Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan disabled Human Input Devices


  • This topic is locked This topic is locked
39 replies to this topic

#1 cwjian90

cwjian90

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 06 June 2012 - 07:38 AM

A continuation from this topic: http://www.bleepingcomputer.com/forums/topic434011.html. So far have run Super Anti-Spyware, Malwarebytes, DDS, GMER, and SecurityCheck. Attach.txt seems to be too big to upload, should I split it? GMER also seems to stop halfway through the scan with a Windows error message and shuts down.

Attached Files

  • Attached File  dds.txt   10.56KB   2 downloads


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:25 AM

Posted 06 June 2012 - 08:12 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    netbt.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 cwjian90

cwjian90
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 06 June 2012 - 11:17 AM

Hi ST! Thanks for taking the time to help!

1. Would you like me to post the Super Anti-Spyware scan log here that I was asked to do in the other thread?

2. The TDSSKiller log
11:26:26.0866 4544 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
11:26:27.0078 4544 ============================================================
11:26:27.0078 4544 Current date / time: 2012/06/06 11:26:27.0078
11:26:27.0078 4544 SystemInfo:
11:26:27.0078 4544
11:26:27.0078 4544 OS Version: 6.0.6002 ServicePack: 2.0
11:26:27.0078 4544 Product type: Workstation
11:26:27.0079 4544 ComputerName: CW-PC
11:26:27.0079 4544 UserName: CW
11:26:27.0079 4544 Windows directory: C:\Windows
11:26:27.0079 4544 System windows directory: C:\Windows
11:26:27.0079 4544 Processor architecture: Intel x86
11:26:27.0079 4544 Number of processors: 2
11:26:27.0079 4544 Page size: 0x1000
11:26:27.0079 4544 Boot type: Normal boot
11:26:27.0079 4544 ============================================================
11:26:28.0921 4544 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:26:29.0203 4544 Drive \Device\Harddisk2\DR2 - Size: 0x4A84200000 (298.06 Gb), SectorSize: 0x200, Cylinders: 0x97FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:26:29.0204 4544 ============================================================
11:26:29.0204 4544 \Device\Harddisk0\DR0:
11:26:29.0204 4544 MBR partitions:
11:26:29.0204 4544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x12417378, BlocksNum 0x601749
11:26:29.0204 4544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x123FFAB3
11:26:29.0222 4544 \Device\Harddisk2\DR2:
11:26:29.0222 4544 MBR partitions:
11:26:29.0222 4544 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x25420800
11:26:29.0222 4544 ============================================================
11:26:29.0292 4544 I: <-> \Device\Harddisk2\DR2\Partition0
11:26:29.0292 4544 Z: <-> \Device\Harddisk0\DR0\Partition0
11:26:29.0350 4544 C: <-> \Device\Harddisk0\DR0\Partition1
11:26:29.0350 4544 ============================================================
11:26:29.0350 4544 Initialize success
11:26:29.0350 4544 ============================================================
11:26:39.0423 4420 ============================================================
11:26:39.0423 4420 Scan started
11:26:39.0423 4420 Mode: Manual; SigCheck; TDLFS;
11:26:39.0423 4420 ============================================================
11:26:41.0593 4420 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
11:26:41.0987 4420 !SASCORE - ok
11:26:42.0138 4420 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:26:42.0186 4420 ACPI - ok
11:26:42.0200 4420 adfs - ok
11:26:42.0300 4420 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:26:42.0416 4420 AdobeFlashPlayerUpdateSvc - ok
11:26:42.0474 4420 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:26:42.0518 4420 adp94xx - ok
11:26:42.0571 4420 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:26:42.0605 4420 adpahci - ok
11:26:42.0626 4420 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:26:42.0677 4420 adpu160m - ok
11:26:42.0701 4420 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:26:42.0745 4420 adpu320 - ok
11:26:42.0780 4420 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
11:26:42.0919 4420 AeLookupSvc - ok
11:26:42.0973 4420 AESTFilters (ef1142512bec12f1c2c87735da1755be) C:\Windows\system32\aestsrv.exe
11:26:43.0070 4420 AESTFilters - ok
11:26:43.0128 4420 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
11:26:43.0177 4420 AFD - ok
11:26:43.0207 4420 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:26:43.0242 4420 agp440 - ok
11:26:43.0269 4420 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:26:43.0335 4420 aic78xx - ok
11:26:43.0385 4420 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
11:26:43.0518 4420 ALG - ok
11:26:43.0546 4420 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:26:43.0567 4420 aliide - ok
11:26:43.0584 4420 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:26:43.0620 4420 amdagp - ok
11:26:43.0636 4420 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:26:43.0657 4420 amdide - ok
11:26:43.0681 4420 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:26:43.0727 4420 AmdK7 - ok
11:26:43.0741 4420 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
11:26:43.0806 4420 AmdK8 - ok
11:26:43.0855 4420 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
11:26:43.0894 4420 Appinfo - ok
11:26:44.0056 4420 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:26:44.0127 4420 Apple Mobile Device - ok
11:26:44.0191 4420 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:26:44.0227 4420 arc - ok
11:26:44.0253 4420 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:26:44.0288 4420 arcsas - ok
11:26:44.0302 4420 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:26:44.0395 4420 AsyncMac - ok
11:26:44.0437 4420 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
11:26:44.0462 4420 atapi - ok
11:26:44.0506 4420 atksgt (5b80e84af6b02ecab72dae9afee06309) C:\Windows\system32\DRIVERS\atksgt.sys
11:26:44.0558 4420 atksgt ( UnsignedFile.Multi.Generic ) - warning
11:26:44.0558 4420 atksgt - detected UnsignedFile.Multi.Generic (1)
11:26:44.0606 4420 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:26:44.0727 4420 AudioEndpointBuilder - ok
11:26:44.0733 4420 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:26:44.0781 4420 Audiosrv - ok
11:26:44.0882 4420 BCM43XV (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
11:26:45.0023 4420 BCM43XV - ok
11:26:45.0099 4420 BCM43XX (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
11:26:45.0142 4420 BCM43XX - ok
11:26:45.0214 4420 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
