
MOD - [2010/12/04 19:38:06 | 000,201,216 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_video220.dll
MOD - [2010/12/04 19:38:04 | 001,242,112 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2010/12/04 19:38:02 | 002,010,624 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_core220.dll
MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/08/11 20:29:04 | 007,187,456 | ---- | M] () -- C:\Program Files\TWC\DigiDo\QtGui4.dll
MOD - [2010/08/11 20:29:02 | 000,325,632 | ---- | M] () -- C:\Program Files\TWC\DigiDo\QtXml4.dll
MOD - [2010/08/11 20:29:00 | 001,954,304 | ---- | M] () -- C:\Program Files\TWC\DigiDo\QtCore4.dll
MOD - [2010/08/11 20:29:00 | 000,847,360 | ---- | M] () -- C:\Program Files\TWC\DigiDo\QtNetwork4.dll
MOD - [2010/07/24 20:51:43 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/06/30 00:12:54 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/06/30 00:12:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/06/30 00:12:42 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/06/30 00:12:40 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/06/30 00:12:40 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/06/30 00:12:40 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/06/30 00:12:36 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/12/08 18:50:04 | 003,565,056 | ---- | M] () -- C:\Program Files\Replay Converter\ffdshow.ax
MOD - [2009/08/28 13:52:58 | 000,931,112 | ---- | M] () -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/07/03 14:18:14 | 000,131,072 | ---- | M] () -- C:\Program Files\PIXELA\Everio MediaBrowser\px_mpega.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2012/08/23 02:58:35 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/09 12:28:04 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/27 15:22:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/11/28 19:00:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/17 14:04:30 | 000,580,464 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\TWC\DigiDo\AffinegyService.exe -- (AffinegyService)
SRV - [2011/08/15 11:02:12 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/08/10 12:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/17 10:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/05/03 14:56:02 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/05/03 14:50:59 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/11/05 16:11:52 | 000,081,920 | R--- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/25 03:00:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/29 03:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motport.sys -- (motport)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\nwofan\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/23 20:22:50 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/28 11:58:06 | 000,049,240 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stdriver32.sys -- (stdriver)
DRV - [2012/02/22 03:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/01/10 23:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2011/10/15 01:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/04/04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2011/02/07 17:36:00 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2011/01/01 10:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 03:07:39 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.svs -- (NDProxy)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/01 06:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2010/07/29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2009/10/20 12:08:44 | 000,037,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/10/01 22:03:40 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/08/04 10:40:04 | 000,226,816 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00)
DRV - [2009/08/04 10:39:02 | 000,157,440 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmx00.sys -- (SWMX00)
DRV - [2009/07/30 17:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/07/13 15:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 15:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/06/22 22:34:38 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009/04/29 03:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/13 05:58:30 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2009/02/13 05:56:32 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/09/09 17:58:08 | 000,020,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2008/07/21 09:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/05/22 02:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/07/03 15:05:00 | 000,162,944 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2007/02/15 17:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2007/02/08 06:45:14 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2006/12/24 06:15:18 | 000,027,904 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xPADFL02.sys -- (XPADFL02)
DRV - [2006/11/29 15:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-tyc8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{08C2FE8D-012D-4327-B7C9-37C8EC2D2B7F}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=11-06-2012
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{F53CD4AF-28F0-43FB-B3FF-5D396282D957}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files\searchresults7\searchresultsDx.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{056650C7-9810-4555-BEB0-2C6700D7A155}: "URL" = http://search.jword....e={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{08C2FE8D-012D-4327-B7C9-37C8EC2D2B7F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=11-06-2012
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{710E5CC8-F44D-465F-A979-5AA39C16A2EF}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{789F138B-EDB8-4248-9EFE-93433AC99690}: "URL" = http://search.avg.co...}&iy=b&ychte=us
IE - HKCU\..\SearchScopes\{7E4F0419-36BD-4A62-A765-05EADE918250}: "URL" = http://search.yahoo....f-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\{879D7D8E-2FBB-4319-AC19-EFC55E153DBA}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{92B59854-86B8-4635-A4F5-CB78C30F550A}: "URL" = http://websearch.ask...09-59BC25CFDB2C
IE - HKCU\..\SearchScopes\{933C395A-2DDE-40D6-91C6-A13371E6FF89}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{B88BE29A-6F35-4D3D-B6B1-CD47D165B6B7}: "URL" = http://search.yahoo....ms}&fr=chr-tyc8
IE - HKCU\..\SearchScopes\{CB90FB56-786A-45CE-A0AF-2D9E17EDFF8D}: "URL" = http://www.google.co...1I7DXTB_enUS459
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-tyc8"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-tyc8"
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.wwe.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\nwofan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\nwofan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\nwofan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\nwofan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/06/29 03:37:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/25 14:36:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/27 15:22:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/26 08:52:23 | 000,000,000 | ---D | M]

