# Win 7 Security 2012 and other issues



## RoyGuy0 (Dec 6, 2011)

Hey, my name is Nathaniel. A few hours earlier, while browsing the web, I started getting this popup claiming to be an anti-virus software that I had installed earlier and needed to renew. It was called "Win 7 Security 2012" and it would pop up periodically, and soon afterward blocked any of my actions when I tried an executable, like winamp or a game. I'm not too tech savvy, but after confirming with my brother that program itself was the malware, I was looking for specific instructions to remove it. Because it was blocking my .exe actions, one of the solutions given to me was to give it a specific 'key' to unlock the service, making believe I had bought it. I'm not sure that fixed so much as it made it worse, but for the time being at least I was able to access other programs. I quickly downloaded and installed something called Stopzilla to locate and quarantine any infections, but I think it was too late. I no longer get "Win 7 Security 2012" pop-ups, but every now and then I'll get multiple tabs of windows opening up on mozilla of randomly generated ads with keywords that I've input in google or that I've searched for. In addition, activity and loading has slowed down, especially noticeable when browsing the net(pages that normally loaded up in a snap for me take long or don't properly load fully or at all at times). Below is the System info and the copy and pasted HijackThis log. Thank you in advance for taking the time to read this and I hope you guys can help me out.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz, x64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 2046 Mb
Graphics Card: NVIDIA GeForce 9800 GT, 512 Mb
Hard Drives: C: Total - 81917 MB, Free - 60587 MB; D: Total - 528560 MB, Free - 167733 MB;
Motherboard: ASUSTeK Computer INC., P5N-D
Antivirus: AVG Internet Security, Disabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:45:50 PM, on 12/5/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\Steam\Steam.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Roy\AppData\Roaming\Dropbox\bin\Dropbox.exe
D:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
D:\Program Files\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.avg.com/ww.homepage-tlbrf
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] D:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Roy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Roy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Security Protection] C:\ProgramData\defender.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Roy\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - D:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

--
End of file - 8845 bytes


----------



## RoyGuy0 (Dec 6, 2011)

bump


----------



## Larusso (Aug 9, 2011)

Hy there and sorry for the delay
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

 First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
 Perform everything in the correct order. Sometimes one step requires the previous one. 
 If you have any problems while you are following my instructions, *Stop* there and tell me the exact nature of your problem. 
 Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
 Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
 If I don't hear from you within 3 days from this initial or any subsequent post, I will have to unsubscribe from this thread and move on to assist someone else.
 Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
 My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.









Download DDS and save it to your desktop from *here* or *here* or *here*.
Disable any script blocker, and then double click *dds* to run the tool.
When done, DDS will open two (2) logs:
 DDS.txt
 Attach.txt

Save both reports to your desktop.
Please post both in your next reply

Please download *Gmer* from *here* and save it to your Desktop.

 Double click on the *randomly named GMER.exe*. If asked to allow gmer.sys driver to load, please consent.
 If it gives you a warning about rootkit activity and asks if you want to run scan...click on *NO*.


_Click the image to enlarge it_

 In the right panel, you will see several boxes that have been checked. Uncheck the following ...
 *Sections*
 *IAT/EAT*
 *Drives/Partition other than Systemdrive* (typically C:\)
 *Show All* (don't miss this one)

 Then click the Scan button & wait for it to finish.
 Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop

***Caution***
*Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries *

*Please post in your next reply*
dds.txt
attach.txt
ark.txt


----------



## RoyGuy0 (Dec 6, 2011)

Thanks Daniel. Here's the log info from "attach.txt"

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 8/6/2010 3:04:35 PM
System Uptime: 12/5/2011 10:25:25 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5N-D
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz | Socket 775 | 3000/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 80 GiB total, 59.308 GiB free.
D: is FIXED (NTFS) - 516 GiB total, 104.21 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ACPI\ATK0110\1010110
Manufacturer: 
Name: 
PNP Device ID: ACPI\ATK0110\1010110
Service: 
.
==== System Restore Points ===================
.
RP133: 12/4/2011 10:08:44 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP135: 12/5/2011 12:43:36 PM - StopZILLA! Restore Point.
RP137: 12/5/2011 9:13:55 PM - StopZILLA! Restore Point.
RP138: 12/5/2011 10:20:07 PM - Restore Operation
RP139: 12/5/2011 10:42:40 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
µTorrent
7-Zip 4.65
AC3Filter 1.63b
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader 9.3.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 9.0
Bass Audio Decoder (remove only)
Bonjour
Brytenwalda version 1.35
Build Your Own Net Dream (remove only)
CD Audio Reader Filter (remove only)
Combined Community Codec Pack 2009-09-09
Connect
Corel Painter X
DCoder Image Source (remove only)
DivX Setup
Dropbox
DScaler 5 Mpeg Decoders
Dual-Core Optimizer
Fable III
ffdshow [rev 3124] [2009-11-03]
FFMPEG Core Files (remove only)
Gabest MPEG Splitter (remove only)
HiJackThis
Imperium Graecorum for Warband 0.4
iTunes
Java Auto Updater
Java(TM) 6 Update 27
kuler
League of Legends
Left 4 Dead 2
Magicka
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
MONOGRAM AMR Splitter/Decoder (remove only)
Mount&Blade
Mount&Blade Warband
Mozilla Firefox 8.0 (x86 en-US)
Mp3 Merger V1.0
Music Manager
NVIDIA 3D Vision Driver 266.58
NVIDIA Control Panel 266.58
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
ooVoo
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Pando Media Booster
PCSX2 - Playstation 2 Emulator
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
PunkBuster Services
QuickPar 0.9
QuickTime
RealMedia (remove only)
RealPlayer
RealUpgrade 1.0
Rosetta Stone Version 3
Saints Row The Third
SHOUTcast Source (remove only)
Skype Toolbars
Skype™ 5.3
SpeedFan (remove only)
Star Wars Jedi Knight: Dark Forces II
Steam
Suite Shared Configuration CS4
Sword of Damocles: Warlords 3.8
Sword of Damocles: Warlords Music Add-on 3.8
System Requirements Lab
System Requirements Lab CYRI
Team Fortress 2
The Witcher 2
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Wacom Tablet
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
WinRAR archiver
Zoom Player (remove only)
.
==== Event Viewer Messages From Past Week ========
.
12/5/2011 8:58:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
12/5/2011 8:58:26 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/5/2011 8:58:24 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/5/2011 8:58:24 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/5/2011 8:36:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
12/5/2011 8:36:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
12/5/2011 8:34:41 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/5/2011 8:34:41 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
12/5/2011 8:34:41 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/5/2011 8:34:41 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/5/2011 8:34:38 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/5/2011 8:34:33 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/5/2011 8:34:33 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/5/2011 8:34:33 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/5/2011 8:34:33 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/5/2011 8:34:33 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/5/2011 8:34:33 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/5/2011 8:34:33 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/5/2011 8:34:33 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/5/2011 8:34:33 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/5/2011 8:34:33 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/5/2011 8:34:33 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/5/2011 8:34:33 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/5/2011 10:15:57 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/5/2011 10:15:56 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/5/2011 10:15:56 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/5/2011 10:15:56 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/5/2011 10:15:56 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/5/2011 10:15:56 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/5/2011 10:15:56 PM, Error: Service Control Manager [7031] - The PnP-X IP Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/5/2011 10:15:56 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/5/2011 10:15:56 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
12/5/2011 10:15:56 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/5/2011 10:15:56 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/4/2011 9:29:18 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
12/4/2011 10:24:10 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
12/4/2011 10:21:09 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/4/2011 10:17:58 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/4/2011 10:07:43 PM, Error: Service Control Manager [7034] - The ProtexisLicensing service terminated unexpectedly. It has done this 1 time(s).
12/4/2011 10:07:43 PM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
12/4/2011 10:07:43 PM, Error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 8:16:16 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
.
==== End Of File ===========================


----------



## RoyGuy0 (Dec 6, 2011)

And here is the log info from "dds.txt"

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_27
Run by Roy at 22:49:41 on 2011-12-05
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1004 [GMT -5:00]
.
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
D:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
D:\Program Files\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe
C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://free.avg.com/ww.homepage-tlbrf
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - d:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - d:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - d:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - d:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [uTorrent] "d:\program files\utorrent\uTorrent.exe"
uRun: [Steam] "d:\program files\steam\steam.exe" -silent
uRun: [Google Update] "c:\users\roy\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MusicManager] "c:\users\roy\appdata\local\programs\google\musicmanager\MusicManager.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Security Protection] c:\programdata\defender.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] d:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\roy\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\roy\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{92B58735-5255-4A6B-8B3C-F3316B72FCE3} : DhcpNameServer = 68.87.64.150 68.87.75.198
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - d:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
AppInit_DLLs: avgrsstx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\roy\appdata\roaming\mozilla\firefox\profiles\t4bnr470.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c5dedea&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: d:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: d:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: d:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: d:\program files\avg\avg9\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
FF - component: d:\program files\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\roy\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: d:\program files\byond\bin\npbyond.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\plugins\npbyond.dll
FF - plugin: d:\program files\plugins\npdeployJava1.dll
FF - plugin: d:\program files\plugins\npwachk.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwx.sys [2010-8-7 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-7 52872]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-8-7 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-7 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-7 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-7 243152]
R2 avg9wd;AVG WatchDog;d:\program files\avg\avg9\avgwdsvc.exe [2010-8-7 308136]
R2 avgfws9;AVG Firewall;d:\program files\avg\avg9\avgfws9.exe [2010-8-7 2331544]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2010-11-11 4767600]
R3 AVGIDSDriverw7x;AVG9IDSDriver;d:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2010-8-7 122448]
R3 AVGIDSFilterw7x;AVG9IDSFilter;d:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2010-8-7 30288]
R3 AVGIDSShimw7x;AVG9IDSShim;d:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2010-8-7 20560]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-8-6 16240]
S2 avg9emc;AVG E-mail Scanner;d:\program files\avg\avg9\avgemc.exe [2010-8-7 921952]
S2 AVGIDSAgent;AVG9IDSAgent;d:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-8-7 5897808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;d:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 1025352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
.
=============== Created Last 30 ================
.
2011-12-06 03:42:53 388096 ----a-r- c:\users\roy\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-12-05 03:09:07 -------- d-----w- c:\program files\STOPzilla!
2011-12-05 03:09:06 -------- d-----w- c:\programdata\STOPzilla!
2011-12-05 03:09:06 -------- d-----w- c:\program files\common files\iS3
2011-11-24 04:40:45 -------- d-----w- c:\users\roy\appdata\local\SKIDROW
2011-11-13 02:39:31 -------- d-----w- c:\users\roy\appdata\local\Skyrim
2011-11-13 01:57:02 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-11-13 01:57:02 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-11-13 01:57:01 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2011-11-13 01:57:01 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-11-13 01:57:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-11-13 01:57:01 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2011-11-13 01:57:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-11-13 01:57:00 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-11-13 01:57:00 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2011-11-13 01:57:00 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-11-13 01:57:00 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
.
==================== Find3M ====================
.
2011-10-03 21:59:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 22:50:03.43 ===============


----------



## RoyGuy0 (Dec 6, 2011)

this is from the GMER program

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-11 17:58:14
Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000060 WDC_WD64 rev.05.0
Running: x9gtyw2y.exe; Driver: C:\Users\Roy\AppData\Local\Temp\ugdiypoc.sys

---- System - GMER 1.0.15 ----

SSDT \??\D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwOpenProcess [0xC7594730]
SSDT \??\D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateProcess [0xC75947E0]
SSDT \??\D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateThread [0xC7594880]
SSDT \??\D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwWriteVirtualMemory [0xC7594920]

INT 0x51 ? BC567A58
INT 0x52 ? BD2BB2D8
INT 0x62 ? BD2BBA58
INT 0x72 ? BC567058
INT 0x82 ? BD2BB558
INT 0x92 ? BC5672D8
INT 0xA2 ? BC567558
INT 0xB1 ? BC567CD8
INT 0xB2 ? BC5677D8

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011675f13be 
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011675f13be (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB41731$\160344717 0 bytes
File C:\Windows\$NtUninstallKB41731$\160344717\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB41731$\160344717\U 0 bytes
File C:\Windows\$NtUninstallKB41731$\3078631818 0 bytes

---- EOF - GMER 1.0.15 ----


----------



## RoyGuy0 (Dec 6, 2011)

Would you like the text files as attachments as well?


----------



## Larusso (Aug 9, 2011)

Good work 



> Post all Logfiles as a reply rather than as an attachment unless I specifically ask you


Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download *TDSSKiller.exe* and save it to your desktop
Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan

If Malicious objects are found, *do NOT *select * Cure*. *Change the action to Skip*, and save the log.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

*Please post in your next reply*
TDSSKiller Log


----------



## RoyGuy0 (Dec 6, 2011)

Here's the log. No malicious objects were found.