11:26:45.0274 4420 bcm4sbxp - ok
11:26:45.0334 4420 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:26:45.0392 4420 Beep - ok
11:26:45.0503 4420 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
11:26:45.0609 4420 BITS - ok
11:26:45.0640 4420 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:26:45.0688 4420 blbdrive - ok
11:26:46.0606 4420 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:26:46.0742 4420 Bonjour Service - ok
11:26:46.0780 4420 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:26:46.0873 4420 bowser - ok
11:26:46.0985 4420 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:26:47.0070 4420 BrFiltLo - ok
11:26:47.0109 4420 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:26:47.0159 4420 BrFiltUp - ok
11:26:47.0290 4420 Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) C:\Windows\system32\brsvc01a.exe
11:26:47.0405 4420 Brother XP spl Service - ok
11:26:47.0436 4420 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
11:26:47.0485 4420 Browser - ok
11:26:47.0505 4420 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:26:47.0637 4420 Brserid - ok
11:26:47.0678 4420 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:26:47.0748 4420 BrSerWdm - ok
11:26:47.0818 4420 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:26:47.0883 4420 BrUsbMdm - ok
11:26:47.0905 4420 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:26:47.0986 4420 BrUsbSer - ok
11:26:48.0018 4420 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
11:26:48.0052 4420 BthEnum - ok
11:26:48.0072 4420 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:26:48.0160 4420 BTHMODEM - ok
11:26:48.0209 4420 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
11:26:48.0279 4420 BthPan - ok
11:26:48.0354 4420 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
11:26:48.0424 4420 BTHPORT - ok
11:26:48.0483 4420 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
11:26:48.0539 4420 BthServ - ok
11:26:48.0570 4420 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
11:26:48.0631 4420 BTHUSB - ok
11:26:48.0697 4420 catchme - ok
11:26:48.0714 4420 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:26:48.0767 4420 cdfs - ok
11:26:48.0793 4420 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:26:48.0844 4420 cdrom - ok
11:26:48.0910 4420 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:26:48.0976 4420 CertPropSvc - ok
11:26:49.0023 4420 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:26:49.0080 4420 circlass - ok
11:26:49.0111 4420 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:26:49.0192 4420 CLFS - ok
11:26:49.0274 4420 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:26:49.0346 4420 clr_optimization_v2.0.50727_32 - ok
11:26:49.0430 4420 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:26:49.0457 4420 clr_optimization_v4.0.30319_32 - ok
11:26:49.0479 4420 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
11:26:49.0515 4420 CmBatt - ok
11:26:49.0538 4420 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:26:49.0560 4420 cmdide - ok
11:26:49.0581 4420 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
11:26:49.0602 4420 Compbatt - ok
11:26:49.0608 4420 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:26:49.0632 4420 crcdisk - ok
11:26:49.0658 4420 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:26:49.0704 4420 Crusoe - ok
11:26:49.0736 4420 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
11:26:49.0803 4420 CryptSvc - ok
11:26:49.0876 4420 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:26:49.0965 4420 DcomLaunch - ok
11:26:50.0020 4420 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
11:26:50.0076 4420 DfsC - ok
11:26:50.0187 4420 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
11:26:50.0460 4420 DFSR - ok
11:26:50.0592 4420 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
11:26:50.0660 4420 Dhcp - ok
11:26:50.0723 4420 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:26:50.0762 4420 disk - ok
11:26:50.0807 4420 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
11:26:50.0917 4420 Dnscache - ok
11:26:50.0959 4420 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
11:26:51.0001 4420 dot3svc - ok
11:26:51.0037 4420 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
11:26:51.0114 4420 DPS - ok
11:26:51.0160 4420 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:26:51.0188 4420 drmkaud - ok
11:26:51.0244 4420 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
11:26:51.0289 4420 DXGKrnl - ok
11:26:51.0339 4420 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:26:51.0397 4420 E1G60 - ok
11:26:51.0419 4420 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
11:26:51.0462 4420 EapHost - ok
11:26:51.0498 4420 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
11:26:51.0536 4420 Ecache - ok
11:26:51.0644 4420 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
11:26:51.0783 4420 ehRecvr - ok
11:26:51.0812 4420 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
11:26:51.0880 4420 ehSched - ok
11:26:51.0903 4420 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
11:26:51.0954 4420 ehstart - ok
11:26:52.0007 4420 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:26:52.0043 4420 elxstor - ok
11:26:52.0138 4420 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
11:26:52.0285 4420 EMDMgmt - ok
11:26:52.0315 4420 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
11:26:52.0376 4420 ErrDev - ok
11:26:52.0430 4420 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
11:26:52.0489 4420 EventSystem - ok
11:26:52.0522 4420 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
11:26:52.0602 4420 exfat - ok
11:26:52.0633 4420 fanio (0dd24dabb0b8c4ac0d8f2ebf0492276a) C:\Windows\system32\drivers\fanio.sys
11:26:52.0669 4420 fanio ( UnsignedFile.Multi.Generic ) - warning
11:26:52.0669 4420 fanio - detected UnsignedFile.Multi.Generic (1)
11:26:52.0716 4420 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
11:26:52.0751 4420 fastfat - ok
11:26:52.0781 4420 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:26:52.0826 4420 fdc - ok
11:26:52.0857 4420 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
11:26:52.0931 4420 fdPHost - ok
11:26:52.0956 4420 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
11:26:53.0017 4420 FDResPub - ok
11:26:53.0024 4420 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:26:53.0062 4420 FileInfo - ok
11:26:53.0087 4420 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:26:53.0130 4420 Filetrace - ok
11:26:53.0147 4420 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:26:53.0186 4420 flpydisk - ok
11:26:53.0199 4420 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