[2010/07/24 21:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Extensions
[2012/08/26 08:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions
[2010/07/24 21:13:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/21 20:04:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/21 23:32:19 | 000,000,000 | ---D | M] (Search Results Toolbar) -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{6f895323-a0d1-4844-b5d1-89e3962fa2b2}
[2012/06/15 01:14:35 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/09/18 13:20:13 | 000,001,490 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\AIM Search.xml
[2012/08/17 22:55:19 | 000,002,562 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\aol-search-1.xml
[2010/09/23 00:04:58 | 000,002,342 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\aol-search.xml
[2011/02/09 20:45:52 | 000,001,919 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\bing-zugo.xml
[2011/12/11 22:30:57 | 000,001,210 | ---- | M] () -- C:\Users\nwofan\AppData\Roaming\Mozilla\Firefox\Profiles\hehyz5rf.default\searchplugins\search.xml
[2012/08/26 08:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/05 00:57:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/07 03:39:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\NWOFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HEHYZ5RF.DEFAULT\EXTENSIONS\{90EEE664-34B1-422A-A782-779AF65CDF6D}
File not found (No name found) -- C:\USERS\NWOFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HEHYZ5RF.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\NWOFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HEHYZ5RF.DEFAULT\EXTENSIONS\[email protected]
[2012/07/27 15:22:35 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/11/11 00:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2012/06/20 09:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 09:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/07/11 14:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/01/15 04:46:37 | 000,002,242 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\AOL Search.xml
[2012/07/27 15:22:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/19 19:21:58 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/07/27 15:22:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\nwofan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\nwofan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Ask Toolbar = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodnbkkemkkaekocofmphoadofkdh\7.15.1.22466_0\
CHR - Extension: Entanglement = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: SiteAdvisor = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: Skype Click to Call = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\
CHR - Extension: Poppit = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\nwofan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/08/26 09:54:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Search Results Toolbar) - {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files\searchresults7\searchresultsDx.dll (Ask.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\21.0.1180.83\npchrome_frame.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files\searchresults7\searchresultsDx.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [DigiDo] C:\Program Files\TWC\DigiDo\TrayApp.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1241069855\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [Recordpad] C:\Program Files\NCH Software\Recordpad\recordpad.exe (NCH Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.7\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [Pando] C:\Program Files\Pando Networks\Pando\Pando.exe (Pando Networks)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Users\nwofan\Desktop\Emulators\uTorrent.exe ()
O4 - Startup: C:\Users\nwofan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\nwofan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect119b.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} http://clients.futur...y/FMSI_v420.cab (FuturemarkSystemInfoX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56E290B4-FA5A-48A1-8671-5D6776B62B14}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{611D4670-149B-4053-9713-D1F4F7A58D99}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D23BAA9-C145-4F8D-9FB1-A4855C4888B1}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\21.0.1180.83\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\nwofan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\nwofan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 14:12:18 | 000,000,088 | ---- | M] () - H:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010/05/10 22:02:29 | 000,000,000 | ---D | M] - K:\Automatically Add to iTunes -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/26 10:06:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/26 10:04:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/26 09:03:11 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/26 09:00:49 | 004,738,846 | R--- | C] (Swearware) -- C:\Users\nwofan\Desktop\ComboFix.exe
[2012/08/26 08:57:50 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{EBF5ED6A-711A-489A-ACF1-E1EEDCEA4105}
[2012/08/26 08:47:03 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{51FA08C5-0589-4509-A7E2-7ED364B9B5DD}
[2012/08/25 14:42:13 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{F1A84C05-97AC-480E-BEFD-6B14FAE08FDB}
[2012/08/25 02:41:46 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{8549B941-9335-4400-A4D6-380981D28455}
[2012/08/24 16:28:00 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\nwofan\Desktop\OTL.exe
[2012/08/24 14:41:19 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{DED83123-A744-4525-938F-C2F3D6508E12}
[2012/08/24 02:40:55 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{216BBD6D-4553-4525-A772-DEE458E9C2FC}
[2012/08/23 14:40:16 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{654CAFAA-C76F-4692-A596-085A9A110575}
[2012/08/23 02:39:51 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{EF26AF5F-5838-4AA2-8CD7-E6066DCB7E27}
[2012/08/22 14:39:22 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{F9F94378-9E92-43E3-A875-4678C77EFE46}
[2012/08/22 02:27:30 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{F3377930-E872-484A-B0EE-458EB6DA7329}
[2012/08/21 14:27:17 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{23E3B134-57E0-4FDD-B739-A9D7A9E477AC}
[2012/08/21 01:01:55 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1F6DF794-B70D-4EA4-AE56-72CCDAFDBE61}
[2012/08/20 14:55:51 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Roaming\mIRC
[2012/08/20 14:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2012/08/20 14:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2012/08/20 13:01:39 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{267CD68E-7A11-4DEF-AC64-51887E45FF66}
[2012/08/20 05:20:08 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/08/19 18:01:24 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{77FEE854-E692-4E7C-A194-8C3490584E68}
[2012/08/18 15:08:52 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{6A4AAA90-ED28-4FBB-AFAF-A668EC1489FB}
[2012/08/18 15:08:40 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{06E0F347-F1A2-4A20-A418-960622EFBB1A}
[2012/08/18 03:08:10 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1495C6EA-4F80-44AA-ABA9-89772706F4B0}
[2012/08/18 03:07:58 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5537A3C0-DC6E-4125-B27A-A2D1A641DEEB}
[2012/08/17 14:31:20 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{CBEE64CE-E0AC-4BC9-B665-C2A3EE66C144}
[2012/08/17 14:31:09 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{36764094-91AF-4977-B032-6134ABD25D78}
[2012/08/17 02:30:32 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1D9D5A41-C328-4F06-8D08-72B9A53B80F4}
[2012/08/17 02:30:09 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{59319123-4C7D-48AC-85D7-849D2C279E8A}
[2012/08/16 14:29:21 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{F2C4908B-E596-44F8-8F86-8C9B8A5DF185}
[2012/08/16 14:28:59 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{583CEA25-4F7B-4569-89F4-3D598B9A0CD1}
[2012/08/16 02:06:07 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B8E9A680-612F-4C36-AE52-1A7AD1A2294F}