22:34:11.0474 7700 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
22:34:11.0870 7700 ============================================================
22:34:11.0870 7700 Current date / time: 2011/12/11 22:34:11.0870
22:34:11.0870 7700 SystemInfo:
22:34:11.0870 7700 
22:34:11.0871 7700 OS Version: 6.1.7600 ServicePack: 0.0
22:34:11.0871 7700 Product type: Workstation
22:34:11.0871 7700 ComputerName: AWESOME-O
22:34:11.0871 7700 UserName: Roy
22:34:11.0871 7700 Windows directory: C:\Windows
22:34:11.0871 7700 System windows directory: C:\Windows
22:34:11.0871 7700 Processor architecture: Intel x86
22:34:11.0871 7700 Number of processors: 2
22:34:11.0871 7700 Page size: 0x1000
22:34:11.0871 7700 Boot type: Normal boot
22:34:11.0871 7700 ============================================================
22:34:13.0275 7700 Initialize success
22:34:15.0403 2480 ============================================================
22:34:15.0403 2480 Scan started
22:34:15.0403 2480 Mode: Manual; 
22:34:15.0403 2480 ============================================================
22:34:17.0074 2480 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
22:34:17.0076 2480 1394ohci - ok
22:34:17.0115 2480 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
22:34:17.0118 2480 ACPI - ok
22:34:17.0149 2480 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
22:34:17.0149 2480 AcpiPmi - ok
22:34:17.0193 2480 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
22:34:17.0201 2480 adfs - ok
22:34:17.0261 2480 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:34:17.0265 2480 adp94xx - ok
22:34:17.0329 2480 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:34:17.0338 2480 adpahci - ok
22:34:17.0356 2480 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:34:17.0357 2480 adpu320 - ok
22:34:17.0409 2480 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
22:34:17.0412 2480 AFD - ok
22:34:17.0432 2480 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
22:34:17.0433 2480 agp440 - ok
22:34:17.0461 2480 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:34:17.0463 2480 aic78xx - ok
22:34:17.0477 2480 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
22:34:17.0478 2480 aliide - ok
22:34:17.0495 2480 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
22:34:17.0496 2480 amdagp - ok
22:34:17.0519 2480 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
22:34:17.0520 2480 amdide - ok
22:34:17.0540 2480 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:34:17.0542 2480 AmdK8 - ok
22:34:17.0597 2480 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
22:34:17.0598 2480 AmdLLD - ok
22:34:17.0613 2480 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:34:17.0614 2480 AmdPPM - ok
22:34:17.0644 2480 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
22:34:17.0645 2480 amdsata - ok
22:34:17.0663 2480 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:34:17.0664 2480 amdsbs - ok
22:34:17.0686 2480 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
22:34:17.0687 2480 amdxata - ok
22:34:17.0707 2480 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
22:34:17.0708 2480 AppID - ok
22:34:17.0760 2480 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:34:17.0761 2480 arc - ok
22:34:17.0778 2480 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:34:17.0779 2480 arcsas - ok
22:34:17.0812 2480 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:34:17.0813 2480 AsyncMac - ok
22:34:17.0837 2480 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
22:34:17.0838 2480 atapi - ok
22:34:17.0877 2480 Avgfwfd (26a4640a8f16f8ce39b93329c83bb15a) C:\Windows\system32\DRIVERS\avgfwd6x.sys
22:34:17.0878 2480 Avgfwfd - ok
22:34:17.0978 2480 AVGIDSDriverw7x (9e6b5bc75fd68b0d56a6f68a2d967241) D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys
22:34:17.0992 2480 AVGIDSDriverw7x - ok
22:34:18.0025 2480 AVGIDSErHrw7x (25d906e3419ec2e7813d0627dd054032) C:\Windows\system32\Drivers\AVGIDSwx.sys
22:34:18.0026 2480 AVGIDSErHrw7x - ok
22:34:18.0030 2480 AVGIDSFilterw7x (57b9a71774c9e334dc8ef97657ff18a1) D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys
22:34:18.0030 2480 AVGIDSFilterw7x - ok
22:34:18.0045 2480 AVGIDSShimw7x (c996c03d160137938a122a951305d645) D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys
22:34:18.0046 2480 AVGIDSShimw7x - ok
22:34:18.0100 2480 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
22:34:18.0125 2480 AvgLdx86 - ok
22:34:18.0142 2480 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
22:34:18.0143 2480 AvgMfx86 - ok
22:34:18.0161 2480 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys
22:34:18.0162 2480 AvgRkx86 - ok
22:34:18.0188 2480 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\system32\Drivers\avgtdix.sys
22:34:18.0191 2480 AvgTdiX - ok
22:34:18.0228 2480 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:34:18.0232 2480 b06bdrv - ok
22:34:18.0259 2480 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:34:18.0261 2480 b57nd60x - ok
22:34:18.0286 2480 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:34:18.0287 2480 Beep - ok
22:34:18.0328 2480 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:34:18.0337 2480 blbdrive - ok
22:34:18.0364 2480 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
22:34:18.0365 2480 bowser - ok
22:34:18.0386 2480 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:34:18.0387 2480 BrFiltLo - ok
22:34:18.0407 2480 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:34:18.0408 2480 BrFiltUp - ok
22:34:18.0434 2480 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:34:18.0437 2480 Brserid - ok
22:34:18.0460 2480 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:34:18.0461 2480 BrSerWdm - ok
22:34:18.0481 2480 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:34:18.0482 2480 BrUsbMdm - ok
22:34:18.0498 2480 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:34:18.0498 2480 BrUsbSer - ok
22:34:18.0539 2480 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
22:34:18.0540 2480 BthEnum - ok
22:34:18.0547 2480 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:34:18.0548 2480 BTHMODEM - ok
22:34:18.0563 2480 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
22:34:18.0565 2480 BthPan - ok
22:34:18.0686 2480 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
22:34:18.0697 2480 BTHPORT - ok
22:34:18.0740 2480 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
22:34:18.0741 2480 BTHUSB - ok
22:34:18.0761 2480 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:34:18.0762 2480 cdfs - ok
22:34:18.0806 2480 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
22:34:18.0808 2480 cdrom - ok
22:34:18.0836 2480 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:34:18.0837 2480 circlass - ok
22:34:18.0868 2480 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:34:18.0870 2480 CLFS - ok
22:34:18.0923 2480 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:34:18.0924 2480 CmBatt - ok
22:34:18.0939 2480 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
22:34:18.0939 2480 cmdide - ok
22:34:18.0967 2480 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
22:34:18.0970 2480 CNG - ok
22:34:18.0989 2480 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:34:18.0990 2480 Compbatt - ok
22:34:19.0005 2480 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:34:19.0006 2480 CompositeBus - ok
22:34:19.0027 2480 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:34:19.0028 2480 crcdisk - ok
22:34:19.0082 2480 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
22:34:19.0086 2480 CSC - ok
22:34:19.0134 2480 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
22:34:19.0136 2480 DfsC - ok
22:34:19.0156 2480 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:34:19.0157 2480 discache - ok
22:34:19.0182 2480 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:34:19.0183 2480 Disk - ok
22:34:19.0220 2480 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:34:19.0221 2480 drmkaud - ok
22:34:19.0244 2480 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
22:34:19.0262 2480 DXGKrnl - ok
22:34:19.0827 2480 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:34:19.0899 2480 ebdrv - ok
22:34:20.0174 2480 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:34:20.0186 2480 elxstor - ok
22:34:20.0208 2480 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
22:34:20.0209 2480 ErrDev - ok
22:34:20.0243 2480 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:34:20.0245 2480 exfat - ok
22:34:20.0262 2480 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:34:20.0264 2480 fastfat - ok
22:34:20.0294 2480 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:34:20.0295 2480 fdc - ok
22:34:20.0308 2480 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:34:20.0310 2480 FileInfo - ok
22:34:20.0330 2480 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:34:20.0331 2480 Filetrace - ok
22:34:20.0356 2480 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:34:20.0356 2480 flpydisk - ok
22:34:20.0377 2480 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:34:20.0380 2480 FltMgr - ok
22:34:20.0399 2480 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:34:20.0400 2480 FsDepends - ok
22:34:20.0415 2480 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
22:34:20.0416 2480 Fs_Rec - ok
22:34:20.0434 2480 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
22:34:20.0436 2480 fvevol - ok
22:34:20.0468 2480 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:34:20.0469 2480 gagp30kx - ok
22:34:20.0499 2480 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:34:20.0500 2480 GEARAspiWDM - ok
22:34:20.0544 2480 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
22:34:20.0592 2480 giveio - ok
22:34:20.0614 2480 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:34:20.0615 2480 hcw85cir - ok
22:34:20.0659 2480 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
22:34:20.0662 2480 HdAudAddService - ok
22:34:20.0749 2480 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:34:20.0790 2480 HDAudBus - ok
22:34:20.0865 2480 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:34:20.0866 2480 HidBatt - ok
22:34:20.0884 2480 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:34:20.0885 2480 HidBth - ok
22:34:20.0909 2480 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:34:20.0910 2480 HidIr - ok
22:34:20.0924 2480 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
22:34:20.0926 2480 HidUsb - ok
22:34:20.0961 2480 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:34:20.0962 2480 HpSAMD - ok
22:34:21.0002 2480 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
22:34:21.0007 2480 HTTP - ok
22:34:21.0021 2480 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
22:34:21.0022 2480 hwpolicy - ok
22:34:21.0039 2480 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
22:34:21.0040 2480 i8042prt - ok
22:34:21.0061 2480 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
22:34:21.0065 2480 iaStorV - ok
22:34:21.0087 2480 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:34:21.0088 2480 iirsp - ok
22:34:21.0106 2480 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
22:34:21.0106 2480 intelide - ok
22:34:21.0125 2480 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:34:21.0126 2480 intelppm - ok
22:34:21.0155 2480 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:34:21.0156 2480 IpFilterDriver - ok
22:34:21.0172 2480 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:34:21.0173 2480 IPMIDRV - ok
22:34:21.0190 2480 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:34:21.0206 2480 IPNAT - ok
22:34:21.0243 2480 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:34:21.0244 2480 IRENUM - ok
22:34:21.0258 2480 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
22:34:21.0259 2480 isapnp - ok
22:34:21.0283 2480 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
22:34:21.0286 2480 iScsiPrt - ok
22:34:21.0301 2480 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:34:21.0302 2480 kbdclass - ok
22:34:21.0331 2480 kbdhid  (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
22:34:21.0332 2480 kbdhid - ok
22:34:21.0344 2480 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
22:34:21.0345 2480 KSecDD - ok
22:34:21.0364 2480 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
22:34:21.0366 2480 KSecPkg - ok
22:34:21.0403 2480 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:34:21.0404 2480 lltdio - ok
22:34:21.0430 2480 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:34:21.0432 2480 LSI_FC - ok
22:34:21.0447 2480 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:34:21.0448 2480 LSI_SAS - ok
22:34:21.0469 2480 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:34:21.0470 2480 LSI_SAS2 - ok
22:34:21.0489 2480 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:34:21.0490 2480 LSI_SCSI - ok
22:34:21.0508 2480 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:34:21.0509 2480 luafv - ok
22:34:21.0532 2480 mcdbus - ok
22:34:21.0554 2480 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:34:21.0555 2480 megasas - ok
22:34:21.0576 2480 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:34:21.0579 2480 MegaSR - ok
22:34:21.0600 2480 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:34:21.0601 2480 Modem - ok
22:34:21.0620 2480 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:34:21.0621 2480 monitor - ok
22:34:21.0634 2480 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:34:21.0636 2480 mouclass - ok
22:34:21.0659 2480 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:34:21.0660 2480 mouhid - ok
22:34:21.0673 2480 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
22:34:21.0674 2480 mountmgr - ok
22:34:21.0719 2480 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
22:34:21.0730 2480 mpio - ok
22:34:21.0746 2480 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:34:21.0747 2480 mpsdrv - ok
22:34:21.0764 2480 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
22:34:21.0766 2480 MRxDAV - ok
22:34:21.0796 2480 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:34:21.0798 2480 mrxsmb - ok
22:34:21.0827 2480 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:34:21.0830 2480 mrxsmb10 - ok
22:34:21.0840 2480 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:34:21.0842 2480 mrxsmb20 - ok
22:34:21.0861 2480 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
22:34:21.0862 2480 msahci - ok
22:34:21.0877 2480 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
22:34:21.0878 2480 msdsm - ok
22:34:21.0916 2480 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:34:21.0917 2480 Msfs - ok
22:34:21.0931 2480 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:34:21.0932 2480 mshidkmdf - ok
22:34:21.0949 2480 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
22:34:21.0950 2480 msisadrv - ok
22:34:21.0977 2480 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:34:21.0978 2480 MSKSSRV - ok
22:34:21.0998 2480 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:34:21.0999 2480 MSPCLOCK - ok
22:34:22.0013 2480 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:34:22.0014 2480 MSPQM - ok
22:34:22.0038 2480 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:34:22.0039 2480 MsRPC - ok
22:34:22.0054 2480 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
22:34:22.0055 2480 mssmbios - ok
22:34:22.0081 2480 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:34:22.0081 2480 MSTEE - ok
22:34:22.0103 2480 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:34:22.0104 2480 MTConfig - ok
22:34:22.0127 2480 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:34:22.0128 2480 Mup - ok
22:34:22.0171 2480 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:34:22.0173 2480 NativeWifiP - ok
22:34:22.0328 2480 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
22:34:22.0341 2480 NDIS - ok
22:34:22.0365 2480 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:34:22.0366 2480 NdisCap - ok
22:34:22.0386 2480 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:34:22.0386 2480 NdisTapi - ok
22:34:22.0408 2480 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
22:34:22.0409 2480 Ndisuio - ok
22:34:22.0432 2480 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
22:34:22.0434 2480 NdisWan - ok
22:34:22.0444 2480 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
22:34:22.0445 2480 NDProxy - ok
22:34:22.0482 2480 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:34:22.0483 2480 NetBIOS - ok
22:34:22.0505 2480 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
22:34:22.0507 2480 NetBT - ok
22:34:22.0559 2480 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:34:22.0560 2480 nfrd960 - ok
22:34:22.0569 2480 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:34:22.0570 2480 Npfs - ok
22:34:22.0586 2480 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:34:22.0587 2480 nsiproxy - ok
22:34:22.0628 2480 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
22:34:22.0650 2480 Ntfs - ok
22:34:22.0667 2480 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:34:22.0667 2480 Null - ok
22:34:22.0696 2480 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
22:34:22.0700 2480 NVENETFD - ok
22:34:24.0845 2480 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:34:25.0036 2480 nvlddmkm - ok
22:34:25.0139 2480 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
22:34:25.0140 2480 nvraid - ok
22:34:25.0174 2480 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
22:34:25.0175 2480 nvstor - ok
22:34:25.0221 2480 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
22:34:25.0223 2480 nv_agp - ok
22:34:25.0257 2480 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
22:34:25.0258 2480 ohci1394 - ok
22:34:25.0308 2480 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:34:25.0310 2480 Parport - ok
22:34:25.0329 2480 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
22:34:25.0330 2480 partmgr - ok
22:34:25.0348 2480 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:34:25.0352 2480 Parvdm - ok
22:34:25.0372 2480 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
22:34:25.0376 2480 pci - ok
22:34:25.0393 2480 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
22:34:25.0394 2480 pciide - ok
22:34:25.0412 2480 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:34:25.0414 2480 pcmcia - ok
22:34:25.0437 2480 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:34:25.0438 2480 pcw - ok
22:34:25.0463 2480 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:34:25.0472 2480 PEAUTH - ok
22:34:25.0521 2480 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:34:25.0522 2480 PptpMiniport - ok
22:34:25.0549 2480 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:34:25.0550 2480 Processor - ok
22:34:25.0594 2480 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:34:25.0595 2480 Psched - ok
22:34:25.0636 2480 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:34:25.0658 2480 ql2300 - ok
22:34:25.0680 2480 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:34:25.0681 2480 ql40xx - ok
22:34:25.0696 2480 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:34:25.0697 2480 QWAVEdrv - ok
22:34:25.0715 2480 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:34:25.0716 2480 RasAcd - ok
22:34:25.0752 2480 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:34:25.0753 2480 RasAgileVpn - ok