11:26:53.0234 4420 FltMgr - ok
11:26:53.0304 4420 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
11:26:53.0420 4420 FontCache - ok
11:26:53.0533 4420 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:26:53.0555 4420 FontCache3.0.0.0 - ok
11:26:53.0592 4420 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
11:26:53.0627 4420 Fs_Rec - ok
11:26:53.0683 4420 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:26:53.0721 4420 gagp30kx - ok
11:26:53.0766 4420 GGSAFERDriver - ok
11:26:53.0827 4420 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
11:26:53.0954 4420 gpsvc - ok
11:26:54.0017 4420 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
11:26:54.0047 4420 hamachi - ok
11:26:54.0105 4420 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
11:26:54.0194 4420 HdAudAddService - ok
11:26:54.0261 4420 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:26:54.0358 4420 HDAudBus - ok
11:26:54.0411 4420 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:26:54.0469 4420 HidBth - ok
11:26:54.0493 4420 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:26:54.0568 4420 HidIr - ok
11:26:54.0610 4420 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
11:26:54.0675 4420 hidserv - ok
11:26:54.0709 4420 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
11:26:54.0742 4420 HidUsb - ok
11:26:54.0777 4420 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
11:26:54.0822 4420 hkmsvc - ok
11:26:54.0840 4420 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
11:26:54.0867 4420 HpCISSs - ok
11:26:54.0910 4420 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:26:54.0959 4420 HSFHWAZL - ok
11:26:55.0053 4420 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:26:55.0180 4420 HSF_DPV - ok
11:26:55.0247 4420 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
11:26:55.0303 4420 HSXHWAZL - ok
11:26:55.0393 4420 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
11:26:55.0522 4420 HTTP - ok
11:26:55.0583 4420 hwdatacard (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys
11:26:55.0630 4420 hwdatacard - ok
11:26:55.0693 4420 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:26:55.0723 4420 i2omp - ok
11:26:55.0776 4420 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:26:55.0820 4420 i8042prt - ok
11:26:55.0851 4420 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:26:55.0895 4420 iaStorV - ok
11:26:56.0037 4420 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:26:56.0474 4420 idsvc - ok
11:26:56.0500 4420 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:26:56.0530 4420 iirsp - ok
11:26:56.0597 4420 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
11:26:56.0657 4420 IKEEXT - ok
11:26:56.0713 4420 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:26:56.0734 4420 intelide - ok
11:26:56.0762 4420 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:26:56.0804 4420 intelppm - ok
11:26:56.0859 4420 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
11:26:56.0904 4420 IPBusEnum - ok
11:26:56.0929 4420 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:26:56.0978 4420 IpFilterDriver - ok
11:26:56.0999 4420 IpInIp - ok
11:26:57.0023 4420 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
11:26:57.0096 4420 IPMIDRV - ok
11:26:57.0128 4420 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:26:57.0168 4420 IPNAT - ok
11:26:57.0299 4420 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
11:26:57.0459 4420 iPod Service - ok
11:26:57.0502 4420 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:26:57.0542 4420 IRENUM - ok
11:26:57.0569 4420 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:26:57.0602 4420 isapnp - ok
11:26:57.0640 4420 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
11:26:57.0671 4420 iScsiPrt - ok
11:26:57.0701 4420 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:26:57.0732 4420 iteatapi - ok
11:26:57.0767 4420 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:26:57.0805 4420 iteraid - ok
11:26:57.0851 4420 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:26:57.0879 4420 kbdclass - ok
11:26:57.0920 4420 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
11:26:57.0953 4420 kbdhid - ok
11:26:58.0099 4420 kbeepm - ok
11:26:58.0129 4420 KeyIso (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
11:26:58.0202 4420 KeyIso - ok
11:26:58.0257 4420 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
11:26:58.0308 4420 KSecDD - ok
11:26:58.0367 4420 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
11:26:58.0483 4420 KtmRm - ok
11:26:58.0529 4420 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
11:26:58.0616 4420 LanmanServer - ok
11:26:58.0665 4420 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
11:26:58.0753 4420 LanmanWorkstation - ok
11:26:58.0794 4420 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
11:26:58.0834 4420 lirsgt ( UnsignedFile.Multi.Generic ) - warning
11:26:58.0835 4420 lirsgt - detected UnsignedFile.Multi.Generic (1)
11:26:58.0882 4420 LiveUpdate - ok
11:26:58.0917 4420 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:26:58.0985 4420 lltdio - ok
11:26:59.0044 4420 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
11:26:59.0128 4420 lltdsvc - ok
11:26:59.0156 4420 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
11:26:59.0220 4420 lmhosts - ok
11:26:59.0250 4420 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:26:59.0291 4420 LSI_FC - ok
11:26:59.0312 4420 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:26:59.0353 4420 LSI_SAS - ok
11:26:59.0384 4420 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:26:59.0426 4420 LSI_SCSI - ok
11:26:59.0460 4420 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:26:59.0520 4420 luafv - ok
11:26:59.0589 4420 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
11:26:59.0636 4420 MBAMSwissArmy - ok
11:26:59.0684 4420 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
11:26:59.0729 4420 Mcx2Svc - ok
11:26:59.0772 4420 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:26:59.0820 4420 mdmxsdk - ok
11:26:59.0867 4420 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:26:59.0919 4420 megasas - ok
11:26:59.0971 4420 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:27:00.0022 4420 MegaSR - ok
11:27:00.0058 4420 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:27:00.0099 4420 MMCSS - ok
11:27:00.0118 4420 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:27:00.0190 4420 Modem - ok
11:27:00.0234 4420 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:27:00.0281 4420 monitor - ok
11:27:00.0318 4420 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:27:00.0345 4420 mouclass - ok