[2012/08/16 02:05:56 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{AC30CA4D-D100-493E-A91A-32D5516EC08C}
[2012/08/15 14:05:16 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1619E7B0-0B4A-49C6-9755-874F5AF5C018}
[2012/08/15 14:05:00 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5C10C36A-0685-4D58-96F7-3EF8496A0402}
[2012/08/15 01:55:20 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{4B9EE450-3BC7-4FB6-873A-247661A10F0D}
[2012/08/15 01:55:03 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{BC237B0B-3676-40B0-9D70-EEB3964DB780}
[2012/08/14 13:54:33 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{D10BBF68-EB29-4127-A112-7DC5CE14D456}
[2012/08/14 13:54:21 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{10671934-ADB0-45EC-A1DA-3BF21561F203}
[2012/08/14 01:53:11 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{FEEA58F9-0651-45C5-8936-8DB4F79BDAAD}
[2012/08/14 01:52:41 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{005C6EF7-73A8-4424-B817-5DEC43147002}
[2012/08/13 13:51:55 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{BD1DFC89-5AB0-4ACB-92A3-6E4E6C0A9E93}
[2012/08/13 13:51:38 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{0ED9CDF2-3D50-46D1-8531-8455404E4954}
[2012/08/12 16:49:10 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B35FD1AC-78BD-44E8-8FCA-ECCC382BF869}
[2012/08/12 16:48:46 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{57114FB5-9C61-4EDB-BD5E-224B58B5C36D}
[2012/08/12 03:43:17 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{762D380B-427B-44BD-9DD3-44413DC7A37F}
[2012/08/12 03:43:06 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{06CFB999-AFE1-444F-B762-6AA7011F0A88}
[2012/08/11 15:42:49 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B9AC1C6F-D728-4F56-9C53-C8915F20411F}
[2012/08/11 15:42:31 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{8282CD65-5F9C-40B8-9978-F62516D900EB}
[2012/08/11 03:40:28 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{ACA155A4-A5EB-441A-99C2-2981B06AE615}
[2012/08/11 03:40:13 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{34D08F17-CC9F-42CD-BD7E-DD77BFD6113E}
[2012/08/10 15:39:35 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{79EAAEE8-0D94-479E-83EF-638E2060B419}
[2012/08/10 15:39:18 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{AE33ABA8-AA68-461A-BCBB-4B9E4E7FC60E}
[2012/08/10 02:48:21 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{EBBC1F0F-D3B4-4A0C-B38F-688A538F61E2}
[2012/08/10 02:48:09 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{6CF093DF-341C-49BE-8D35-2BC7212FA717}
[2012/08/09 19:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TWC
[2012/08/09 19:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\TWC
[2012/08/09 19:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Affinegy
[2012/08/09 14:31:19 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{7120763D-089C-4268-A9DC-36ED4A15B984}
[2012/08/09 14:31:07 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{EFEFF18C-C95D-46DF-9045-0560293233F2}
[2012/08/09 12:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/08/09 12:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012/08/09 02:29:57 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{71BA6572-01A9-4C51-9F2F-BFB43745BF27}
[2012/08/08 14:28:46 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{4F219519-5DE6-465D-B7BB-342521B7D861}
[2012/08/08 14:28:34 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{49C44B75-49D5-4926-9AF5-DC0615E98BC2}
[2012/08/08 02:28:03 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{F9EDB12F-1B8A-49F5-A71C-592349A1F446}
[2012/08/08 02:27:51 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1A7AAB53-3F9E-419A-9998-4A1340B66B2F}
[2012/08/07 14:27:21 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{97433981-6F14-4D0F-AE17-A376C64D91D2}
[2012/08/07 14:27:10 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{315E2639-E175-4646-B160-A6C1E8FA33CE}
[2012/08/07 02:26:40 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{21A613E0-04A9-4043-B9B6-38B871008D41}
[2012/08/06 14:26:01 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{8B2182C3-936A-430A-AC81-311F8FE0A2A4}
[2012/08/06 14:25:49 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{28E46C80-8A84-48A4-BE13-7C1D207D88F8}
[2012/08/05 16:21:08 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{922746AB-6979-4FB3-95AD-F6A7A2D6B682}
[2012/08/05 16:20:47 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{1BDAB777-3B96-4032-9716-CDB0B1488DB4}
[2012/08/04 15:13:27 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{85C3C26D-953D-484C-B093-9082EA90A144}
[2012/08/04 15:13:06 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B8D337E3-D6A4-4B51-A6FC-B623483DA1FB}
[2012/08/03 16:13:18 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{19F14472-0FB8-4E7F-A1D2-5AC8D1258034}
[2012/08/03 16:12:54 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{BEB15028-31D0-45A8-AA32-E43A27A5BCCB}
[2012/08/03 02:56:54 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{A25AF1DE-60D5-4603-9210-D499C832D9A0}
[2012/08/03 02:56:37 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{5511C085-C341-413D-A2F2-C709321DD721}
[2012/08/02 18:26:23 | 000,000,000 | ---D | C] -- C:\Users\nwofan\Desktop\nes
[2012/08/02 18:25:01 | 000,000,000 | R--D | C] -- C:\Users\nwofan\Desktop\Nintendo
[2012/08/02 17:17:53 | 000,000,000 | ---D | C] -- C:\Users\nwofan\Desktop\FightingIsMagic
[2012/08/02 14:56:08 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{2D92EFA0-5DF2-47B6-9523-19D267A28835}
[2012/08/02 14:55:57 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{D37D8464-7FF3-4B5A-8126-4DEF6EE3EC07}
[2012/08/02 02:55:28 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{F5E9AFCD-9A97-468B-B83E-0E2201BAEEE8}
[2012/08/02 02:55:05 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{EE1B376A-5000-4975-A088-7E68FD97F4F9}
[2012/08/01 14:54:36 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{961D78CF-E3CB-459A-A17C-EAB72DCEAF79}
[2012/08/01 14:54:25 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{0D30952A-2A40-4F6E-A514-079C648A0D74}
[2012/08/01 02:53:39 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{A1864ABE-EFE2-461D-BF0A-E093AA6B5619}
[2012/07/31 14:53:12 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{2CDC0075-9D9D-4CCC-964C-99806914C00E}
[2012/07/31 14:52:49 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{A35DEF74-6069-40A4-ABA6-122543E72856}
[2012/07/31 02:51:55 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B7C7A128-8EB3-455E-A378-6ADF0EB1B091}
[2012/07/30 14:51:04 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{A9AE4ADC-CBE3-4BE9-A178-96F069F99543}
[2012/07/30 14:50:34 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{4D68201D-8413-4F00-91FC-52B9855EF3FA}
[2012/07/29 17:33:30 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{E71F7F01-736B-4216-819E-CD5820814D3B}
[2012/07/29 17:32:56 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{49A5641A-4073-48D9-B061-76E09A3CC556}
[2012/07/29 02:39:27 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{B287FA90-098F-4B3C-8275-905CF5CFB133}
[2012/07/28 14:39:00 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{53B24085-20D7-478E-A1B4-3850FC638FFF}
[2012/07/28 14:38:48 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{7ECAF057-3300-4C37-91F3-10A489A054CB}
[2012/07/28 02:38:14 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{0933C8F4-6628-42D7-92FF-1DED2C8D08A3}
[2012/07/28 02:38:01 | 000,000,000 | ---D | C] -- C:\Users\nwofan\AppData\Local\{85E26AA6-0731-4D00-812C-048D6FB6DEC8}
[2012/06/19 02:00:54 | 001,973,368 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\nwofan\avg_remover_stf_x86_2012_2125.exe
[2012/02/24 00:29:50 | 030,218,224 | ---- | C] (IObit ) -- C:\Users\nwofan\asc-setup.exe
[2011/08/24 21:44:08 | 015,432,864 | ---- | C] (ManyCam LLC) -- C:\Users\nwofan\ManyCam.exe
[2011/08/04 20:31:01 | 000,243,360 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\nwofan\uninstall_flash_player.exe
[2010/07/22 00:24:52 | 001,048,576 | ---- | C] (Hazar Co.) -- C:\Users\nwofan\RemoveWAT.exe
[1998/04/26 22:00:00 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DAO350.DLL