22:34:25.0776 2480 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:34:25.0778 2480 Rasl2tp - ok
22:34:25.0808 2480 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:34:25.0809 2480 RasPppoe - ok
22:34:25.0831 2480 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:34:25.0832 2480 RasSstp - ok
22:34:25.0926 2480 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
22:34:25.0929 2480 rdbss - ok
22:34:25.0956 2480 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:34:25.0959 2480 rdpbus - ok
22:34:25.0971 2480 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:34:25.0972 2480 RDPCDD - ok
22:34:25.0995 2480 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
22:34:25.0998 2480 RDPDR - ok
22:34:26.0026 2480 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:34:26.0027 2480 RDPENCDD - ok
22:34:26.0037 2480 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:34:26.0037 2480 RDPREFMP - ok
22:34:26.0058 2480 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
22:34:26.0060 2480 RDPWD - ok
22:34:26.0084 2480 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
22:34:26.0086 2480 rdyboost - ok
22:34:26.0135 2480 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
22:34:26.0137 2480 RFCOMM - ok
22:34:26.0178 2480 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:34:26.0179 2480 rspndr - ok
22:34:26.0192 2480 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
22:34:26.0193 2480 s3cap - ok
22:34:26.0223 2480 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
22:34:26.0225 2480 sbp2port - ok
22:34:26.0241 2480 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
22:34:26.0242 2480 scfilter - ok
22:34:26.0267 2480 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:34:26.0268 2480 secdrv - ok
22:34:26.0308 2480 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:34:26.0309 2480 Serenum - ok
22:34:26.0330 2480 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:34:26.0331 2480 Serial - ok
22:34:26.0349 2480 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:34:26.0350 2480 sermouse - ok
22:34:26.0369 2480 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
22:34:26.0370 2480 sffdisk - ok
22:34:26.0394 2480 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:34:26.0395 2480 sffp_mmc - ok
22:34:26.0409 2480 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:34:26.0410 2480 sffp_sd - ok
22:34:26.0429 2480 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:34:26.0430 2480 sfloppy - ok
22:34:26.0454 2480 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
22:34:26.0456 2480 sisagp - ok
22:34:26.0475 2480 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:34:26.0476 2480 SiSRaid2 - ok
22:34:26.0491 2480 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:34:26.0492 2480 SiSRaid4 - ok
22:34:26.0522 2480 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:34:26.0523 2480 Smb - ok
22:34:26.0568 2480 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
22:34:26.0570 2480 speedfan - ok
22:34:26.0581 2480 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:34:26.0582 2480 spldr - ok
22:34:26.0618 2480 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
22:34:26.0623 2480 srv - ok
22:34:26.0643 2480 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
22:34:26.0646 2480 srv2 - ok
22:34:26.0663 2480 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
22:34:26.0664 2480 srvnet - ok
22:34:26.0717 2480 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:34:26.0718 2480 stexstor - ok
22:34:26.0747 2480 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
22:34:26.0750 2480 storflt - ok
22:34:26.0769 2480 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
22:34:26.0770 2480 storvsc - ok
22:34:26.0794 2480 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
22:34:26.0795 2480 swenum - ok
22:34:26.0853 2480 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
22:34:26.0877 2480 Tcpip - ok
22:34:26.0925 2480 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
22:34:26.0931 2480 TCPIP6 - ok
22:34:26.0946 2480 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
22:34:26.0947 2480 tcpipreg - ok
22:34:26.0970 2480 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
22:34:26.0971 2480 TDPIPE - ok
22:34:26.0987 2480 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
22:34:26.0988 2480 TDTCP - ok
22:34:27.0031 2480 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
22:34:27.0032 2480 tdx - ok
22:34:27.0055 2480 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
22:34:27.0056 2480 TermDD - ok
22:34:27.0099 2480 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:34:27.0100 2480 tssecsrv - ok
22:34:27.0125 2480 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
22:34:27.0134 2480 tunnel - ok
22:34:27.0149 2480 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:34:27.0151 2480 uagp35 - ok
22:34:27.0182 2480 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
22:34:27.0184 2480 udfs - ok
22:34:27.0221 2480 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:34:27.0222 2480 uliagpkx - ok
22:34:27.0242 2480 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
22:34:27.0243 2480 umbus - ok
22:34:27.0263 2480 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:34:27.0264 2480 UmPass - ok
22:34:27.0316 2480 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
22:34:27.0317 2480 USBAAPL - ok
22:34:27.0340 2480 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
22:34:27.0342 2480 usbccgp - ok
22:34:27.0364 2480 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
22:34:27.0365 2480 usbcir - ok
22:34:27.0387 2480 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
22:34:27.0388 2480 usbehci - ok
22:34:27.0412 2480 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
22:34:27.0418 2480 usbhub - ok
22:34:27.0433 2480 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
22:34:27.0434 2480 usbohci - ok
22:34:27.0452 2480 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:34:27.0453 2480 usbprint - ok
22:34:27.0478 2480 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:34:27.0479 2480 USBSTOR - ok
22:34:27.0501 2480 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
22:34:27.0502 2480 usbuhci - ok
22:34:27.0546 2480 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
22:34:27.0547 2480 VClone - ok
22:34:27.0565 2480 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:34:27.0566 2480 vdrvroot - ok
22:34:27.0582 2480 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:34:27.0583 2480 vga - ok
22:34:27.0605 2480 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:34:27.0605 2480 VgaSave - ok
22:34:27.0624 2480 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
22:34:27.0627 2480 vhdmp - ok
22:34:27.0658 2480 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
22:34:27.0659 2480 viaagp - ok
22:34:27.0677 2480 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:34:27.0678 2480 ViaC7 - ok
22:34:27.0700 2480 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
22:34:27.0701 2480 viaide - ok
22:34:27.0725 2480 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
22:34:27.0727 2480 vmbus - ok
22:34:27.0742 2480 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
22:34:27.0743 2480 VMBusHID - ok
22:34:27.0767 2480 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
22:34:27.0769 2480 volmgr - ok
22:34:27.0793 2480 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:34:27.0796 2480 volmgrx - ok
22:34:27.0810 2480 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
22:34:27.0813 2480 volsnap - ok
22:34:27.0835 2480 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:34:27.0837 2480 vsmraid - ok
22:34:27.0858 2480 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
22:34:27.0860 2480 vwifibus - ok
22:34:27.0909 2480 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
22:34:27.0910 2480 wacmoumonitor - ok
22:34:27.0942 2480 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
22:34:27.0943 2480 wacommousefilter - ok
22:34:27.0956 2480 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:34:27.0957 2480 WacomPen - ok
22:34:27.0969 2480 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
22:34:27.0970 2480 wacomvhid - ok
22:34:27.0991 2480 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
22:34:27.0992 2480 WANARP - ok
22:34:27.0996 2480 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
22:34:27.0996 2480 Wanarpv6 - ok
22:34:28.0019 2480 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:34:28.0020 2480 Wd - ok
22:34:28.0050 2480 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:34:28.0055 2480 Wdf01000 - ok
22:34:28.0092 2480 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:34:28.0093 2480 WfpLwf - ok
22:34:28.0106 2480 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:34:28.0107 2480 WIMMount - ok
22:34:28.0148 2480 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
22:34:28.0149 2480 WinUsb - ok
22:34:28.0174 2480 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:34:28.0181 2480 WmiAcpi - ok
22:34:28.0238 2480 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:34:28.0239 2480 ws2ifsl - ok
22:34:28.0290 2480 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:34:28.0292 2480 WSDPrintDevice - ok
22:34:28.0318 2480 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
22:34:28.0319 2480 WudfPf - ok
22:34:28.0351 2480 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:34:28.0353 2480 WUDFRd - ok
22:34:28.0381 2480 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:34:28.0390 2480 \Device\Harddisk0\DR0 - ok
22:34:28.0393 2480 Boot (0x1200) (5159cc29bb03f482abac96bfcf718e28) \Device\Harddisk0\DR0\Partition0
22:34:28.0394 2480 \Device\Harddisk0\DR0\Partition0 - ok
22:34:28.0409 2480 Boot (0x1200) (1cab8612816dfcad28db9852551ff1ad) \Device\Harddisk0\DR0\Partition1
22:34:28.0410 2480 \Device\Harddisk0\DR0\Partition1 - ok
22:34:28.0410 2480 ============================================================
22:34:28.0410 2480 Scan finished
22:34:28.0410 2480 ============================================================
22:34:28.0422 7708 Detected object count: 0
22:34:28.0422 7708 Actual detected object count: 0
22:35:18.0913 7820 ============================================================
22:35:18.0913 7820 Scan started
22:35:18.0913 7820 Mode: Manual; 
22:35:18.0913 7820 ============================================================
22:35:19.0206 7820 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
22:35:19.0207 7820 1394ohci - ok
22:35:19.0236 7820 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
22:35:19.0237 7820 ACPI - ok
22:35:19.0258 7820 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
22:35:19.0259 7820 AcpiPmi - ok
22:35:19.0291 7820 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
22:35:19.0292 7820 adfs - ok
22:35:19.0315 7820 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:35:19.0317 7820 adp94xx - ok
22:35:19.0338 7820 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:35:19.0340 7820 adpahci - ok
22:35:19.0354 7820 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:35:19.0355 7820 adpu320 - ok
22:35:19.0396 7820 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
22:35:19.0398 7820 AFD - ok
22:35:19.0419 7820 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
22:35:19.0420 7820 agp440 - ok
22:35:19.0438 7820 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:35:19.0438 7820 aic78xx - ok
22:35:19.0453 7820 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
22:35:19.0454 7820 aliide - ok
22:35:19.0471 7820 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
22:35:19.0472 7820 amdagp - ok
22:35:19.0495 7820 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
22:35:19.0496 7820 amdide - ok
22:35:19.0517 7820 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:35:19.0517 7820 AmdK8 - ok
22:35:19.0551 7820 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
22:35:19.0552 7820 AmdLLD - ok
22:35:19.0567 7820 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:35:19.0568 7820 AmdPPM - ok
22:35:19.0587 7820 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
22:35:19.0587 7820 amdsata - ok
22:35:19.0605 7820 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:35:19.0606 7820 amdsbs - ok
22:35:19.0629 7820 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
22:35:19.0629 7820 amdxata - ok
22:35:19.0650 7820 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
22:35:19.0650 7820 AppID - ok
22:35:19.0669 7820 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:35:19.0670 7820 arc - ok
22:35:19.0687 7820 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:35:19.0688 7820 arcsas - ok
22:35:19.0710 7820 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:35:19.0710 7820 AsyncMac - ok
22:35:19.0718 7820 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
22:35:19.0718 7820 atapi - ok
22:35:19.0753 7820 Avgfwfd (26a4640a8f16f8ce39b93329c83bb15a) C:\Windows\system32\DRIVERS\avgfwd6x.sys
22:35:19.0753 7820 Avgfwfd - ok
22:35:19.0832 7820 AVGIDSDriverw7x (9e6b5bc75fd68b0d56a6f68a2d967241) D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys
22:35:19.0832 7820 AVGIDSDriverw7x - ok
22:35:19.0857 7820 AVGIDSErHrw7x (25d906e3419ec2e7813d0627dd054032) C:\Windows\system32\Drivers\AVGIDSwx.sys
22:35:19.0857 7820 AVGIDSErHrw7x - ok
22:35:19.0861 7820 AVGIDSFilterw7x (57b9a71774c9e334dc8ef97657ff18a1) D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys
22:35:19.0861 7820 AVGIDSFilterw7x - ok
22:35:19.0865 7820 AVGIDSShimw7x (c996c03d160137938a122a951305d645) D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys
22:35:19.0865 7820 AVGIDSShimw7x - ok
22:35:19.0899 7820 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
22:35:19.0900 7820 AvgLdx86 - ok
22:35:19.0918 7820 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
22:35:19.0918 7820 AvgMfx86 - ok
22:35:19.0937 7820 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys
22:35:19.0938 7820 AvgRkx86 - ok
22:35:19.0964 7820 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\system32\Drivers\avgtdix.sys
22:35:19.0965 7820 AvgTdiX - ok
22:35:19.0993 7820 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:35:19.0995 7820 b06bdrv - ok
22:35:20.0013 7820 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:35:20.0014 7820 b57nd60x - ok
22:35:20.0025 7820 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:35:20.0025 7820 Beep - ok
22:35:20.0060 7820 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:35:20.0060 7820 blbdrive - ok
22:35:20.0073 7820 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
22:35:20.0074 7820 bowser - ok
22:35:20.0095 7820 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:35:20.0096 7820 BrFiltLo - ok
22:35:20.0106 7820 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:35:20.0106 7820 BrFiltUp - ok
22:35:20.0127 7820 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:35:20.0129 7820 Brserid - ok
22:35:20.0147 7820 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:35:20.0148 7820 BrSerWdm - ok
22:35:20.0168 7820 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:35:20.0168 7820 BrUsbMdm - ok
22:35:20.0185 7820 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:35:20.0185 7820 BrUsbSer - ok
22:35:20.0215 7820 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
22:35:20.0216 7820 BthEnum - ok
22:35:20.0223 7820 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:35:20.0224 7820 BTHMODEM - ok
22:35:20.0240 7820 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
22:35:20.0240 7820 BthPan - ok
22:35:20.0280 7820 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
22:35:20.0282 7820 BTHPORT - ok
22:35:20.0305 7820 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
22:35:20.0305 7820 BTHUSB - ok
22:35:20.0327 7820 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:35:20.0327 7820 cdfs - ok
22:35:20.0360 7820 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
22:35:20.0361 7820 cdrom - ok
22:35:20.0379 7820 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:35:20.0380 7820 circlass - ok
22:35:20.0411 7820 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:35:20.0412 7820 CLFS - ok
22:35:20.0432 7820 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:35:20.0433 7820 CmBatt - ok
22:35:20.0448 7820 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
22:35:20.0449 7820 cmdide - ok
22:35:20.0476 7820 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
22:35:20.0478 7820 CNG - ok
22:35:20.0498 7820 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:35:20.0499 7820 Compbatt - ok
22:35:20.0515 7820 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:35:20.0515 7820 CompositeBus - ok
22:35:20.0537 7820 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:35:20.0537 7820 crcdisk - ok
22:35:20.0569 7820 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
22:35:20.0571 7820 CSC - ok
22:35:20.0610 7820 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
22:35:20.0611 7820 DfsC - ok
22:35:20.0632 7820 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:35:20.0632 7820 discache - ok
22:35:20.0647 7820 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:35:20.0647 7820 Disk - ok
22:35:20.0674 7820 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:35:20.0675 7820 drmkaud - ok
22:35:20.0698 7820 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
22:35:20.0701 7820 DXGKrnl - ok
22:35:20.0772 7820 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:35:20.0786 7820 ebdrv - ok
22:35:20.0821 7820 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:35:20.0822 7820 elxstor - ok
22:35:20.0840 7820 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
22:35:20.0840 7820 ErrDev - ok
22:35:20.0864 7820 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:35:20.0865 7820 exfat - ok
22:35:20.0894 7820 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:35:20.0895 7820 fastfat - ok
22:35:20.0915 7820 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:35:20.0915 7820 fdc - ok
22:35:20.0929 7820 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:35:20.0930 7820 FileInfo - ok
22:35:20.0951 7820 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:35:20.0951 7820 Filetrace - ok
22:35:20.0965 7820 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:35:20.0966 7820 flpydisk - ok
22:35:20.0987 7820 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:35:20.0988 7820 FltMgr - ok
22:35:21.0009 7820 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:35:21.0009 7820 FsDepends - ok
22:35:21.0024 7820 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
22:35:21.0024 7820 Fs_Rec - ok
22:35:21.0043 7820 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
22:35:21.0044 7820 fvevol - ok
22:35:21.0066 7820 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:35:21.0067 7820 gagp30kx - ok
22:35:21.0097 7820 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:35:21.0098 7820 GEARAspiWDM - ok
22:35:21.0109 7820 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
22:35:21.0109 7820 giveio - ok
22:35:21.0123 7820 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:35:21.0124 7820 hcw85cir - ok
22:35:21.0146 7820 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
22:35:21.0147 7820 HdAudAddService - ok
22:35:21.0158 7820 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:35:21.0159 7820 HDAudBus - ok
22:35:21.0175 7820 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:35:21.0175 7820 HidBatt - ok