11:27:00.0410 4420 moufiltr (9b5d39ed7659ba9b38b64df2a83f1768) C:\Windows\system32\DRIVERS\moufiltr.sys
11:27:00.0445 4420 moufiltr - ok
11:27:00.0465 4420 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:27:00.0539 4420 mouhid - ok
11:27:00.0578 4420 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:27:00.0616 4420 MountMgr - ok
11:27:00.0730 4420 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:27:00.0822 4420 MozillaMaintenance - ok
11:27:00.0872 4420 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
11:27:00.0950 4420 MpFilter - ok
11:27:00.0997 4420 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
11:27:01.0062 4420 mpio - ok
11:27:01.0115 4420 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
11:27:01.0145 4420 MpNWMon - ok
11:27:01.0173 4420 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:27:01.0228 4420 mpsdrv - ok
11:27:01.0260 4420 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:27:01.0287 4420 Mraid35x - ok
11:27:01.0329 4420 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
11:27:01.0360 4420 MRxDAV - ok
11:27:01.0409 4420 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:27:01.0463 4420 mrxsmb - ok
11:27:01.0500 4420 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:27:01.0536 4420 mrxsmb10 - ok
11:27:01.0553 4420 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:27:01.0601 4420 mrxsmb20 - ok
11:27:01.0630 4420 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
11:27:01.0654 4420 msahci - ok
11:27:01.0676 4420 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
11:27:01.0702 4420 msdsm - ok
11:27:01.0746 4420 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
11:27:01.0795 4420 MSDTC - ok
11:27:01.0834 4420 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:27:01.0927 4420 Msfs - ok
11:27:01.0956 4420 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:27:01.0977 4420 msisadrv - ok
11:27:02.0024 4420 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
11:27:02.0069 4420 MSiSCSI - ok
11:27:02.0087 4420 msiserver - ok
11:27:02.0112 4420 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:27:02.0147 4420 MSKSSRV - ok
11:27:02.0280 4420 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
11:27:02.0308 4420 MsMpSvc - ok
11:27:02.0329 4420 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:27:02.0387 4420 MSPCLOCK - ok
11:27:02.0413 4420 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:27:02.0470 4420 MSPQM - ok
11:27:02.0520 4420 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
11:27:02.0582 4420 MsRPC - ok
11:27:02.0601 4420 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:27:02.0630 4420 mssmbios - ok
11:27:02.0673 4420 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:27:02.0706 4420 MSTEE - ok
11:27:02.0726 4420 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
11:27:02.0763 4420 Mup - ok
11:27:02.0812 4420 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
11:27:02.0867 4420 napagent - ok
11:27:02.0906 4420 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
11:27:02.0961 4420 NativeWifiP - ok
11:27:03.0035 4420 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
11:27:03.0125 4420 NDIS - ok
11:27:03.0190 4420 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:27:03.0227 4420 NdisTapi - ok
11:27:03.0257 4420 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:27:03.0295 4420 Ndisuio - ok
11:27:03.0324 4420 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:27:03.0357 4420 NdisWan - ok
11:27:03.0381 4420 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:27:03.0429 4420 NDProxy - ok
11:27:03.0433 4420 NetBIOS - ok
11:27:03.0487 4420 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
11:27:03.0539 4420 netbt - ok
11:27:03.0571 4420 Netlogon (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
11:27:03.0606 4420 Netlogon - ok
11:27:03.0640 4420 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
11:27:03.0713 4420 Netman - ok
11:27:03.0739 4420 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
11:27:03.0801 4420 netprofm - ok
11:27:03.0891 4420 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:27:03.0919 4420 NetTcpPortSharing - ok
11:27:03.0960 4420 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:27:03.0991 4420 nfrd960 - ok
11:27:04.0027 4420 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:27:04.0064 4420 NisDrv - ok
11:27:04.0228 4420 NisSrv (a5cb074f34bbd89948e34a630d459c0c) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
11:27:04.0283 4420 NisSrv - ok
11:27:04.0329 4420 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
11:27:04.0379 4420 NlaSvc - ok
11:27:04.0412 4420 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
11:27:04.0453 4420 Npfs - ok
11:27:04.0464 4420 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
11:27:04.0505 4420 nsi - ok
11:27:04.0524 4420 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:27:04.0578 4420 nsiproxy - ok
11:27:04.0682 4420 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
11:27:04.0891 4420 Ntfs - ok
11:27:04.0926 4420 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:27:04.0984 4420 ntrigdigi - ok
11:27:05.0018 4420 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:27:05.0053 4420 Null - ok
11:27:05.0436 4420 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:27:06.0021 4420 nvlddmkm - ok
11:27:06.0129 4420 nvsvc - ok
11:27:06.0154 4420 NwlnkFlt - ok
11:27:06.0160 4420 NwlnkFwd - ok
11:27:06.0211 4420 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
11:27:06.0277 4420 OEM02Dev - ok
11:27:06.0300 4420 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
11:27:06.0321 4420 OEM02Vfx - ok
11:27:06.0359 4420 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
11:27:06.0400 4420 ohci1394 - ok
11:27:06.0467 4420 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:27:06.0542 4420 p2pimsvc - ok
11:27:06.0551 4420 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:27:06.0598 4420 p2psvc - ok
11:27:06.0648 4420 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:27:06.0727 4420 Parport - ok
11:27:06.0769 4420 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
11:27:06.0810 4420 partmgr - ok
11:27:06.0830 4420 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:27:06.0908 4420 Parvdm - ok
11:27:06.0955 4420 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
11:27:07.0000 4420 PcaSvc - ok
11:27:07.0041 4420 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
11:27:07.0073 4420 pci - ok
11:27:07.0099 4420 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
11:27:07.0121 4420 pciide - ok
11:27:07.0149 4420 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:27:07.0178 4420 pcmcia - ok