========== Files - Modified Within 30 Days ==========

[2012/08/26 17:33:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/26 17:30:53 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/26 16:58:35 | 000,014,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 16:58:35 | 000,014,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 16:56:19 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1868571618-3835447236-223175164-1000UA.job
[2012/08/26 16:54:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/26 16:51:32 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/08/26 16:51:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/26 16:51:08 | 2414,780,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/26 09:54:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/26 09:52:03 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/26 09:52:03 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/26 09:00:50 | 004,738,846 | R--- | M] (Swearware) -- C:\Users\nwofan\Desktop\ComboFix.exe
[2012/08/26 08:51:14 | 000,618,227 | ---- | M] () -- C:\Users\nwofan\Desktop\adwcleaner.exe
[2012/08/26 07:45:40 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for nwofan.job
[2012/08/26 01:56:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1868571618-3835447236-223175164-1000Core.job
[2012/08/24 16:28:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\nwofan\Desktop\OTL.exe
[2012/08/23 16:09:43 | 001,425,268 | ---- | M] () -- C:\Users\nwofan\Desktop\SuperZeroMission-Captured.png
[2012/08/23 15:38:15 | 000,119,827 | ---- | M] () -- C:\Users\nwofan\Desktop\MetroidSuperZeroMission.png
[2012/08/21 15:36:59 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/20 14:55:51 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2012/08/20 03:13:22 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/08/16 03:59:34 | 000,450,240 | ---- | M] () -- C:\Users\nwofan\Desktop\SM-Eris-2012.png
[2012/08/15 02:35:11 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/08/13 18:43:02 | 000,245,208 | ---- | M] () -- C:\Users\nwofan\Documents\Lucky wip.png
[2012/08/12 16:50:26 | 000,001,297 | ---- | M] () -- C:\Users\nwofan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/11 02:53:33 | 000,005,120 | ---- | M] () -- C:\Users\nwofan\Documents\netread.dll
[2012/08/11 02:50:33 | 017,897,044 | ---- | M] () -- C:\Users\nwofan\Documents\MLP MS.exe
[2012/08/09 19:57:13 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\DigiDo.lnk
[2012/08/09 17:28:58 | 000,001,152 | ---- | M] () -- C:\Users\nwofan\Desktop\SkyrimLauncher.exe - Shortcut.lnk
[2012/08/09 03:22:05 | 000,001,029 | ---- | M] () -- C:\Users\nwofan\Application Data\Microsoft\Internet Explorer\Quick Launch\Nexus Mod Manager.lnk
[2012/08/09 03:22:04 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/08/07 04:19:48 | 000,001,163 | ---- | M] () -- C:\Users\nwofan\Desktop\skse_loader.exe - Shortcut.lnk
[2012/08/07 00:00:25 | 000,000,641 | ---- | M] () -- C:\Users\nwofan\Desktop\Zelda Classic 1.92 beta 183.lnk