22:35:21.0194 7820 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:35:21.0194 7820 HidBth - ok
22:35:21.0202 7820 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:35:21.0202 7820 HidIr - ok
22:35:21.0223 7820 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
22:35:21.0223 7820 HidUsb - ok
22:35:21.0249 7820 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:35:21.0249 7820 HpSAMD - ok
22:35:21.0279 7820 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
22:35:21.0281 7820 HTTP - ok
22:35:21.0297 7820 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
22:35:21.0297 7820 hwpolicy - ok
22:35:21.0316 7820 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
22:35:21.0316 7820 i8042prt - ok
22:35:21.0338 7820 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
22:35:21.0339 7820 iaStorV - ok
22:35:21.0352 7820 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:35:21.0353 7820 iirsp - ok
22:35:21.0371 7820 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
22:35:21.0371 7820 intelide - ok
22:35:21.0390 7820 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:35:21.0391 7820 intelppm - ok
22:35:21.0409 7820 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:35:21.0409 7820 IpFilterDriver - ok
22:35:21.0426 7820 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:35:21.0427 7820 IPMIDRV - ok
22:35:21.0444 7820 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:35:21.0445 7820 IPNAT - ok
22:35:21.0464 7820 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:35:21.0464 7820 IRENUM - ok
22:35:21.0479 7820 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
22:35:21.0479 7820 isapnp - ok
22:35:21.0504 7820 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
22:35:21.0505 7820 iScsiPrt - ok
22:35:21.0522 7820 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:35:21.0522 7820 kbdclass - ok
22:35:21.0540 7820 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
22:35:21.0541 7820 kbdhid - ok
22:35:21.0553 7820 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
22:35:21.0554 7820 KSecDD - ok
22:35:21.0574 7820 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
22:35:21.0574 7820 KSecPkg - ok
22:35:21.0590 7820 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:35:21.0591 7820 lltdio - ok
22:35:21.0617 7820 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:35:21.0618 7820 LSI_FC - ok
22:35:21.0635 7820 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:35:21.0635 7820 LSI_SAS - ok
22:35:21.0656 7820 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:35:21.0657 7820 LSI_SAS2 - ok
22:35:21.0676 7820 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:35:21.0677 7820 LSI_SCSI - ok
22:35:21.0695 7820 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:35:21.0696 7820 luafv - ok
22:35:21.0704 7820 mcdbus - ok
22:35:21.0730 7820 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:35:21.0730 7820 megasas - ok
22:35:21.0752 7820 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:35:21.0754 7820 MegaSR - ok
22:35:21.0776 7820 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:35:21.0777 7820 Modem - ok
22:35:21.0796 7820 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:35:21.0796 7820 monitor - ok
22:35:21.0810 7820 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:35:21.0811 7820 mouclass - ok
22:35:21.0824 7820 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:35:21.0824 7820 mouhid - ok
22:35:21.0838 7820 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
22:35:21.0839 7820 mountmgr - ok
22:35:21.0860 7820 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
22:35:21.0861 7820 mpio - ok
22:35:21.0878 7820 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:35:21.0878 7820 mpsdrv - ok
22:35:21.0896 7820 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
22:35:21.0897 7820 MRxDAV - ok
22:35:21.0917 7820 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:35:21.0918 7820 mrxsmb - ok
22:35:21.0937 7820 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:35:21.0938 7820 mrxsmb10 - ok
22:35:21.0961 7820 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:35:21.0962 7820 mrxsmb20 - ok
22:35:21.0982 7820 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
22:35:21.0983 7820 msahci - ok
22:35:21.0997 7820 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
22:35:21.0998 7820 msdsm - ok
22:35:22.0015 7820 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:35:22.0015 7820 Msfs - ok
22:35:22.0030 7820 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:35:22.0030 7820 mshidkmdf - ok
22:35:22.0047 7820 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
22:35:22.0048 7820 msisadrv - ok
22:35:22.0065 7820 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:35:22.0065 7820 MSKSSRV - ok
22:35:22.0086 7820 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:35:22.0086 7820 MSPCLOCK - ok
22:35:22.0101 7820 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:35:22.0101 7820 MSPQM - ok
22:35:22.0125 7820 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:35:22.0126 7820 MsRPC - ok
22:35:22.0141 7820 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
22:35:22.0142 7820 mssmbios - ok
22:35:22.0157 7820 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:35:22.0157 7820 MSTEE - ok
22:35:22.0180 7820 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:35:22.0180 7820 MTConfig - ok
22:35:22.0203 7820 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:35:22.0204 7820 Mup - ok
22:35:22.0225 7820 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:35:22.0226 7820 NativeWifiP - ok
22:35:22.0260 7820 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
22:35:22.0263 7820 NDIS - ok
22:35:22.0285 7820 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:35:22.0286 7820 NdisCap - ok
22:35:22.0306 7820 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:35:22.0307 7820 NdisTapi - ok
22:35:22.0328 7820 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
22:35:22.0329 7820 Ndisuio - ok
22:35:22.0341 7820 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
22:35:22.0342 7820 NdisWan - ok
22:35:22.0354 7820 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
22:35:22.0354 7820 NDProxy - ok
22:35:22.0391 7820 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:35:22.0392 7820 NetBIOS - ok
22:35:22.0415 7820 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
22:35:22.0415 7820 NetBT - ok
22:35:22.0446 7820 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:35:22.0447 7820 nfrd960 - ok
22:35:22.0456 7820 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:35:22.0456 7820 Npfs - ok
22:35:22.0473 7820 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:35:22.0474 7820 nsiproxy - ok
22:35:22.0504 7820 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
22:35:22.0510 7820 Ntfs - ok
22:35:22.0521 7820 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:35:22.0521 7820 Null - ok
22:35:22.0550 7820 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
22:35:22.0552 7820 NVENETFD - ok
22:35:22.0773 7820 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:35:22.0820 7820 nvlddmkm - ok
22:35:22.0848 7820 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
22:35:22.0849 7820 nvraid - ok
22:35:22.0866 7820 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
22:35:22.0866 7820 nvstor - ok
22:35:22.0887 7820 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
22:35:22.0887 7820 nv_agp - ok
22:35:22.0900 7820 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
22:35:22.0900 7820 ohci1394 - ok
22:35:22.0918 7820 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:35:22.0918 7820 Parport - ok
22:35:22.0939 7820 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
22:35:22.0940 7820 partmgr - ok
22:35:22.0958 7820 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:35:22.0958 7820 Parvdm - ok
22:35:22.0982 7820 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
22:35:22.0983 7820 pci - ok
22:35:23.0003 7820 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
22:35:23.0003 7820 pciide - ok
22:35:23.0021 7820 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:35:23.0022 7820 pcmcia - ok
22:35:23.0035 7820 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:35:23.0036 7820 pcw - ok
22:35:23.0062 7820 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:35:23.0064 7820 PEAUTH - ok
22:35:23.0097 7820 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:35:23.0098 7820 PptpMiniport - ok
22:35:23.0114 7820 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:35:23.0115 7820 Processor - ok
22:35:23.0137 7820 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:35:23.0138 7820 Psched - ok
22:35:23.0190 7820 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:35:23.0196 7820 ql2300 - ok
22:35:23.0211 7820 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:35:23.0212 7820 ql40xx - ok
22:35:23.0228 7820 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:35:23.0228 7820 QWAVEdrv - ok
22:35:23.0247 7820 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:35:23.0247 7820 RasAcd - ok
22:35:23.0261 7820 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:35:23.0262 7820 RasAgileVpn - ok
22:35:23.0275 7820 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:35:23.0275 7820 Rasl2tp - ok
22:35:23.0295 7820 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:35:23.0296 7820 RasPppoe - ok
22:35:23.0307 7820 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:35:23.0307 7820 RasSstp - ok
22:35:23.0347 7820 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
22:35:23.0348 7820 rdbss - ok
22:35:23.0365 7820 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:35:23.0366 7820 rdpbus - ok
22:35:23.0381 7820 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:35:23.0381 7820 RDPCDD - ok
22:35:23.0405 7820 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
22:35:23.0405 7820 RDPDR - ok
22:35:23.0425 7820 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:35:23.0425 7820 RDPENCDD - ok
22:35:23.0434 7820 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:35:23.0434 7820 RDPREFMP - ok
22:35:23.0457 7820 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
22:35:23.0458 7820 RDPWD - ok
22:35:23.0472 7820 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
22:35:23.0473 7820 rdyboost - ok
22:35:23.0512 7820 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
22:35:23.0512 7820 RFCOMM - ok
22:35:23.0532 7820 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:35:23.0533 7820 rspndr - ok
22:35:23.0546 7820 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
22:35:23.0546 7820 s3cap - ok
22:35:23.0566 7820 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
22:35:23.0567 7820 sbp2port - ok
22:35:23.0584 7820 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
22:35:23.0584 7820 scfilter - ok
22:35:23.0610 7820 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:35:23.0610 7820 secdrv - ok
22:35:23.0628 7820 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:35:23.0629 7820 Serenum - ok
22:35:23.0639 7820 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:35:23.0640 7820 Serial - ok
22:35:23.0659 7820 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:35:23.0659 7820 sermouse - ok
22:35:23.0679 7820 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
22:35:23.0679 7820 sffdisk - ok
22:35:23.0693 7820 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:35:23.0693 7820 sffp_mmc - ok
22:35:23.0719 7820 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:35:23.0719 7820 sffp_sd - ok
22:35:23.0739 7820 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:35:23.0740 7820 sfloppy - ok
22:35:23.0764 7820 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
22:35:23.0764 7820 sisagp - ok
22:35:23.0784 7820 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:35:23.0785 7820 SiSRaid2 - ok
22:35:23.0800 7820 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:35:23.0801 7820 SiSRaid4 - ok
22:35:23.0820 7820 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:35:23.0821 7820 Smb - ok
22:35:23.0842 7820 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
22:35:23.0844 7820 speedfan - ok
22:35:23.0857 7820 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:35:23.0857 7820 spldr - ok
22:35:23.0884 7820 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
22:35:23.0885 7820 srv - ok
22:35:23.0908 7820 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
22:35:23.0910 7820 srv2 - ok
22:35:23.0928 7820 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
22:35:23.0929 7820 srvnet - ok
22:35:23.0949 7820 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:35:23.0949 7820 stexstor - ok
22:35:23.0968 7820 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
22:35:23.0968 7820 storflt - ok
22:35:23.0990 7820 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
22:35:23.0990 7820 storvsc - ok
22:35:24.0003 7820 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
22:35:24.0004 7820 swenum - ok
22:35:24.0051 7820 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
22:35:24.0056 7820 Tcpip - ok
22:35:24.0095 7820 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
22:35:24.0100 7820 TCPIP6 - ok
22:35:24.0122 7820 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
22:35:24.0123 7820 tcpipreg - ok
22:35:24.0146 7820 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
22:35:24.0146 7820 TDPIPE - ok
22:35:24.0163 7820 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
22:35:24.0164 7820 TDTCP - ok
22:35:24.0196 7820 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
22:35:24.0197 7820 tdx - ok
22:35:24.0209 7820 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
22:35:24.0209 7820 TermDD - ok
22:35:24.0231 7820 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:35:24.0231 7820 tssecsrv - ok
22:35:24.0245 7820 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
22:35:24.0246 7820 tunnel - ok
22:35:24.0259 7820 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:35:24.0260 7820 uagp35 - ok
22:35:24.0286 7820 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
22:35:24.0287 7820 udfs - ok
22:35:24.0308 7820 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:35:24.0309 7820 uliagpkx - ok
22:35:24.0329 7820 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
22:35:24.0330 7820 umbus - ok
22:35:24.0351 7820 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:35:24.0351 7820 UmPass - ok
22:35:24.0381 7820 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
22:35:24.0382 7820 USBAAPL - ok
22:35:24.0394 7820 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
22:35:24.0395 7820 usbccgp - ok
22:35:24.0418 7820 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
22:35:24.0419 7820 usbcir - ok
22:35:24.0441 7820 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
22:35:24.0442 7820 usbehci - ok
22:35:24.0455 7820 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
22:35:24.0457 7820 usbhub - ok
22:35:24.0476 7820 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
22:35:24.0477 7820 usbohci - ok
22:35:24.0495 7820 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:35:24.0496 7820 usbprint - ok
22:35:24.0510 7820 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:35:24.0510 7820 USBSTOR - ok
22:35:24.0533 7820 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
22:35:24.0533 7820 usbuhci - ok
22:35:24.0567 7820 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
22:35:24.0567 7820 VClone - ok
22:35:24.0586 7820 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:35:24.0587 7820 vdrvroot - ok
22:35:24.0603 7820 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:35:24.0603 7820 vga - ok
22:35:24.0625 7820 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:35:24.0626 7820 VgaSave - ok
22:35:24.0645 7820 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
22:35:24.0646 7820 vhdmp - ok
22:35:24.0667 7820 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
22:35:24.0668 7820 viaagp - ok
22:35:24.0687 7820 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:35:24.0687 7820 ViaC7 - ok
22:35:24.0709 7820 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
22:35:24.0710 7820 viaide - ok
22:35:24.0735 7820 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
22:35:24.0735 7820 vmbus - ok
22:35:24.0751 7820 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
22:35:24.0752 7820 VMBusHID - ok
22:35:24.0766 7820 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
22:35:24.0767 7820 volmgr - ok
22:35:24.0791 7820 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:35:24.0792 7820 volmgrx - ok
22:35:24.0809 7820 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
22:35:24.0810 7820 volsnap - ok
22:35:24.0833 7820 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:35:24.0834 7820 vsmraid - ok
22:35:24.0857 7820 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
22:35:24.0858 7820 vwifibus - ok
22:35:24.0896 7820 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
22:35:24.0897 7820 wacmoumonitor - ok
22:35:24.0929 7820 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
22:35:24.0929 7820 wacommousefilter - ok
22:35:24.0955 7820 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:35:24.0955 7820 WacomPen - ok
22:35:24.0963 7820 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
22:35:24.0964 7820 wacomvhid - ok
22:35:24.0978 7820 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
22:35:24.0979 7820 WANARP - ok
22:35:24.0981 7820 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
22:35:24.0982 7820 Wanarpv6 - ok
22:35:25.0006 7820 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:35:25.0007 7820 Wd - ok
22:35:25.0026 7820 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:35:25.0028 7820 Wdf01000 - ok
22:35:25.0057 7820 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:35:25.0057 7820 WfpLwf - ok
22:35:25.0071 7820 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:35:25.0071 7820 WIMMount - ok
22:35:25.0102 7820 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
22:35:25.0103 7820 WinUsb - ok
22:35:25.0117 7820 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:35:25.0117 7820 WmiAcpi - ok
22:35:25.0137 7820 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:35:25.0137 7820 ws2ifsl - ok
22:35:25.0177 7820 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:35:25.0178 7820 WSDPrintDevice - ok
22:35:25.0205 7820 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
22:35:25.0206 7820 WudfPf - ok
22:35:25.0227 7820 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:35:25.0228 7820 WUDFRd - ok
22:35:25.0246 7820 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:35:25.0250 7820 \Device\Harddisk0\DR0 - ok
22:35:25.0252 7820 Boot (0x1200) (5159cc29bb03f482abac96bfcf718e28) \Device\Harddisk0\DR0\Partition0
22:35:25.0253 7820 \Device\Harddisk0\DR0\Partition0 - ok
22:35:25.0264 7820 Boot (0x1200) (1cab8612816dfcad28db9852551ff1ad) \Device\Harddisk0\DR0\Partition1
22:35:25.0264 7820 \Device\Harddisk0\DR0\Partition1 - ok
22:35:25.0265 7820 ============================================================
22:35:25.0265 7820 Scan finished
22:35:25.0265 7820 ============================================================
22:35:25.0269 6972 Detected object count: 0
22:35:25.0269 6972 Actual detected object count: 0