11:27:07.0258 4420 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:27:07.0349 4420 PEAUTH - ok
11:27:07.0466 4420 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
11:27:07.0565 4420 pla - ok
11:27:07.0681 4420 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
11:27:08.0785 4420 PlugPlay - ok
11:27:08.0867 4420 PnkBstrA (681da309716aeb98bc901d7a0458d931) C:\Windows\system32\PnkBstrA.exe
11:27:08.0998 4420 PnkBstrA - ok
11:27:09.0065 4420 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:27:09.0117 4420 PNRPAutoReg - ok
11:27:09.0127 4420 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:27:09.0185 4420 PNRPsvc - ok
11:27:09.0249 4420 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
11:27:09.0331 4420 PolicyAgent - ok
11:27:09.0423 4420 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:27:09.0499 4420 PptpMiniport - ok
11:27:09.0545 4420 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
11:27:09.0590 4420 Processor - ok
11:27:09.0638 4420 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
11:27:09.0690 4420 ProfSvc - ok
11:27:09.0708 4420 ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
11:27:09.0743 4420 ProtectedStorage - ok
11:27:09.0781 4420 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
11:27:09.0864 4420 PSched - ok
11:27:09.0915 4420 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
11:27:09.0945 4420 PxHelp20 - ok
11:27:10.0021 4420 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:27:10.0089 4420 ql2300 - ok
11:27:10.0122 4420 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:27:10.0172 4420 ql40xx - ok
11:27:10.0213 4420 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
11:27:10.0392 4420 QWAVE - ok
11:27:10.0417 4420 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:27:10.0468 4420 QWAVEdrv - ok
11:27:10.0516 4420 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:27:10.0588 4420 RasAcd - ok
11:27:10.0625 4420 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
11:27:10.0725 4420 RasAuto - ok
11:27:10.0750 4420 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:27:10.0806 4420 Rasl2tp - ok
11:27:10.0869 4420 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
11:27:10.0925 4420 RasMan - ok
11:27:10.0960 4420 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
11:27:11.0000 4420 RasPppoe - ok
11:27:11.0018 4420 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
11:27:11.0061 4420 RasSstp - ok
11:27:11.0111 4420 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
11:27:11.0213 4420 rdbss - ok
11:27:11.0254 4420 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:27:11.0287 4420 RDPCDD - ok
11:27:11.0330 4420 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
11:27:11.0390 4420 rdpdr - ok
11:27:11.0423 4420 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:27:11.0475 4420 RDPENCDD - ok
11:27:11.0531 4420 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
11:27:11.0601 4420 RDPWD - ok
11:27:11.0655 4420 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
11:27:11.0766 4420 RemoteAccess - ok
11:27:11.0796 4420 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
11:27:11.0876 4420 RemoteRegistry - ok
11:27:11.0932 4420 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
11:27:11.0978 4420 RFCOMM - ok
11:27:12.0011 4420 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
11:27:12.0059 4420 rimmptsk - ok
11:27:12.0086 4420 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
11:27:12.0132 4420 rimsptsk - ok
11:27:12.0175 4420 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
11:27:12.0234 4420 rismxdp - ok
11:27:12.0274 4420 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
11:27:12.0355 4420 RpcLocator - ok
11:27:12.0438 4420 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:27:12.0506 4420 RpcSs - ok
11:27:12.0564 4420 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:27:12.0624 4420 rspndr - ok
11:27:12.0650 4420 SamSs (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
11:27:12.0707 4420 SamSs - ok
11:27:12.0841 4420 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:27:12.0935 4420 SASDIFSV - ok
11:27:12.0954 4420 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:27:13.0018 4420 SASKUTIL - ok
11:27:13.0064 4420 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:27:13.0136 4420 sbp2port - ok
11:27:13.0187 4420 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
11:27:13.0241 4420 SCardSvr - ok
11:27:13.0301 4420 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
11:27:13.0422 4420 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
11:27:13.0422 4420 SCDEmu - detected UnsignedFile.Multi.Generic (1)
11:27:13.0498 4420 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
11:27:13.0629 4420 Schedule - ok
11:27:13.0682 4420 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:27:13.0718 4420 SCPolicySvc - ok
11:27:13.0758 4420 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
11:27:13.0799 4420 sdbus - ok
11:27:13.0833 4420 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
11:27:13.0925 4420 SDRSVC - ok
11:27:13.0977 4420 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:27:14.0035 4420 secdrv - ok
11:27:14.0068 4420 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
11:27:14.0112 4420 seclogon - ok
11:27:14.0145 4420 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
11:27:14.0196 4420 SENS - ok
11:27:14.0218 4420 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:27:14.0278 4420 Serenum - ok
11:27:14.0315 4420 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:27:14.0377 4420 Serial - ok
11:27:14.0400 4420 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:27:14.0454 4420 sermouse - ok
11:27:14.0528 4420 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
11:27:14.0625 4420 SessionEnv - ok
11:27:14.0653 4420 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
11:27:14.0687 4420 sffdisk - ok
11:27:14.0713 4420 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
11:27:14.0751 4420 sffp_mmc - ok
11:27:14.0794 4420 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:27:14.0845 4420 sffp_sd - ok
11:27:14.0880 4420 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:27:14.0961 4420 sfloppy - ok
11:27:15.0030 4420 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
11:27:15.0096 4420 ShellHWDetection - ok
11:27:15.0149 4420 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:27:15.0186 4420 sisagp - ok
11:27:15.0248 4420 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:27:15.0275 4420 SiSRaid2 - ok
11:27:15.0330 4420 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:27:15.0366 4420 SiSRaid4 - ok