========== Files Created - No Company Name ==========

[2012/08/26 08:51:13 | 000,618,227 | ---- | C] () -- C:\Users\nwofan\Desktop\adwcleaner.exe
[2012/08/23 16:09:39 | 001,425,268 | ---- | C] () -- C:\Users\nwofan\Desktop\SuperZeroMission-Captured.png
[2012/08/23 15:41:47 | 000,119,827 | ---- | C] () -- C:\Users\nwofan\Desktop\MetroidSuperZeroMission.png
[2012/08/20 14:55:51 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2012/08/20 14:53:07 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/20 03:13:22 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/08/16 03:58:53 | 000,450,240 | ---- | C] () -- C:\Users\nwofan\Desktop\SM-Eris-2012.png
[2012/08/13 18:43:02 | 000,245,208 | ---- | C] () -- C:\Users\nwofan\Documents\Lucky wip.png
[2012/08/11 02:53:32 | 000,005,120 | ---- | C] () -- C:\Users\nwofan\Documents\netread.dll
[2012/08/11 02:48:27 | 017,897,044 | ---- | C] () -- C:\Users\nwofan\Documents\MLP MS.exe
[2012/08/09 19:57:13 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\DigiDo.lnk
[2012/08/09 12:27:33 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/08/07 04:19:15 | 000,001,163 | ---- | C] () -- C:\Users\nwofan\Desktop\skse_loader.exe - Shortcut.lnk
[2012/07/21 01:58:35 | 000,000,692 | ---- | C] () -- C:\Users\nwofan\L4D2 Updater.lnk
[2012/07/21 01:58:35 | 000,000,624 | ---- | C] () -- C:\Users\nwofan\Mutation Mod.lnk
[2012/06/19 01:52:14 | 001,632,470 | ---- | C] () -- C:\Users\nwofan\AVGInstLog.cab
[2012/06/13 21:47:09 | 000,028,046 | ---- | C] () -- C:\Users\nwofan\Two Tone Badge.JPG
[2012/06/08 20:59:30 | 000,004,027 | ---- | C] () -- C:\Users\nwofan\RP for today.rtf
[2012/06/07 00:33:59 | 002,886,982 | ---- | C] () -- C:\Users\nwofan\For Two-Tone.bmp
[2012/05/25 01:49:25 | 000,016,298 | ---- | C] () -- C:\Users\nwofan\1303432436.inflationcouplingist_101.rtf
[2012/03/17 15:35:06 | 000,129,493 | ---- | C] () -- C:\Users\nwofan\PICE0BC.tmp.jpg
[2012/01/20 00:44:16 | 000,000,107 | ---- | C] () -- C:\Users\nwofan\AppData\Roaming\Editroid.config
[2011/12/02 22:12:19 | 000,066,764 | ---- | C] () -- C:\Users\nwofan\Picture 27.jpg
[2011/11/29 08:04:31 | 000,002,242 | ---- | C] () -- C:\Users\nwofan\Norton PC Checkup.LNK
[2011/11/23 04:05:06 | 000,000,512 | ---- | C] () -- C:\Users\nwofan\MBR.dat
[2011/11/23 00:29:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/23 00:29:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/23 00:29:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/23 00:29:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/23 00:29:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/04 00:07:06 | 000,236,336 | ---- | C] () -- C:\Users\nwofan\Babs playing in her panties.png
[2011/10/30 03:50:58 | 001,040,772 | ---- | C] () -- C:\Users\nwofan\TT and my new_005.png
[2011/10/30 03:50:58 | 001,039,211 | ---- | C] () -- C:\Users\nwofan\TT and my new_007.png
[2011/10/30 03:50:58 | 001,024,654 | ---- | C] () -- C:\Users\nwofan\TT and my new_002.png
[2011/10/30 03:50:58 | 000,989,946 | ---- | C] () -- C:\Users\nwofan\TT and my new_001.png
[2011/10/30 03:50:58 | 000,984,485 | ---- | C] () -- C:\Users\nwofan\TT and my new_004.png
[2011/10/30 03:50:58 | 000,737,247 | ---- | C] () -- C:\Users\nwofan\TT and my new_003.png
[2011/10/30 03:50:58 | 000,541,559 | ---- | C] () -- C:\Users\nwofan\TT and my new_006.png
[2011/10/11 17:21:13 | 000,120,264 | ---- | C] () -- C:\Users\nwofan\Riverrecolor.jpg
[2011/09/15 18:26:28 | 000,000,865 | ---- | C] () -- C:\Users\nwofan\.recently-used.xbel
[2011/09/15 00:11:56 | 000,360,946 | ---- | C] () -- C:\Users\nwofan\cwps-1099843-1.jpg
[2011/09/06 03:00:28 | 000,270,336 | ---- | C] () -- C:\Users\nwofan\Cadpig_goes_bad.wps
[2011/09/06 02:57:23 | 000,007,326 | ---- | C] () -- C:\Users\nwofan\lucky-char.jpg
[2011/09/05 03:24:57 | 000,770,414 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_008.png
[2011/09/05 03:24:57 | 000,745,688 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_006.png
[2011/09/05 03:24:57 | 000,728,934 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_009.png
[2011/09/05 03:24:57 | 000,706,288 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_013.png
[2011/09/05 03:24:57 | 000,699,558 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_002.png
[2011/09/05 03:24:57 | 000,695,738 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_003.png
[2011/09/05 03:24:57 | 000,687,334 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_004.png
[2011/09/05 03:24:57 | 000,671,988 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_011.png
[2011/09/05 03:24:57 | 000,638,994 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_012.png
[2011/09/05 03:24:57 | 000,626,365 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_005.png
[2011/09/05 03:24:57 | 000,594,443 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_001.png
[2011/09/05 03:24:57 | 000,503,753 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_010.png