----------



## Larusso (Aug 9, 2011)

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT- Save ComboFix.exe to your Desktop*

====================================================

*Disable your AntiVirus and AntiSpyware applications *as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic  * How to disable your security applications*

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

*Please post in your next reply*
Combofix.txt


----------



## RoyGuy0 (Dec 6, 2011)

Here's the combofix log.

ComboFix 11-12-11.02 - Roy 12/11/2011 22:55:23.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1087 [GMT -5:00]
Running from: c:\users\Roy\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Explorer.exe
c:\users\Roy\2gweorjqjutp92vjy9gake
c:\users\Roy\AppData\Roaming\Adobe\AdobeUpdate .exe
c:\users\Roy\AppData\Roaming\Adobe\plugs
c:\users\Roy\AppData\Roaming\Adobe\shed
c:\users\Roy\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\Roy\AppData\Roaming\data.dat
c:\users\Roy\AppData\Roaming\local.exe
c:\users\Roy\AppData\Roaming\Tmp3530.exe
c:\windows\$NtUninstallKB41731$
c:\windows\$NtUninstallKB41731$\160344717\Desktop.ini
c:\windows\$NtUninstallKB41731$\3078631818
c:\windows\system32\system
.
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-08 22:08 . 2011-12-09 03:17 1325 ----a-w- C:\36fgtb.bat
2011-12-08 22:08 . 2011-12-08 22:08 -------- d-----w- c:\users\Roy\AppData\Roaming\Th3 Cr4cK3Rz
2011-12-08 22:08 . 2011-12-08 22:08 -------- d-----w- c:\programdata\WildTangent
2011-12-06 03:42 . 2011-12-06 03:42 388096 ----a-r- c:\users\Roy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-05 03:09 . 2011-12-06 03:25 -------- d-----w- c:\program files\STOPzilla!
2011-12-05 03:09 . 2011-12-06 03:11 -------- d-----w- c:\programdata\STOPzilla!
2011-12-05 03:09 . 2011-12-05 03:09 -------- d-----w- c:\program files\Common Files\iS3
2011-11-24 04:40 . 2011-11-24 04:40 -------- d-----w- c:\users\Roy\AppData\Local\SKIDROW
2011-11-13 02:39 . 2011-11-13 02:39 -------- d-----w- c:\users\Roy\AppData\Local\Skyrim
2011-11-13 01:57 . 2010-02-04 15:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-11-13 01:57 . 2010-02-04 15:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-11-13 01:57 . 2010-02-04 15:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-11-13 01:57 . 2010-02-04 15:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-11-13 01:57 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-11-13 01:57 . 2009-09-04 22:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2011-11-13 01:57 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2011-11-13 01:57 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-11-13 01:57 . 2009-09-04 22:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-11-13 01:57 . 2009-03-09 20:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2011-11-13 01:57 . 2009-03-09 20:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 21:59 . 2011-06-02 22:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "d:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 14:15 2532680 ----a-w- d:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Roy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Roy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Roy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Roy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2011-04-22 399736]
"Steam"="d:\program files\Steam\steam.exe" [2011-08-02 1242448]
"MusicManager"="c:\users\Roy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-11-12 13222400]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-24 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"AVG9_TRAY"="d:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 611712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-20 202256]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Roy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 avg9emc;AVG E-mail Scanner;d:\program files\AVG\AVG9\avgemc.exe [2010-08-07 921952]
R2 AVGIDSAgent;AVG9IDSAgent;d:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;d:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwx.sys [2010-08-07 25168]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-08-07 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-08-07 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-07 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-05-06 243152]
S2 avg9wd;AVG WatchDog;d:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-07 308136]
S2 avgfws9;AVG Firewall;d:\program files\AVG\AVG9\avgfws9.exe [2010-11-25 2331544]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-09-20 4767600]
S3 AVGIDSDriverw7x;AVG9IDSDriver;d:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [2010-08-07 122448]
S3 AVGIDSFilterw7x;AVG9IDSFilter;d:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [2010-08-07 30288]
S3 AVGIDSShimw7x;AVG9IDSShim;d:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [2010-08-07 20560]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-09-15 16240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3044708225-1894519658-632956679-1000Core.job
- c:\users\Roy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 04:34]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3044708225-1894519658-632956679-1000UA.job
- c:\users\Roy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 04:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://free.avg.com/ww.homepage-tlbrf
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - d:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\t4bnr470.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c5dedea&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Build Your Own Net Dream - d:\program files\BYOND\Uninst.exe
AddRemove-Mount&Blade - d:\program files\Mount&Blade\uninstall.exe
AddRemove-PunkBusterSvc - d:\program files\GAMERSFIRST\APB RELOADED\Binaries\pbsvc_apb.exe
AddRemove-Sword of Damocles: Warlords - d:\program files\Mount&Blade Warband\Modules\Sword of Damocles Warlords 3.8\uninst.exe
AddRemove-Sword of Damocles: Warlords Music Add-on - d:\program files\Mount&Blade Warband\Modules\Sword of Damocles Warlords 3.8\uninst.exe
AddRemove-_{05D60953-9012-44DF-A1A6-9DD97AD6580A} - d:\program files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A}
AddRemove-{4D15C6C1-74C9-4AA4-8378-CEEDE7E53F39}_is1 - d:\program files\Mount&Blade Warband\Modules\Brytenwalda\unins000.exe
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4268)
c:\users\Roy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\sppsvc.exe
c:\program files\Tablet\Wacom\Wacom_TabletUser.exe
d:\program files\AVG\AVG9\avgtray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Completion time: 2011-12-11 23:03:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-12 04:03
.
Pre-Run: 63,884,910,592 bytes free
Post-Run: 63,930,044,416 bytes free
.
- - End Of File - - EE97CC87C7B4AC2310BE8C5CA2622473


----------



## Larusso (Aug 9, 2011)

Hy there,
How is your system behaving now ?


----------



## RoyGuy0 (Dec 6, 2011)

So far, everything is good again it would seem. No random pop-ups. No slowdown concerning loading of websites. Anything else I should be worried/concerned about?


----------



## Larusso (Aug 9, 2011)

Download   *Malwarebytes' Anti-Malware* to your desktop.


Double-click *mbam-setup.exe* and follow the prompts to install the program.
 At the end, be sure a checkmark is placed next to the following:
 *Update Malwarebytes' Anti-Malware*
 *Launch Malwarebytes' Anti-Malware*

Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select *Perform Quick scan*, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected*.
When completed, a log will open in Notepad. *Save it to your desktop*.
* Note:* Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, *post that saved log *in your next reply.

Go *here* to run an online scanner from ESET.
*Note:* You will need to use *Internet explorer* for this scan
 Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option *Remove found threats* is unticked, and the option *Scan unwanted applications* is checked
Click Start
Wait for the scan to finish
Use *notepad* to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log in your next reply.

*Please post in your next reply*
MBAM Log
log.txt


----------



## RoyGuy0 (Dec 6, 2011)

Here's the malbyteware log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8366

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/13/2011 3:44:39 PM
mbam-log-2011-12-13 (15-44-39).txt

Scan type: Quick scan
Objects scanned: 172874
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## RoyGuy0 (Dec 6, 2011)

and here's the ESET log

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0a58d5de98f53d429d6754b841387e66
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-13 10:29:02
# local_time=2011-12-13 05:29:02 (-0500, Eastern Standard Time)
# country="United States"
# lang=9
# osver=6.1.7600 NT 
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1031 16777213 100 98 0 42499087 0 0
# compatibility_mode=5893 16776574 100 94 41772246 75354437 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=306503
# found=7
# cleaned=0
# scan_time=5695
C:\36fgtb.bat Win32/AutoRun.Spy.VB.F worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Roy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6d0f390c-77d4bd7b multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Roy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\425fcbd0-77843485 a variant of Win32/Kryptik.WQU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Roy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\52614f75-25ce5ea0 probably a variant of Java/Agent.BR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Roy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\71717b7-1004f170 multiple threats (unable to clean) 00000000000000000000000000000000 I
D:\Roy\SoftonicDownloader_for_skype.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
D:\Roy\uTorrent\My Documents\Downloads\Adobe Photoshop CS4 Extended v.11 + Activation\Adobe Photoshop CS4 Extended v.11 + Activation.rar probably a variant of Win32/Injector.BWB trojan (unable to clean) 00000000000000000000000000000000 I


----------



## Larusso (Aug 9, 2011)

> D:\Roy\uTorrent\My Documents\Downloads\Adobe Photoshop CS4 Extended v.11 + Activation\Adobe Photoshop CS4 Extended v.11 + Activation.rar probably a variant of Win32/Injector.BWB trojan


This might be the reason for your infection.