11:27:15.0468 4420 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
11:27:15.0743 4420 SkypeUpdate - ok
11:27:15.0918 4420 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
11:27:16.0456 4420 slsvc - ok
11:27:16.0578 4420 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
11:27:16.0619 4420 SLUINotify - ok
11:27:16.0700 4420 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
11:27:16.0759 4420 Smb - ok
11:27:16.0802 4420 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
11:27:16.0839 4420 SNMPTRAP - ok
11:27:16.0879 4420 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:27:16.0903 4420 spldr - ok
11:27:16.0938 4420 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
11:27:16.0990 4420 Spooler - ok
11:27:17.0049 4420 sprtsvc_dellsupportcenter - ok
11:27:17.0101 4420 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
11:27:17.0157 4420 srv - ok
11:27:17.0181 4420 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
11:27:17.0212 4420 srv2 - ok
11:27:17.0257 4420 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
11:27:17.0289 4420 srvnet - ok
11:27:17.0341 4420 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
11:27:17.0416 4420 SSDPSRV - ok
11:27:17.0450 4420 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
11:27:17.0511 4420 SstpSvc - ok
11:27:17.0557 4420 STacSV (7e6dd4b34acd36af6c711d2bde91b040) C:\Windows\system32\STacSV.exe
11:27:17.0617 4420 STacSV - ok
11:27:17.0691 4420 Steam Client Service - ok
11:27:17.0756 4420 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
11:27:17.0788 4420 STHDA - ok
11:27:17.0859 4420 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
11:27:17.0965 4420 stisvc - ok
11:27:18.0047 4420 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
11:27:18.0082 4420 stllssvr - ok
11:27:18.0115 4420 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:27:18.0137 4420 swenum - ok
11:27:18.0187 4420 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
11:27:18.0245 4420 swprv - ok
11:27:18.0274 4420 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:27:18.0300 4420 Symc8xx - ok
11:27:18.0320 4420 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:27:18.0346 4420 Sym_hi - ok
11:27:18.0360 4420 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:27:18.0388 4420 Sym_u3 - ok
11:27:18.0453 4420 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
11:27:18.0554 4420 SysMain - ok
11:27:18.0573 4420 szkg5 - ok
11:27:18.0592 4420 szkgfs - ok
11:27:18.0631 4420 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
11:27:18.0668 4420 TabletInputService - ok
11:27:18.0717 4420 tap0901t (b7aee68d2e867cbf69b649b18fcedbbb) C:\Windows\system32\DRIVERS\tap0901t.sys
11:27:18.0745 4420 tap0901t - ok
11:27:18.0795 4420 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
11:27:18.0850 4420 TapiSrv - ok
11:27:18.0869 4420 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
11:27:18.0913 4420 TBS - ok
11:27:19.0003 4420 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
11:27:19.0075 4420 Tcpip - ok
11:27:19.0088 4420 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
11:27:19.0145 4420 Tcpip6 - ok
11:27:19.0189 4420 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
11:27:19.0248 4420 tcpipreg - ok
11:27:19.0282 4420 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:27:19.0321 4420 TDPIPE - ok
11:27:19.0338 4420 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:27:19.0381 4420 TDTCP - ok
11:27:19.0437 4420 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
11:27:19.0538 4420 tdx - ok
11:27:19.0564 4420 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
11:27:19.0603 4420 TermDD - ok
11:27:19.0668 4420 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
11:27:19.0731 4420 TermService - ok
11:27:19.0781 4420 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
11:27:19.0820 4420 Themes - ok
11:27:19.0862 4420 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:27:19.0903 4420 THREADORDER - ok
11:27:19.0936 4420 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
11:27:19.0983 4420 TrkWks - ok
11:27:20.0050 4420 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
11:27:20.0111 4420 TrustedInstaller - ok
11:27:20.0167 4420 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:27:20.0209 4420 tssecsrv - ok
11:27:20.0239 4420 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:27:20.0274 4420 tunmp - ok
11:27:20.0290 4420 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
11:27:20.0325 4420 tunnel - ok
11:27:20.0468 4420 TunngleService (7a34128510eeb13cf8583531c8fb081c) C:\Program Files\Tunngle\TnglCtrl.exe
11:27:21.0399 4420 TunngleService - ok
11:27:21.0417 4420 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:27:21.0455 4420 uagp35 - ok
11:27:21.0499 4420 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
11:27:21.0536 4420 udfs - ok
11:27:21.0573 4420 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
11:27:21.0617 4420 UI0Detect - ok
11:27:21.0637 4420 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:27:21.0676 4420 uliagpkx - ok
11:27:21.0710 4420 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:27:21.0787 4420 uliahci - ok
11:27:21.0808 4420 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:27:21.0833 4420 UlSata - ok
11:27:21.0855 4420 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:27:21.0885 4420 ulsata2 - ok
11:27:21.0909 4420 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:27:21.0955 4420 umbus - ok
11:27:22.0005 4420 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
11:27:22.0060 4420 upnphost - ok
11:27:22.0134 4420 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
11:27:22.0171 4420 USBAAPL - ok
11:27:22.0219 4420 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:27:22.0293 4420 usbccgp - ok
11:27:22.0324 4420 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:27:22.0449 4420 usbcir - ok
11:27:22.0512 4420 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
11:27:22.0551 4420 usbehci - ok
11:27:22.0594 4420 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
11:27:22.0634 4420 usbhub - ok
11:27:22.0656 4420 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
11:27:22.0716 4420 usbohci - ok
11:27:22.0760 4420 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:27:22.0801 4420 usbprint - ok
11:27:22.0823 4420 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
11:27:22.0884 4420 usbscan - ok
11:27:22.0935 4420 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:27:22.0985 4420 USBSTOR - ok
11:27:23.0004 4420 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:27:23.0039 4420 usbuhci - ok
11:27:23.0068 4420 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
11:27:23.0126 4420 usbvideo - ok