[2011/09/05 03:24:57 | 000,334,133 | ---- | C] () -- C:\Users\nwofan\cfc and Twotone 2_007.png
[2011/09/03 02:53:56 | 000,454,306 | ---- | C] () -- C:\Users\nwofan\diaper buster 1.png
[2011/08/28 19:57:01 | 000,000,985 | ---- | C] () -- C:\Users\nwofan\Free M4a to MP3 Converter.lnk
[2011/08/28 19:57:01 | 000,000,980 | ---- | C] () -- C:\Users\nwofan\My Music Tools.lnk
[2011/08/28 01:02:05 | 000,001,903 | ---- | C] () -- C:\Users\nwofan\MOTOROLA MEDIA LINK.lnk
[2011/08/13 03:24:50 | 000,280,739 | ---- | C] () -- C:\Users\nwofan\pretty_kitty_by_toddlergirl-d397r7f.png
[2011/08/08 00:10:43 | 001,923,244 | ---- | C] () -- C:\Users\nwofan\IMAG0026.jpg
[2011/08/08 00:10:43 | 001,649,591 | ---- | C] () -- C:\Users\nwofan\IMAG0028.jpg
[2011/08/08 00:10:43 | 001,643,789 | ---- | C] () -- C:\Users\nwofan\IMAG0027.jpg
[2011/07/27 14:30:27 | 001,525,339 | ---- | C] () -- C:\Users\nwofan\IMAG0449.jpg
[2011/07/25 21:07:38 | 004,386,885 | ---- | C] () -- C:\Users\nwofan\autosave.fxs
[2011/07/22 23:17:38 | 000,245,778 | ---- | C] () -- C:\Users\nwofan\SL error.jpg
[2011/07/11 11:53:36 | 000,000,020 | ---- | C] () -- C:\Windows\System32\NDADMIND.DLL
[2011/07/03 04:12:06 | 000,035,876 | ---- | C] () -- C:\Users\nwofan\CP RP.rtf
[2011/06/30 22:58:39 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/30 22:56:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/29 22:42:32 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/06/21 03:43:01 | 000,000,017 | ---- | C] () -- C:\Users\nwofan\AppData\Local\resmon.resmoncfg
[2011/06/21 03:13:52 | 000,212,973 | ---- | C] () -- C:\ProgramData\LUInstall.LiveUpdate
[2011/06/04 18:40:32 | 000,151,190 | ---- | C] () -- C:\Users\nwofan\FalloutNewVegasSOTTglitch.jpg
[2011/05/28 15:51:41 | 001,687,242 | ---- | C] () -- C:\Users\nwofan\TTandtheTARDIS_001.png
[2011/05/05 19:15:59 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/08 19:26:15 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat
[2011/03/23 20:48:06 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/02/05 23:13:50 | 000,260,146 | ---- | C] () -- C:\Users\nwofan\Scallop_Stamp_Template_by_plztikphishphood.psd
[2011/02/04 15:37:19 | 000,539,687 | ---- | C] () -- C:\Users\nwofan\plush Two-tone with bottle.JPG
[2011/02/02 22:40:53 | 005,120,640 | ---- | C] () -- C:\Users\nwofan\WWE Kurt Angle theme (You suck choir).mp3
[2011/02/02 22:33:54 | 007,036,992 | ---- | C] () -- C:\Users\nwofan\nWo theme (voodoo child w_ voices).mp3
[2011/02/02 22:29:33 | 004,258,368 | ---- | C] () -- C:\Users\nwofan\Hulk Hogan Entrance Video.mp3
[2011/01/27 14:18:58 | 000,888,184 | ---- | C] () -- C:\Users\nwofan\108_2517.JPG
[2011/01/27 14:18:58 | 000,762,761 | ---- | C] () -- C:\Users\nwofan\108_2518.JPG
[2011/01/27 14:18:58 | 000,559,296 | ---- | C] () -- C:\Users\nwofan\108_2519.JPG
[2011/01/18 13:00:02 | 004,305,600 | ---- | C] () -- C:\Users\nwofan\Angry Video Game Nerd Full Theme Song.mp3
[2011/01/04 02:27:21 | 000,069,275 | ---- | C] () -- C:\Users\nwofan\autograph.jpg
[2010/12/31 23:11:56 | 000,163,898 | ---- | C] () -- C:\Users\nwofan\wof 100K win.jpg
[2010/12/31 03:22:14 | 000,070,015 | ---- | C] () -- C:\Users\nwofan\Peach Boss Goddess.jpg
[2010/12/04 16:20:27 | 008,481,615 | ---- | C] () -- C:\Users\nwofan\mara_jade.zip
[2010/11/19 22:07:12 | 000,450,821 | ---- | C] () -- C:\Users\nwofan\101 Dalmatians Style1.png
[2010/11/19 22:03:17 | 000,365,675 | ---- | C] () -- C:\Users\nwofan\101 Dalmatians Banner 1.png
[2010/11/02 21:24:47 | 000,005,395 | ---- | C] () -- C:\Users\nwofan\1288751380.luckybolt20_thebigcrossover.rtf
[2010/10/25 18:15:31 | 000,162,488 | ---- | C] () -- C:\Users\nwofan\George of the Jungle2.wav
[2010/10/25 18:15:11 | 000,162,488 | ---- | C] () -- C:\Users\nwofan\George of the Jungle.wav2.wav
[2010/10/25 18:13:26 | 000,162,488 | ---- | C] () -- C:\Users\nwofan\George of the Jungle.wav
[2010/10/19 22:57:21 | 002,713,862 | ---- | C] () -- C:\Users\nwofan\1279523769_arumontwolf_1279489370_constantine_auromwolf.png
[2010/10/19 22:57:21 | 001,110,929 | ---- | C] () -- C:\Users\nwofan\Ychan - r - wolf - wolf 6.jpg
[2010/10/19 22:57:21 | 000,235,899 | ---- | C] () -- C:\Users\nwofan\m_1281890420297_fluff-kevlar_fkevlar_aryteweb.jpg
[2010/10/19 22:57:21 | 000,202,017 | ---- | C] () -- C:\Users\nwofan\Ychan - r - wolf - 81529.jpg
[2010/10/19 22:57:21 | 000,130,082 | ---- | C] () -- C:\Users\nwofan\m_1284928089033_W_CANISLUPUS.jpg
[2010/10/13 01:03:55 | 000,065,536 | ---- | C] () -- C:\Users\nwofan\f261e365-0eb3-49cc-a7a4-388fb1eeeb0f.jpg
[2010/10/13 01:03:55 | 000,032,768 | ---- | C] () -- C:\Users\nwofan\67fcc669-29fd-4962-b862-0236bf649d88.jpg
[2010/09/09 16:16:38 | 001,131,946 | ---- | C] () -- C:\Users\nwofan\108_2508.JPG
[2010/09/09 00:47:25 | 002,192,034 | ---- | C] () -- C:\Users\nwofan\Wonkatastic.gif
[2010/09/07 02:17:44 | 000,082,123 | ---- | C] () -- C:\Users\nwofan\Joker1.jpg