Visiting cracksites/warezsites - and other questionable/illegal sites is *always* a risk. Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore. This is the most likely cause of your infection.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer. Additionally, *cracked programs are illegal*. Before posting for help, you should uninstall any such applications.

Open *notepad* and copy/paste the text in the Code-box below into it:


```
File::
C:\36fgtb.bat

ClearJavaCache::
```

 Save this as *CFScript.txt*, in the same location as ComboFix.exe.
 Close any open browsers.
 Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.










Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please launch *DDS*
When done, DDS will open two (2) logs:
 DDS.txt
 Attach.txt

Save both reports to your desktop and post both in your next reply

*Please post in your next reply*
Combofix.txt
dds.txt
attach.txt


----------



## RoyGuy0 (Dec 6, 2011)

Combofix log:

ComboFix 11-12-13.03 - Roy 12/14/2011 14:39:58.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.893 [GMT -5:00]
Running from: c:\users\Roy\Desktop\ComboFix.exe
Command switches used :: c:\users\Roy\Desktop\CFScript.txt
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"C:\36fgtb.bat"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\36fgtb.bat
.
.
((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))
.
.
2011-12-14 19:44 . 2011-12-14 19:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-13 20:46 . 2011-12-13 20:46 -------- d-----w- c:\program files\ESET
2011-12-13 20:41 . 2011-12-13 20:41 -------- d-----w- c:\users\Roy\AppData\Roaming\Malwarebytes
2011-12-13 20:41 . 2011-12-13 20:41 -------- d-----w- c:\programdata\Malwarebytes
2011-12-13 20:41 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-12 04:00 . 2011-12-14 19:44 -------- d-----w- c:\users\Roy\AppData\Local\temp
2011-12-12 03:53 . 2009-07-13 23:12 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-08 22:08 . 2011-12-08 22:08 -------- d-----w- c:\users\Roy\AppData\Roaming\Th3 Cr4cK3Rz
2011-12-08 22:08 . 2011-12-08 22:08 -------- d-----w- c:\programdata\WildTangent
2011-12-06 03:42 . 2011-12-06 03:42 388096 ----a-r- c:\users\Roy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-05 03:09 . 2011-12-06 03:25 -------- d-----w- c:\program files\STOPzilla!
2011-12-05 03:09 . 2011-12-06 03:11 -------- d-----w- c:\programdata\STOPzilla!
2011-12-05 03:09 . 2011-12-05 03:09 -------- d-----w- c:\program files\Common Files\iS3
2011-11-24 04:40 . 2011-11-24 04:40 -------- d-----w- c:\users\Roy\AppData\Local\SKIDROW
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 21:59 . 2011-06-02 22:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "d:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 14:15 2532680 ----a-w- d:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Roy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Roy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Roy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Roy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2011-04-22 399736]
"Steam"="d:\program files\Steam\steam.exe" [2011-08-02 1242448]
"MusicManager"="c:\users\Roy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-11-12 13222400]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-24 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"AVG9_TRAY"="d:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 611712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-20 202256]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Roy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 avg9emc;AVG E-mail Scanner;d:\program files\AVG\AVG9\avgemc.exe [2010-08-07 921952]
R2 AVGIDSAgent;AVG9IDSAgent;d:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;d:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwx.sys [2010-08-07 25168]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-08-07 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-08-07 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-07 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-05-06 243152]
S2 avg9wd;AVG WatchDog;d:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-07 308136]
S2 avgfws9;AVG Firewall;d:\program files\AVG\AVG9\avgfws9.exe [2010-11-25 2331544]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-09-20 4767600]
S3 AVGIDSDriverw7x;AVG9IDSDriver;d:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [2010-08-07 122448]
S3 AVGIDSFilterw7x;AVG9IDSFilter;d:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [2010-08-07 30288]
S3 AVGIDSShimw7x;AVG9IDSShim;d:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [2010-08-07 20560]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-09-15 16240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3044708225-1894519658-632956679-1000Core.job
- c:\users\Roy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 04:34]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3044708225-1894519658-632956679-1000UA.job
- c:\users\Roy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 04:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://free.avg.com/ww.homepage-tlbrf
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - d:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\t4bnr470.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c5dedea&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-14 14:45:53
ComboFix-quarantined-files.txt 2011-12-14 19:45
ComboFix2.txt 2011-12-12 04:03
.
Pre-Run: 62,583,754,752 bytes free
Post-Run: 62,414,614,528 bytes free
.
- - End Of File - - CD16DA3F64F7507AAC0A0B45561498E5


----------



## RoyGuy0 (Dec 6, 2011)

I've deleted that Adobe file (it was never installed). I've run DDS several times, but no logs/wordpads are popping up. Is there any other programs that could be classified as scriptblockers like stopzilla (not running to my knowledge) or malwarebytes?


----------



## Larusso (Aug 9, 2011)

Delete the current version of DDS and download a new one from
*here* or *here* or *here*.


----------



## RoyGuy0 (Dec 6, 2011)

I've tried all three links. There are still no logs popping up.


----------



## Larusso (Aug 9, 2011)

Does the black window appear ?


----------



## RoyGuy0 (Dec 6, 2011)

Yes. It just closes after the scan is done. No logs pop up.


----------



## Larusso (Aug 9, 2011)

Lets run a different Tool

Download *OTL* to your Desktop.

 Double click on the icon to run it.
 Under the







box paste this in


```
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.manifest /3
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
```

Make sure all other windows are closed to let it run uninterrupted.
 Click the *Quick Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.
 When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.

*Please post in your next reply*
OTL.txt
Extras.txt


----------



## RoyGuy0 (Dec 6, 2011)

OTL log:
OTL logfile created on: 12/15/2011 10:54:22 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Roy\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 60.86% Memory free
4.00 Gb Paging File | 2.64 Gb Available in Paging File | 66.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 57.67 Gb Free Space | 72.10% Space Free | Partition Type: NTFS
Drive D: | 516.17 Gb Total Space | 196.30 Gb Free Space | 38.03% Space Free | Partition Type: NTFS

Computer Name: AWESOME-O | User Name: Roy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/15 10:54:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Roy\Desktop\OTL.exe
PRC - [2011/11/10 10:29:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Program Files\firefox.exe
PRC - [2011/11/10 10:29:39 | 000,016,856 | ---- | M] (Mozilla Corporation) -- D:\Program Files\plugin-container.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/09 12:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/04/21 19:00:32 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/15 07:46:40 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/01/07 21:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/11/24 19:25:35 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/09/20 16:45:58 | 004,767,600 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
PRC - [2010/09/20 16:45:58 | 001,156,976 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
PRC - [2010/08/20 12:40:51 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/08/07 18:36:02 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/08/07 18:36:00 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/10 10:29:40 | 001,989,592 | ---- | M] () -- D:\Program Files\mozjs.dll
MOD - [2011/10/03 16:59:09 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/01/07 19:48:38 | 000,235,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010/09/20 16:45:58 | 000,962,416 | ---- | M] () -- C:\Program Files\Tablet\Wacom\libxml2.dll
MOD - [2010/08/07 18:35:59 | 000,077,824 | ---- | M] () -- D:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll
MOD - [2010/08/07 18:35:59 | 000,057,344 | ---- | M] () -- D:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll
MOD - [2010/06/03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/06/03 12:45:46 | 001,240,880 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/03 12:45:46 | 000,324,896 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- D:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/26 09:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- D:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/03/23 18:38:33 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/11/24 19:25:35 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/09/20 16:45:58 | 004,767,600 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2010/08/15 23:17:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/07 18:36:05 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- D:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/08/07 18:36:02 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/08/07 18:35:59 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- D:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/05 19:43:17 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/01/07 22:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/09/15 12:36:06 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/08/07 18:36:16 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/08/07 18:36:15 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/08/07 18:36:04 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSwx.sys -- (AVGIDSErHrw7x)
DRV - [2010/08/07 18:36:03 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/08/07 18:36:01 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys -- (AVGIDSDriverw7x)
DRV - [2010/08/07 18:36:00 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys -- (AVGIDSFilterw7x)
DRV - [2010/08/07 18:36:00 | 000,020,560 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys -- (AVGIDSShimw7x)
DRV - [2010/08/07 18:35:54 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/09/21 14:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/02/16 09:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://free.avg.com/ww.homepage-tlbrf
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 8A 67 B0 C3 6C CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c5dedea&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Roy\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Roy\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\BYOND: D:\Program Files\BYOND\bin\npbyond.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: D:\Program Files\AVG\AVG9\Firefox [2011/12/11 23:50:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2011/08/11 23:37:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/14 16:44:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Program Files\components [2011/11/10 10:29:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Program Files\plugins [2011/05/07 16:59:13 | 000,000,000 | ---D | M]

[2010/08/06 12:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roy\AppData\Roaming\Mozilla\Extensions
[2011/12/14 19:24:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\t4bnr470.default\extensions
() (No name found) -- C:\USERS\ROY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4BNR470.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

O1 HOSTS File: ([2011/12/14 14:44:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG9_TRAY] D:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [MusicManager] C:\Users\Roy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] D:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Roy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92B58735-5255-4A6B-8B3C-F3316B72FCE3}: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/15 10:54:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Roy\Desktop\OTL.exe
[2011/12/14 15:04:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Roy\Desktop\dds.scr
[2011/12/14 14:52:24 | 000,000,000 | ---D | C] -- C:\Users\Roy\Desktop\Fix
[2011/12/14 14:45:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/14 14:45:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/14 14:38:35 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/13 15:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/13 15:41:15 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Roaming\Malwarebytes
[2011/12/13 15:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/13 15:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/13 15:41:02 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/13 15:39:39 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Roy\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/11 23:00:05 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Local\temp
[2011/12/11 22:51:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/11 22:51:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/11 22:51:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/11 22:51:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/11 22:51:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/11 22:50:36 | 004,339,049 | R--- | C] (Swearware) -- C:\Users\Roy\Desktop\ComboFix.exe
[2011/12/08 23:20:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/12/08 17:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent
[2011/12/08 17:08:48 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Roaming\Th3 Cr4cK3Rz
[2011/12/08 01:30:20 | 000,000,000 | ---D | C] -- C:\Users\Roy\Documents\15478653.zpTEMP
[2011/12/05 22:42:53 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/04 22:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/12/04 22:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/12/04 22:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/12/04 22:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/11/23 23:40:45 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Local\SKIDROW
[2011/11/23 23:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2008/08/14 07:14:14 | 000,079,240 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp000511828
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/15 10:55:14 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3044708225-1894519658-632956679-1000UA.job
[2011/12/15 10:54:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Roy\Desktop\OTL.exe
[2011/12/14 23:55:01 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3044708225-1894519658-632956679-1000Core.job
[2011/12/14 18:07:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/14 16:24:21 | 000,705,798 | ---- | M] () -- C:\Users\Roy\Desktop\what.bmp
[2011/12/14 16:22:47 | 000,243,650 | ---- | M] () -- C:\Users\Roy\Desktop\what.png
[2011/12/14 15:04:40 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Roy\Desktop\dds.scr
[2011/12/14 14:44:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/14 14:39:46 | 000,659,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/14 14:39:46 | 000,120,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/14 14:38:31 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 14:38:31 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 14:38:21 | 004,339,049 | R--- | M] (Swearware) -- C:\Users\Roy\Desktop\ComboFix.exe
[2011/12/14 14:33:17 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/13 22:55:09 | 003,598,239 | ---- | M] () -- C:\Users\Roy\Desktop\Can 39t Take My Eyes off You - Frankie Valli and The 4 Seasons.mp3
[2011/12/13 22:06:44 | 000,871,164 | ---- | M] () -- C:\Users\Roy\Desktop\review.pdf
[2011/12/13 15:41:05 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 15:40:33 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Roy\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/07 21:14:20 | 000,000,973 | ---- | M] () -- C:\Users\Roy\Desktop\Dropbox.lnk
[2011/12/07 21:14:20 | 000,000,953 | ---- | M] () -- C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/12/05 22:42:53 | 000,002,953 | ---- | M] () -- C:\Users\Roy\Desktop\HiJackThis.lnk
[2011/12/05 12:38:56 | 059,984,819 | ---- | M] () -- C:\Users\Roy\Desktop\PAMINTUAN_ADRIEN.daa
[2011/12/04 22:07:25 | 000,010,868 | -HS- | M] () -- C:\Users\Roy\AppData\Local\7y06hf8i74y385
[2011/12/04 22:07:25 | 000,010,868 | -HS- | M] () -- C:\ProgramData\7y06hf8i74y385
[2011/11/30 23:48:07 | 000,183,173 | ---- | M] () -- C:\Users\Roy\Desktop\massage.pdf
[2011/11/23 23:36:33 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/14 16:24:20 | 000,705,798 | ---- | C] () -- C:\Users\Roy\Desktop\what.bmp
[2011/12/14 16:20:58 | 000,243,650 | ---- | C] () -- C:\Users\Roy\Desktop\what.png
[2011/12/13 22:07:48 | 003,598,239 | ---- | C] () -- C:\Users\Roy\Desktop\Can 39t Take My Eyes off You - Frankie Valli and The 4 Seasons.mp3
[2011/12/13 22:06:43 | 000,871,164 | ---- | C] () -- C:\Users\Roy\Desktop\review.pdf
[2011/12/13 15:41:05 | 000,000,763 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/11 22:51:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/11 22:51:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/11 22:51:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/11 22:51:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/11 22:51:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/05 22:42:53 | 000,002,953 | ---- | C] () -- C:\Users\Roy\Desktop\HiJackThis.lnk
[2011/12/05 12:38:19 | 059,984,819 | ---- | C] () -- C:\Users\Roy\Desktop\PAMINTUAN_ADRIEN.daa
[2011/12/04 21:09:41 | 000,010,868 | -HS- | C] () -- C:\Users\Roy\AppData\Local\7y06hf8i74y385
[2011/12/04 21:09:41 | 000,010,868 | -HS- | C] () -- C:\ProgramData\7y06hf8i74y385
[2011/11/30 23:48:07 | 000,183,173 | ---- | C] () -- C:\Users\Roy\Desktop\massage.pdf
[2011/11/23 23:36:33 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[2011/08/29 19:09:25 | 000,122,044 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/07/03 19:17:15 | 000,141,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/07/03 19:17:14 | 000,138,056 | ---- | C] () -- C:\Users\Roy\AppData\Roaming\PnkBstrK.sys
[2011/07/03 19:16:45 | 000,281,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/07/03 19:16:44 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/12/17 16:48:07 | 000,000,038 | ---- | C] () -- C:\Windows\osAviSplitter.INI
[2010/12/10 19:03:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/12/10 18:28:55 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/20 20:08:41 | 000,000,000 | ---- | C] () -- C:\Users\Roy\AppData\Local\prvlcl.dat
[2010/10/10 20:59:21 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/08/06 12:24:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,299,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,659,580 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,120,508 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 19:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2011/12/13 22:11:39 | 000,000,000 | ---D | M] -- C:\Users\Roy\AppData\Roaming\.minecraft
[2011/08/07 16:51:54 | 000,000,000 | ---D | M] -- C:\Users\Roy\AppData\Roaming\AVG9
[2010/08/13 18:05:05 | 000,000,000 | ---D | M] -- C:\Users\Roy\AppData\Roaming\DAEMON Tools Net
[2011/12/14 14:34:01 | 000,000,000 | ---D | M] -- C:\Users\Roy\AppData\Roaming\Dropbox
[2011/08/23 21:46:55 | 000,000,000 | ---D | M] -- C:\Users\Roy\AppData\Roaming\LolClient
[2010/09/18 16:03:00 | 000,000,000 | ---D | M] -- C:\Users\Roy\AppData\Roaming\LucasArts
[2011/11/01 18:06:46 | 000,000,000 | ---D | M] -- C:\Users\Roy\AppData\Roaming\Mount&Blade
[2010/08/14 21:20:16 | 000,000,000 | ---D | M] -- C:\Users\Roy\AppData\Roaming\Mount&Blade Warband
[2010/12/18 07:32:02 | 000,000,000 | ---D | M] -- C:\Users\Roy\AppData\Roaming\ooVoo Details
[2011/11/12 14:37:35 | 000,000,000 | ---D | M] -- C:\Users\Roy\AppData\Roaming\SystemRequirementsLab
[2011/12/08 17:08:48 | 000,000,000 | ---D | M] -- C:\Users\Roy\AppData\Roaming\Th3 Cr4cK3Rz
[2011/12/15 10:53:45 | 000,000,000 | ---D | M] -- C:\Users\Roy\AppData\Roaming\uTorrent
[2011/12/11 22:54:30 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >


----------



## RoyGuy0 (Dec 6, 2011)

Extras log:
OTL Extras logfile created on: 12/15/2011 10:54:22 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Roy\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 60.86% Memory free
4.00 Gb Paging File | 2.64 Gb Available in Paging File | 66.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 57.67 Gb Free Space | 72.10% Space Free | Partition Type: NTFS
Drive D: | 516.17 Gb Total Space | 196.30 Gb Free Space | 38.03% Space Free | Partition Type: NTFS

Computer Name: AWESOME-O | User Name: Roy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Roy\AppData\Roaming\local.exe" = C:\Users\Roy\AppData\Roaming\local.exe:*:Enabled:Windows Messanger
"C:\Program Files\explorer.exe" = C:\Program Files\explorer.exe:*:Enabled:Windows Messanger

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 27
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype 5.3
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"AVG9Uninstall" = AVG 9.0
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DCoder Image Source" = DCoder Image Source (remove only)
"DivX Setup" = DivX Setup
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Mp3 Merger_is1" = Mp3 Merger V1.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"QuickPar" = QuickPar 0.9
"RealMedia" = RealMedia (remove only)
"RealPlayer 12.0" = RealPlayer
"Saints Row The Third_is1" = Saints Row The Third
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SpeedFan" = SpeedFan (remove only)
"Steam App 32380" = Star Wars Jedi Knight: Dark Forces II
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MusicManager" = Music Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/14/2011 6:08:57 PM | Computer Name = AWESOME-O | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/14/2011 6:08:57 PM | Computer Name = AWESOME-O | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10062

Error - 12/14/2011 6:08:57 PM | Computer Name = AWESOME-O | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10062

Error - 12/14/2011 6:08:58 PM | Computer Name = AWESOME-O | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/14/2011 6:08:58 PM | Computer Name = AWESOME-O | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11061

Error - 12/14/2011 6:08:58 PM | Computer Name = AWESOME-O | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11061

Error - 12/14/2011 6:08:59 PM | Computer Name = AWESOME-O | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/14/2011 6:08:59 PM | Computer Name = AWESOME-O | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12090

Error - 12/14/2011 6:08:59 PM | Computer Name = AWESOME-O | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12090

Error - 12/15/2011 1:35:34 AM | Computer Name = AWESOME-O | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "d:\program files\Gizmo\glauncher-x64.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 12/12/2011 12:10:59 AM | Computer Name = AWESOME-O | Source = DCOM | ID = 10016
Description =

Error - 12/12/2011 7:45:56 PM | Computer Name = AWESOME-O | Source = DCOM | ID = 10016
Description =

Error - 12/12/2011 11:14:07 PM | Computer Name = AWESOME-O | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 12/12/2011 11:20:21 PM | Computer Name = AWESOME-O | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 12/13/2011 4:38:00 PM | Computer Name = AWESOME-O | Source = DCOM | ID = 10016
Description =

Error - 12/14/2011 3:34:22 PM | Computer Name = AWESOME-O | Source = DCOM | ID = 10016
Description =

Error - 12/14/2011 3:39:33 PM | Computer Name = AWESOME-O | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/14/2011 3:42:27 PM | Computer Name = AWESOME-O | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/14/2011 3:44:45 PM | Computer Name = AWESOME-O | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/14/2011 6:09:01 PM | Computer Name = AWESOME-O | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

< End of report >


----------



## Larusso (Aug 9, 2011)

Double click on the OTL icon to run it.
Copy/paste the entire contents of the codebox below into the







Box:


```
:otl
[2011/12/04 21:09:41 | 000,010,868 | -HS- | C] () -- C:\Users\Roy\AppData\Local\7y06hf8i74y385
[2011/12/04 21:09:41 | 000,010,868 | -HS- | C] () -- C:\ProgramData\7y06hf8i74y385
:commands
[reboot]
```

 Please close all other programs now.
 Then click the *Run Fix* button at the top.
 OTL may ask to reboot the machine. Please do so if asked.
 If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Please post the log in your next reply.

*Your Java is out of date.* Older versions have vulnerabilities that malware can use to infect your system. *Please follow these steps to remove older version Java components and update.*


Download the latest version of *Java Runtime Enviroment ( JRE ) 7* and save it to your desktop.
 Scroll down to where it says * Java SE 7 Update 1* 
 Click the red *Download JRE* button on the right.
 Read the License Agreement then select *Accept License Agreement*
 Click on the link to download *Windows x86 Offline* and save the file to your desktop. 
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on *Add/Remove Programs* and remove all older versions of Java.
Check (_highlight_) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the *Remove* or *Change/Remove* button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on *jre-7u1-windows-i586.exe* to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

On the General tab, under Temporary Internet Files, click the *Settings* button.
Next, click on the Delete Files button
There are three options in the window to clear the cache - *Make sure all are checked*
Click OK on Delete Temporary Files Window
*Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.*
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.

*Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.*

There is a newer version of *Adobe Acrobat Reader* available.

Please go to this link *Adobe Acrobat Reader Download Link*
Untick *Free McAfee® Security Scan Plus* if you do not wish to include this in the installation.
Click Download
On the right Untick *Adobe Phototshop Album Starter Edition* if you do not wish to include this in the installation.
Click the *Continue* button
Click *Run*, and click *Run* again
Next click the *Install Now* button and follow the on screen prompts

When the installation is complete go to *Add/Remove Programs* and uninstall all previous versions.

*Please post in your next reply*
OTLFix Log
Note any open issues


----------



## RoyGuy0 (Dec 6, 2011)

I have updated my versions of adobe acrobat and java. I have not noticed any conditions or additional threats. Here's the OTL log

========== OTL ==========
C:\Users\Roy\AppData\Local\7y06hf8i74y385 moved successfully.
C:\ProgramData\7y06hf8i74y385 moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 12152011_194202


----------



## Larusso (Aug 9, 2011)

I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.


If an update is found, it will download and install the latest version.
Once the program has loaded, select *Perform Quick scan*, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Go *here* to run an online scanner from ESET.
*Note:* You will need to use *Internet explorer* for this scan
 Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option *Remove found threats* is unticked, and the option *Scan unwanted applications* is checked
Click Start
Wait for the scan to finish
Use *notepad* to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log in your next reply.

*Please post in your next reply*
MBAM Log
log.txt


----------



## RoyGuy0 (Dec 6, 2011)

ESET log:

C:\Qoobox\Quarantine\C\36fgtb.bat.vir Win32/AutoRun.Spy.VB.F worm
D:\Roy\SoftonicDownloader_for_skype.exe a variant of Win32/SoftonicDownloader.A application

MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8382

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/16/2011 6:24:08 PM
mbam-log-2011-12-16 (18-24-08).txt

Scan type: Quick scan
Objects scanned: 174420
Time elapsed: 9 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## Larusso (Aug 9, 2011)

All looks good here 

Double click on the OTL icon to run it.

 In the *Extra Registry* group check *Use SafeList*.
 Make sure all other windows are closed to let it run uninterrupted.
 Click on the *Run Scan* Button. 
 When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please post both in your next reply.


----------



## RoyGuy0 (Dec 6, 2011)

I didn't get an 'Extras.txt' Here's the OTL log though:

OTL logfile created on: 12/16/2011 11:51:59 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Roy\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.76% Memory free
4.00 Gb Paging File | 2.08 Gb Available in Paging File | 51.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 57.04 Gb Free Space | 71.31% Space Free | Partition Type: NTFS
Drive D: | 516.17 Gb Total Space | 198.19 Gb Free Space | 38.40% Space Free | Partition Type: NTFS

Computer Name: AWESOME-O | User Name: Roy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/15 22:33:25 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2011/12/15 22:33:24 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2011/12/15 22:33:24 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2011/12/15 22:33:23 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2011/12/15 10:54:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Roy\Desktop\OTL.exe
PRC - [2011/12/05 14:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roy\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/11/10 10:29:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Program Files\firefox.exe
PRC - [2011/11/10 10:29:39 | 000,016,856 | ---- | M] (Mozilla Corporation) -- D:\Program Files\plugin-container.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/02 16:25:33 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\Steam.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/21 19:00:32 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/15 07:46:40 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/01/07 21:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/11/24 19:25:35 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/11/24 19:25:35 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/20 16:45:58 | 004,767,600 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
PRC - [2010/09/20 16:45:58 | 001,156,976 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
PRC - [2010/08/20 12:40:51 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/08/07 18:36:06 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/08/07 18:36:06 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/08/07 18:36:05 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/08/07 18:36:02 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/08/07 18:36:02 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/16 18:29:47 | 000,062,976 | -H-- | M] () -- C:\Users\Roy\AppData\Local\temp\~C054.tmp
MOD - [2011/12/08 15:41:32 | 014,410,024 | ---- | M] () -- D:\Program Files\Steam\bin\libcef.dll
MOD - [2011/12/08 15:41:32 | 000,914,216 | ---- | M] () -- D:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2011/12/08 15:41:32 | 000,194,344 | ---- | M] () -- D:\Program Files\Steam\bin\chromehtml.dll
MOD - [2011/12/08 15:41:32 | 000,155,432 | ---- | M] () -- D:\Program Files\Steam\bin\avformat-52.dll
MOD - [2011/12/08 15:41:32 | 000,091,432 | ---- | M] () -- D:\Program Files\Steam\bin\avutil-50.dll
MOD - [2011/11/10 10:29:40 | 001,989,592 | ---- | M] () -- D:\Program Files\mozjs.dll
MOD - [2011/10/03 16:59:09 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/01/07 19:48:38 | 000,235,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010/09/20 16:45:58 | 000,962,416 | ---- | M] () -- C:\Program Files\Tablet\Wacom\libxml2.dll
MOD - [2010/06/03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/06/03 12:45:46 | 001,240,880 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/03 12:45:46 | 000,324,896 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- D:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/12/15 22:33:24 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2011/12/15 22:33:23 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/26 09:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- D:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/23 18:38:33 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/11/24 19:25:35 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/09/20 16:45:58 | 004,767,600 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2010/08/15 23:17:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/07 18:36:05 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/08/07 18:36:02 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/08/07 18:35:59 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- D:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

========== Driver Services (SafeList) ==========

DRV - [2011/12/15 22:33:25 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2011/12/15 22:33:25 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/12/15 22:33:24 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/12/15 22:33:23 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/01/07 22:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/09/15 12:36:06 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/08/07 18:36:04 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSwx.sys -- (AVGIDSErHrw7x)
DRV - [2010/08/07 18:36:01 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys -- (AVGIDSDriverw7x)
DRV - [2010/08/07 18:36:00 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys -- (AVGIDSFilterw7x)
DRV - [2010/08/07 18:36:00 | 000,020,560 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys -- (AVGIDSShimw7x)
DRV - [2010/08/07 18:35:54 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/09/21 14:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/02/16 09:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://free.avg.com/ww.homepage-tlbrf
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 8A 67 B0 C3 6C CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c5dedea&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Roy\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Roy\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\BYOND: D:\Program Files\BYOND\bin\npbyond.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: D:\Program Files\AVG\AVG8\Firefox [2011/12/16 18:09:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2011/08/11 23:37:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/14 16:44:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Program Files\components [2011/11/10 10:29:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Program Files\plugins [2011/12/15 20:00:49 | 000,000,000 | ---D | M]

[2010/08/06 12:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roy\AppData\Roaming\Mozilla\Extensions
[2011/12/14 19:24:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\t4bnr470.default\extensions
() (No name found) -- C:\USERS\ROY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4BNR470.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