11:27:23.0170 4420 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
11:27:23.0231 4420 UxSms - ok
11:27:23.0275 4420 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
11:27:23.0342 4420 vds - ok
11:27:23.0370 4420 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:27:23.0433 4420 vga - ok
11:27:23.0454 4420 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:27:23.0496 4420 VgaSave - ok
11:27:23.0558 4420 vhidmini (4a2c339b9e848e5099411577be01e0ff) C:\Windows\system32\DRIVERS\walvhid.sys
11:27:23.0595 4420 vhidmini - ok
11:27:23.0615 4420 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:27:23.0651 4420 viaagp - ok
11:27:23.0676 4420 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:27:23.0722 4420 ViaC7 - ok
11:27:23.0747 4420 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:27:23.0770 4420 viaide - ok
11:27:23.0849 4420 vmm (b0fd6e31ed4acd87eb852c5dac27734a) C:\Windows\system32\Drivers\vmm.sys
11:27:23.0878 4420 vmm - ok
11:27:23.0914 4420 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:27:23.0949 4420 volmgr - ok
11:27:23.0994 4420 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
11:27:24.0028 4420 volmgrx - ok
11:27:24.0058 4420 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
11:27:24.0090 4420 volsnap - ok
11:27:24.0122 4420 VPCNetS2 (2abe8281db609d8bb1bd1b2f93800d5f) C:\Windows\system32\DRIVERS\VMNetSrv.sys
11:27:24.0157 4420 VPCNetS2 - ok
11:27:24.0206 4420 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:27:24.0264 4420 vsmraid - ok
11:27:24.0361 4420 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
11:27:24.0454 4420 VSS - ok
11:27:24.0503 4420 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
11:27:24.0553 4420 W32Time - ok
11:27:24.0600 4420 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:27:24.0657 4420 WacomPen - ok
11:27:24.0681 4420 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:27:24.0735 4420 Wanarp - ok
11:27:24.0739 4420 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:27:24.0790 4420 Wanarpv6 - ok
11:27:24.0844 4420 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
11:27:24.0937 4420 wcncsvc - ok
11:27:24.0972 4420 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
11:27:25.0033 4420 WcsPlugInService - ok
11:27:25.0058 4420 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:27:25.0082 4420 Wd - ok
11:27:25.0119 4420 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
11:27:25.0154 4420 WDC_SAM - ok
11:27:25.0181 4420 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:27:25.0227 4420 WdiServiceHost - ok
11:27:25.0231 4420 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:27:25.0276 4420 WdiSystemHost - ok
11:27:25.0312 4420 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
11:27:25.0361 4420 WebClient - ok
11:27:25.0394 4420 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
11:27:25.0437 4420 Wecsvc - ok
11:27:25.0463 4420 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
11:27:25.0504 4420 wercplsupport - ok
11:27:25.0547 4420 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
11:27:25.0601 4420 WerSvc - ok
11:27:25.0686 4420 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:27:25.0740 4420 winachsf - ok
11:27:25.0766 4420 WinHttpAutoProxySvc - ok
11:27:25.0837 4420 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
11:27:25.0904 4420 Winmgmt - ok
11:27:25.0995 4420 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
11:27:26.0249 4420 WinRM - ok
11:27:26.0358 4420 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
11:27:26.0472 4420 Wlansvc - ok
11:27:26.0479 4420 wltrysvc - ok
11:27:26.0567 4420 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:27:26.0597 4420 WmiAcpi - ok
11:27:26.0669 4420 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
11:27:26.0744 4420 wmiApSrv - ok
11:27:26.0881 4420 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:27:27.0149 4420 WMPNetworkSvc - ok
11:27:27.0185 4420 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
11:27:27.0247 4420 WPCSvc - ok
11:27:27.0293 4420 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
11:27:27.0385 4420 WPDBusEnum - ok
11:27:27.0465 4420 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
11:27:27.0502 4420 WpdUsb - ok
11:27:27.0638 4420 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:27:27.0699 4420 WPFFontCache_v0400 - ok
11:27:27.0748 4420 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:27:27.0787 4420 ws2ifsl - ok
11:27:27.0792 4420 WSearch - ok
11:27:27.0813 4420 WTService - ok
11:27:27.0930 4420 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
11:27:28.0164 4420 wuauserv - ok
11:27:28.0312 4420 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:27:28.0377 4420 WUDFRd - ok
11:27:28.0407 4420 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
11:27:28.0452 4420 wudfsvc - ok
11:27:28.0485 4420 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
11:27:28.0506 4420 XAudio - ok
11:27:28.0593 4420 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
11:27:28.0688 4420 XAudioService - ok
11:27:28.0763 4420 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:27:29.0050 4420 \Device\Harddisk0\DR0 - ok
11:27:29.0054 4420 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
11:27:29.0452 4420 \Device\Harddisk2\DR2 - ok
11:27:29.0456 4420 Boot (0x1200) (3e560892b57404b0d65d91eadfa86cb9) \Device\Harddisk0\DR0\Partition0
11:27:29.0456 4420 \Device\Harddisk0\DR0\Partition0 - ok
11:27:29.0479 4420 Boot (0x1200) (e19b40955160d74724b9dc39c3966c08) \Device\Harddisk0\DR0\Partition1
11:27:29.0481 4420 \Device\Harddisk0\DR0\Partition1 - ok
11:27:29.0488 4420 Boot (0x1200) (fa0f0e6bafb0622a3e9956fb1f1326e8) \Device\Harddisk2\DR2\Partition0
11:27:29.0493 4420 \Device\Harddisk2\DR2\Partition0 - ok
11:27:29.0496 4420 ============================================================
11:27:29.0496 4420 Scan finished
11:27:29.0496 4420 ============================================================
11:27:29.0518 3732 Detected object count: 4
11:27:29.0518 3732 Actual detected object count: 4
11:27:35.0955 3732 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
11:27:35.0955 3732 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:27:35.0958 3732 fanio ( UnsignedFile.Multi.Generic ) - skipped by user
11:27:35.0958 3732 fanio ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:27:35.0960 3732 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
11:27:35.0960 3732 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:27:35.0963 3732 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
11:27:35.0963 3732 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:27:40.0745 0916 Deinitialize success