[2010/08/28 01:53:21 | 000,281,818 | ---- | C] () -- C:\Users\nwofan\whomper2-065.jpg
[2010/08/20 02:45:26 | 000,027,200 | ---- | C] () -- C:\Users\nwofan\sally.jpg
[2010/07/28 00:08:12 | 000,051,151 | ---- | C] () -- C:\Users\nwofan\bff.jpg
[2010/07/25 02:13:50 | 000,010,752 | ---- | C] () -- C:\Users\nwofan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/24 22:26:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/22 00:46:53 | 001,032,326 | ---- | C] () -- C:\Users\nwofan\nWo Theme - Hulk Hogan TNA Theme w-Quotes_19477679.mp3
[2010/07/11 03:51:02 | 000,971,336 | ---- | C] () -- C:\Users\nwofan\SoMuchWork.wmv
[2010/07/08 01:05:52 | 003,162,583 | ---- | C] () -- C:\Users\nwofan\Simpsons - Garden of Eden.flv
[2010/07/08 01:02:00 | 000,380,206 | ---- | C] () -- C:\Users\nwofan\Breaking the law.flv
[2010/07/07 23:45:38 | 009,403,779 | ---- | C] () -- C:\Users\nwofan\bnb - Tornado.flv
[2010/07/06 00:06:47 | 001,440,054 | ---- | C] () -- C:\Users\nwofan\alex.bmp
[2010/07/05 00:05:22 | 000,061,621 | ---- | C] () -- C:\Users\nwofan\Babs in her pajama top.jpg
[2010/07/05 00:03:34 | 000,065,146 | ---- | C] () -- C:\Users\nwofan\Buster in his pajama top.jpg
[2010/07/03 01:37:26 | 000,025,645 | ---- | C] () -- C:\Users\nwofan\Picture 10.jpg
[2010/07/02 22:55:21 | 000,056,392 | ---- | C] () -- C:\Users\nwofan\ECP_00010.jpg
[2010/06/18 22:12:11 | 000,725,701 | ---- | C] () -- C:\Users\nwofan\104_2340.JPG
[2010/06/18 02:27:08 | 003,023,232 | ---- | C] () -- C:\Users\nwofan\Terminator Theme.mp3
[2010/06/03 03:36:37 | 000,663,651 | ---- | C] () -- C:\Users\nwofan\khorneberzerkers.png
[2010/06/03 03:36:37 | 000,590,923 | ---- | C] () -- C:\Users\nwofan\Tacticageniuspool.jpg
[2010/06/03 03:36:37 | 000,475,100 | ---- | C] () -- C:\Users\nwofan\fuangrymarine.jpg
[2010/06/03 03:36:37 | 000,101,917 | ---- | C] () -- C:\Users\nwofan\1259637709948.jpg
[2010/06/03 03:36:37 | 000,083,417 | ---- | C] () -- C:\Users\nwofan\Bolter.jpg
[2010/06/03 03:36:37 | 000,067,018 | ---- | C] () -- C:\Users\nwofan\segway-rough-riders-imperial-guard-warhammer-40k-segway-roug-demotivational-poster-1255553637.jpg
[2010/06/03 03:36:37 | 000,050,329 | ---- | C] () -- C:\Users\nwofan\1259637858517.png
[2010/06/03 03:36:37 | 000,044,681 | ---- | C] () -- C:\Users\nwofan\60474_Tactical_facepalm.jpg
[2010/06/03 03:36:37 | 000,029,665 | ---- | C] () -- C:\Users\nwofan\nachof-10.jpg
[2010/06/01 23:04:45 | 000,139,152 | ---- | C] () -- C:\Users\nwofan\AppData\Roaming\PnkBstrK.sys
[2010/06/01 23:04:45 | 000,014,994 | ---- | C] () -- C:\Users\nwofan\AppData\Roaming\wklnhst.dat
[2010/05/31 16:21:28 | 000,283,626 | ---- | C] () -- C:\Users\nwofan\template.jpg
[2010/05/29 22:43:21 | 000,048,925 | ---- | C] () -- C:\Users\nwofan\ECP_00004.jpg
[2010/05/29 22:42:14 | 000,050,421 | ---- | C] () -- C:\Users\nwofan\ECP_00003.jpg
[2010/05/29 22:41:36 | 000,051,934 | ---- | C] () -- C:\Users\nwofan\ECP_00002.jpg
[2010/04/27 02:27:01 | 000,058,335 | ---- | C] () -- C:\Users\nwofan\1581j5l.gif
[2010/04/26 01:04:08 | 000,018,460 | ---- | C] () -- C:\Users\nwofan\KARISCREST.jpg
[2010/04/26 01:04:01 | 000,018,503 | ---- | C] () -- C:\Users\nwofan\TKSCREST.jpg
[2010/04/04 20:50:12 | 000,008,528 | ---- | C] () -- C:\Users\nwofan\wrongcollarcolor[1].jpg
[2010/03/13 21:25:55 | 000,000,915 | ---- | C] () -- C:\Users\nwofan\Ventrilo.lnk
[2009/12/31 22:31:37 | 000,246,761 | ---- | C] () -- C:\Users\nwofan\WWE & UFC Titles.rar
[2009/11/10 12:37:56 | 000,000,802 | ---- | C] () -- C:\Users\nwofan\TunesUp20.lnk
[2009/09/28 11:02:40 | 000,000,179 | ---- | C] () -- C:\Users\nwofan\PIXELA Product Registration.url
[2009/09/28 11:02:40 | 000,000,176 | ---- | C] () -- C:\Users\nwofan\Everio MediaBrowser Homepage.url
[2009/09/26 19:19:12 | 002,869,528 | ---- | C] () -- C:\Users\nwofan\Zach Gowen.wmv
[2009/09/18 03:25:01 | 000,218,857 | ---- | C] () -- C:\Users\nwofan\DSW.jpg
[2009/09/14 22:44:10 | 002,992,128 | ---- | C] () -- C:\Users\nwofan\Jerishow's Newest Theme 2009 BEST QUALITY.mp3
[2009/09/03 19:15:11 | 002,931,179 | ---- | C] () -- C:\Users\nwofan\The Brian Kendrick - Man With A Plan [Full].mp3
[2009/09/01 14:47:32 | 004,996,669 | ---- | C] () -- C:\Users\nwofan\Legacy.mp3
[2009/08/13 00:36:05 | 000,005,624 | ---- | C] () -- C:\Users\nwofan\sandworm texture.jpg
[2009/07/13 20:25:09 | 000,043,712 | ---- | C] () -- C:\Users\nwofan\brian-lawler-mugshot.jpg
[2009/07/11 23:59:13 | 000,405,054 | ---- | C] () -- C:\Users\nwofan\pee wee mug shot.bmp
[2009/07/07 21:24:18 | 022,730,332 | ---- | C] () -- C:\Users\nwofan\Hitler Original Bunker Scene No Subtitles.avi
[2009/05/11 20:32:46 | 000,001,900 | ---- | C] () -- C:\Users\nwofan\ArcSoft Products.lnk
[2009/04/30 00:55:34 | 001,142,980 | ---- | C] () -- C:\Users\nwofan\Scan0001.tif
[2009/04/29 14:44:36 | 000,000,816 | ---- | C] () -- C:\Users\nwofan\WinRAR.lnk
[2008/12/16 18:08:26 | 000,002,175 | ---- | C] () -- C:\Users\nwofan\Norton Internet Security.lnk