O1 HOSTS File: ([2011/12/14 14:44:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG8_TRAY] D:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG9_TRAY] D:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [MusicManager] C:\Users\Roy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] D:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Roy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92B58735-5255-4A6B-8B3C-F3316B72FCE3}: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - D:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/15 20:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 8.5
[2011/12/15 20:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\avg8
[2011/12/15 19:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/15 19:52:33 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2011/12/15 19:52:33 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/12/15 19:52:33 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/12/15 19:52:33 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/12/15 19:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/15 19:47:24 | 020,290,952 | ---- | C] (Oracle Corporation) -- C:\Users\Roy\Desktop\jre-7u2-windows-i586.exe
[2011/12/15 19:46:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/15 19:42:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/15 10:54:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Roy\Desktop\OTL.exe
[2011/12/14 15:04:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Roy\Desktop\dds.scr
[2011/12/14 14:52:24 | 000,000,000 | ---D | C] -- C:\Users\Roy\Desktop\Fix
[2011/12/14 14:45:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/14 14:45:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/14 14:38:35 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/13 15:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/13 15:41:15 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Roaming\Malwarebytes
[2011/12/13 15:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/13 15:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/13 15:41:02 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/13 15:39:39 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Roy\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/11 23:00:05 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Local\temp
[2011/12/11 22:51:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/11 22:51:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/11 22:51:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/11 22:51:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/11 22:51:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/11 22:50:36 | 004,339,049 | R--- | C] (Swearware) -- C:\Users\Roy\Desktop\ComboFix.exe
[2011/12/08 23:20:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/12/08 17:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent
[2011/12/08 17:08:48 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Roaming\Th3 Cr4cK3Rz
[2011/12/08 01:30:20 | 000,000,000 | ---D | C] -- C:\Users\Roy\Documents\15478653.zpTEMP
[2011/12/05 22:42:53 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/04 22:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/12/04 22:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/12/04 22:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/12/04 22:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/11/23 23:40:45 | 000,000,000 | ---D | C] -- C:\Users\Roy\AppData\Local\SKIDROW
[2011/11/23 23:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2008/08/14 07:14:14 | 000,079,240 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp000511828
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/16 23:55:17 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3044708225-1894519658-632956679-1000UA.job
[2011/12/16 23:55:02 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3044708225-1894519658-632956679-1000Core.job
[2011/12/16 23:12:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/16 21:22:48 | 000,000,000 | ---- | M] () -- C:\Users\Roy\AppData\Local\prvlcl.dat
[2011/12/16 18:16:14 | 000,659,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/16 18:16:14 | 000,120,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/16 18:15:16 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 18:15:15 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 18:11:55 | 087,651,257 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/12/16 18:09:34 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/15 22:33:25 | 006,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2011/12/15 22:33:25 | 000,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2011/12/15 22:33:25 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2011/12/15 22:33:25 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2011/12/15 22:33:25 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2011/12/15 22:33:25 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2011/12/15 22:33:24 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2011/12/15 22:33:23 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2011/12/15 20:00:49 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/15 19:52:30 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2011/12/15 19:52:30 | 000,567,184 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2011/12/15 19:52:30 | 000,223,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/12/15 19:52:30 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/12/15 19:52:30 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/12/15 19:50:54 | 020,290,952 | ---- | M] (Oracle Corporation) -- C:\Users\Roy\Desktop\jre-7u2-windows-i586.exe
[2011/12/15 10:54:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Roy\Desktop\OTL.exe
[2011/12/14 15:04:40 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Roy\Desktop\dds.scr
[2011/12/14 14:44:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/14 14:38:21 | 004,339,049 | R--- | M] (Swearware) -- C:\Users\Roy\Desktop\ComboFix.exe
[2011/12/13 22:55:09 | 003,598,239 | ---- | M] () -- C:\Users\Roy\Desktop\Can 39t Take My Eyes off You - Frankie Valli and The 4 Seasons.mp3
[2011/12/13 22:06:44 | 000,871,164 | ---- | M] () -- C:\Users\Roy\Desktop\review.pdf
[2011/12/13 15:41:05 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 15:40:33 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Roy\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/07 21:14:20 | 000,000,973 | ---- | M] () -- C:\Users\Roy\Desktop\Dropbox.lnk
[2011/12/07 21:14:20 | 000,000,953 | ---- | M] () -- C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/12/05 22:42:53 | 000,002,953 | ---- | M] () -- C:\Users\Roy\Desktop\HiJackThis.lnk
[2011/12/05 12:38:56 | 059,984,819 | ---- | M] () -- C:\Users\Roy\Desktop\PAMINTUAN_ADRIEN.daa
[2011/11/30 23:48:07 | 000,183,173 | ---- | M] () -- C:\Users\Roy\Desktop\massage.pdf
[2011/11/23 23:36:33 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/15 20:00:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/15 20:00:49 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/13 22:07:48 | 003,598,239 | ---- | C] () -- C:\Users\Roy\Desktop\Can 39t Take My Eyes off You - Frankie Valli and The 4 Seasons.mp3
[2011/12/13 22:06:43 | 000,871,164 | ---- | C] () -- C:\Users\Roy\Desktop\review.pdf
[2011/12/13 15:41:05 | 000,000,763 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/11 22:51:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/11 22:51:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/11 22:51:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/11 22:51:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/11 22:51:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/05 22:42:53 | 000,002,953 | ---- | C] () -- C:\Users\Roy\Desktop\HiJackThis.lnk
[2011/12/05 12:38:19 | 059,984,819 | ---- | C] () -- C:\Users\Roy\Desktop\PAMINTUAN_ADRIEN.daa
[2011/11/30 23:48:07 | 000,183,173 | ---- | C] () -- C:\Users\Roy\Desktop\massage.pdf
[2011/11/23 23:36:33 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[2011/08/29 19:09:25 | 000,122,044 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/07/03 19:17:15 | 000,141,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/07/03 19:17:14 | 000,138,056 | ---- | C] () -- C:\Users\Roy\AppData\Roaming\PnkBstrK.sys
[2011/07/03 19:16:45 | 000,281,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/07/03 19:16:44 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/12/17 16:48:07 | 000,000,038 | ---- | C] () -- C:\Windows\osAviSplitter.INI
[2010/12/10 19:03:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/12/10 18:28:55 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/20 20:08:41 | 000,000,000 | ---- | C] () -- C:\Users\Roy\AppData\Local\prvlcl.dat
[2010/10/10 20:59:21 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/08/06 12:24:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,299,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,659,580 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,120,508 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 19:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

< End of report >


----------



## Larusso (Aug 9, 2011)

> I didn't get an 'Extras.txt' Here's the OTL log though:


Follow my instructions exactly and you will get an Extras.txt too


----------



## RoyGuy0 (Dec 6, 2011)

Sorry about that. Here's the extras log:

OTL Extras logfile created on: 12/17/2011 2:51:07 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Roy\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 37.19% Memory free
4.00 Gb Paging File | 2.62 Gb Available in Paging File | 65.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 57.13 Gb Free Space | 71.41% Space Free | Partition Type: NTFS
Drive D: | 516.17 Gb Total Space | 198.19 Gb Free Space | 38.40% Space Free | Partition Type: NTFS

Computer Name: AWESOME-O | User Name: Roy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Roy\AppData\Roaming\local.exe" = C:\Users\Roy\AppData\Roaming\local.exe:*:Enabled:Windows Messanger
"C:\Program Files\explorer.exe" = C:\Program Files\explorer.exe:*:Enabled:Windows Messanger

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype 5.3
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"AVG8Uninstall" = AVG 8.5
"AVG9Uninstall" = AVG 9.0
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DCoder Image Source" = DCoder Image Source (remove only)
"DivX Setup" = DivX Setup
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Mp3 Merger_is1" = Mp3 Merger V1.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"QuickPar" = QuickPar 0.9
"RealMedia" = RealMedia (remove only)
"RealPlayer 12.0" = RealPlayer
"Saints Row The Third_is1" = Saints Row The Third
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SpeedFan" = SpeedFan (remove only)
"Steam App 32380" = Star Wars Jedi Knight: Dark Forces II
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MusicManager" = Music Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/17/2011 12:03:04 AM | Computer Name = AWESOME-O | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/17/2011 12:03:04 AM | Computer Name = AWESOME-O | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11076

Error - 12/17/2011 12:03:04 AM | Computer Name = AWESOME-O | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11076

Error - 12/17/2011 12:50:50 AM | Computer Name = AWESOME-O | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.31.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 420 Start Time:
01ccbc7757a7b300 Termination Time: 3 Application Path: C:\Users\Roy\Desktop\OTL.exe

Report
Id: a45788b1-286a-11e1-b8fe-485b39237003

Error - 12/17/2011 12:51:54 AM | Computer Name = AWESOME-O | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.31.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: e08 Start Time:
01ccbc77755de680 Termination Time: 8 Application Path: C:\Users\Roy\Desktop\OTL.exe

Report
Id: cfc4ef61-286a-11e1-b8fe-485b39237003

Error - 12/17/2011 2:25:58 AM | Computer Name = AWESOME-O | Source = Bonjour Service | ID = 100
Description = 460: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/17/2011 2:25:58 AM | Computer Name = AWESOME-O | Source = Bonjour Service | ID = 100
Description = 464: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/17/2011 2:25:58 AM | Computer Name = AWESOME-O | Source = Bonjour Service | ID = 100
Description = 368: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/17/2011 2:25:58 AM | Computer Name = AWESOME-O | Source = Bonjour Service | ID = 100
Description = 192: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/17/2011 2:25:58 AM | Computer Name = AWESOME-O | Source = Bonjour Service | ID = 100
Description = 448: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 12/17/2011 3:49:41 PM | Computer Name = AWESOME-O | Source = Service Control Manager | ID = 7000
Description = The AVG8 Network Redirector service failed to start due to the following
error: %%31

Error - 12/17/2011 3:49:41 PM | Computer Name = AWESOME-O | Source = Service Control Manager | ID = 7000
Description = The AVG8 Network Redirector service failed to start due to the following
error: %%31

Error - 12/17/2011 3:49:42 PM | Computer Name = AWESOME-O | Source = Service Control Manager | ID = 7000
Description = The AVG8 Network Redirector service failed to start due to the following
error: %%31

Error - 12/17/2011 3:49:42 PM | Computer Name = AWESOME-O | Source = Service Control Manager | ID = 7000
Description = The AVG8 Network Redirector service failed to start due to the following
error: %%31

Error - 12/17/2011 3:49:43 PM | Computer Name = AWESOME-O | Source = Service Control Manager | ID = 7000
Description = The AVG8 Network Redirector service failed to start due to the following
error: %%31

Error - 12/17/2011 3:49:43 PM | Computer Name = AWESOME-O | Source = Service Control Manager | ID = 7000
Description = The AVG8 Network Redirector service failed to start due to the following
error: %%31

Error - 12/17/2011 3:49:44 PM | Computer Name = AWESOME-O | Source = Service Control Manager | ID = 7000
Description = The AVG8 Network Redirector service failed to start due to the following
error: %%31

Error - 12/17/2011 3:49:44 PM | Computer Name = AWESOME-O | Source = Service Control Manager | ID = 7000
Description = The AVG8 Network Redirector service failed to start due to the following
error: %%31

Error - 12/17/2011 3:49:44 PM | Computer Name = AWESOME-O | Source = Service Control Manager | ID = 7000
Description = The AVG8 Network Redirector service failed to start due to the following
error: %%31

Error - 12/17/2011 3:49:44 PM | Computer Name = AWESOME-O | Source = Service Control Manager | ID = 7000
Description = The AVG8 Network Redirector service failed to start due to the following
error: %%31

< End of report >


----------



## Larusso (Aug 9, 2011)

Logs are looking good :up:

Unless you have any open issues, you are good to go. Please follow these last few steps.

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):
AVG 8.5

Please press the







+ R Key and Copy/Paste the following single-line command into the Run box and click OK

*combofix /uninstall*

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

Please run OTL again. 
This time click on the *Clean Up* button. This will remove most of our tools we have used
If there are any leftovers, please simple delete it with "right- click --> delete".

Now that you appear to be free from malware lets help you stay that way!

It is vital that you keep your system *up to date*

Please enable Automatic Updates to keep your system up to date.
 *Windows Updates*
*Win XP*: Start --> Control Panel and double- click on Automatic Updates.
*Vista / 7*: Start --> Control Panel --> System and Security --> Windows Updates

 *Software Updates*
Your installed Software also can have vulnerabilities that malware can use to infect your system.
To keep your installed Software up to date I recommend *File Hippo*.

*Anti Virus Software*

 Make sure to have *one* Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.

*Additional Protection*

 *Malwarebytes Anti Malware*
The freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features.
 *WinPatrol*
WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

*Safer Browsing*

 *Web of Trust ( WOT )*
This software helps you to stay away from sites that have malicious purposes.
 *SpywareBlaster*
This software helps prevent the installation of ActiveX-based spyware
 *MVPS Hosts file*
This Hosts File will restrict known ad sites from serving you unsolicited advertisements.

*Use an alternate browser*
Other browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer.

 *Opera*
 *Firefox*
*Note*: If you use Firefox you may want to have a look on this Add Ons.
 *AdblockPlus*https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/ ( Blocks advertisments )
 *NoScript*https://addons.mozilla.org/en-US/firefox/addon/noscript/ ( Blocks Java, Flash and JavaScript )

*Computer Maintenance*
Clean out your temp files on a regular basis -I recommend *TFC* ( Temp File Cleaner ).

*Thinking while surfing*
*There is no software which will protect your system from yourself.* 
I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet.

 Staying Safe on the Internet ( by Glaswegian )
 Making Internet Explorer Safer.
 Think Prevention!

If you have any questions kindly ask.

*Please respond to this thread one more time and click on the MARK SOLVED Button at the top of your first post.*


----------



## RoyGuy0 (Dec 6, 2011)

Thank you so much Daniel.


----------