========== LOP Check ==========

[2010/07/24 21:12:40 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\acccore
[2010/09/18 10:17:15 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Aim
[2011/11/27 23:00:09 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\AVG2012
[2010/08/15 19:16:01 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\AVG9
[2012/02/24 01:29:36 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Azureus
[2010/07/24 21:12:43 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\BitComet
[2012/01/07 02:02:25 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\ConsumerSoft
[2012/02/24 01:29:36 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\DAEMON Tools Lite
[2012/02/24 01:29:36 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\DAEMON Tools Pro
[2010/10/25 14:52:42 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Datel
[2012/06/18 01:37:03 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Firestorm
[2010/07/24 21:12:44 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\fltk.org
[2010/07/24 21:12:44 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\funkitron
[2010/08/18 23:52:27 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\GameTuts
[2011/06/17 14:00:10 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\go
[2011/09/15 18:26:28 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\gtk-2.0
[2012/06/07 13:25:05 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\ID Vault
[2010/07/24 21:12:44 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\ImgBurn
[2012/04/02 14:10:00 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\IObit
[2010/07/24 21:12:44 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\iWin
[2010/07/24 21:12:44 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Ludia
[2012/06/29 03:36:04 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\ManyCam
[2012/01/24 14:13:17 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\MaskMyIP
[2011/05/13 20:53:06 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\MotioninJoy
[2011/09/08 14:25:32 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Moyea
[2012/02/21 01:51:54 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Mupen64Plus
[2010/07/24 21:13:11 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\muvee Technologies
[2010/08/23 20:20:32 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\NCH Swift Sound
[2010/07/24 21:13:12 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Neopets Toolbar
[2012/01/24 03:49:30 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\ooVoo Details
[2010/10/27 01:47:32 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\OpenOffice.org
[2010/07/24 21:13:12 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\PlayFirst
[2011/06/25 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Publish Providers
[2012/02/06 15:43:47 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Recordpad
[2011/03/23 21:35:55 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Reuben
[2012/06/16 03:11:49 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\SecondLife
[2010/09/30 19:33:21 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Sierra Wireless
[2009/05/12 13:19:56 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Skinux
[2011/07/08 22:13:46 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Sony
[2011/03/20 00:19:59 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Stella
[2011/01/21 15:18:41 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\SYSTEMAX Software Development
[2012/07/12 03:48:38 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Systweak
[2011/08/25 02:08:21 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\TeamViewer
[2012/08/17 21:31:04 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Temp
[2010/10/10 01:54:18 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Template
[2011/06/21 02:54:35 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\TeraCopy
[2012/07/18 00:05:41 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\uTorrent
[2011/05/31 02:27:46 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\VBA-M
[2010/07/24 21:13:20 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Vision Thing
[2011/04/03 20:19:22 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\wb
[2010/07/24 21:13:20 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Webcammax
[2010/08/01 14:46:33 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\WhiteSmokeTranslator
[2010/07/24 21:13:20 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\WildTangent
[2010/07/24 21:13:21 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\WinBatch
[2009/10/05 21:33:25 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Windows Live Writer
[2012/07/10 02:14:20 | 000,000,000 | ---D | M] -- C:\Users\nwofan\AppData\Roaming\Z-Net I
[2012/06/29 14:20:05 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/08/02 13:03:41 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: SPOOLSV.EXE >
[2010/11/20 05:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\ERDNT\cache\spoolsv.exe
[2010/11/20 05:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe

< MD5 for: SPOOLSV.EXE.MUI >
[2009/07/13 19:08:54 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=67D261B613E2EF4B1FB0DC665D502B09 -- C:\Windows\System32\en-US\spoolsv.exe.mui
[2009/07/13 19:08:54 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=67D261B613E2EF4B1FB0DC665D502B09 -- C:\Windows\winsxs\x86_microsoft-windows-p..oler-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27adb62962c94d96\spoolsv.exe.mui

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C980DA7D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

#8
Essexboy

Posted 27 August 2012 - 03:29 AM

GeekU Moderator

Retired Staff
69,964 posts

OK lets now put spoolsrv back where it belongs. Once this run has completed try the printer

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Posted Image

:Files
C:\Windows\System32\spoolsv.exe|C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe /replace

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#9
Essexboy

Posted 27 August 2012 - 03:18 PM

GeekU Moderator

Retired Staff
69,964 posts

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
Follow the prompts on the screen
A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Go to control panel
Select folder options (Appearance > Folder options in category view)
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to this site and click Do I have Java
It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

Go to Control Panel and select System
Select System
On the left select System Protection and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the infected ones

GoStart > All programs > Accessories > system tools
Right click Disc cleanup and select run as administrator
Select Your main drive and accept the warning if you get one
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:

#10
Essexboy

Posted 31 August 2012 - 02:21 PM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.