3. Farbar

Farbar Service Scanner Version: 05-06-2012
Ran by CW (administrator) on 06-06-2012 at 11:30:13
Running from "C:\Users\CW\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-01-06 15:14] - [2010-06-16 12:39] - 0912776 ____A (Microsoft Corporation) 6A10AFCE0B38371064BE41C1FBFD3C6B

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

4. OTL.txt

OTL logfile created on: 6/6/2012 11:32:19 AM - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\CW\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 39.89% Memory free
6.21 Gb Paging File | 4.07 Gb Available in Paging File | 65.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.00 Gb Total Space | 15.26 Gb Free Space | 10.45% Space Free | Partition Type: NTFS
Drive D: | 570.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 298.06 Gb Total Space | 35.94 Gb Free Space | 12.06% Space Free | Partition Type: NTFS
Drive Z: | 3.00 Gb Total Space | 2.95 Gb Free Space | 98.41% Space Free | Partition Type: FAT32

Computer Name: CW-PC | User Name: CW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/06 11:31:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\CW\Downloads\OTL.exe
PRC - [2012/06/06 11:29:57 | 000,338,059 | ---- | M] () -- C:\Users\CW\Downloads\FSS.exe
PRC - [2012/05/22 21:55:29 | 000,096,792 | ---- | M] (Google Inc.) -- C:\Users\CW\AppData\Local\Google\Chrome\Application\19.0.1084.52\chrome_frame_helper.exe
PRC - [2012/05/21 16:38:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/05/04 03:50:41 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\CW\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/07/13 14:15:38 | 000,396,960 | ---- | M] () -- C:\Windows\System32\ATWTUSB.EXE
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\aestsrv.exe
PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\STacSV.exe
PRC - [2007/05/09 18:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/02/16 12:58:12 | 000,856,064 | ---- | M] (Christian Diefer) -- C:\Program Files\I8kfanGUI\I8kfanGUI.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/06 11:29:57 | 000,338,059 | ---- | M] () -- C:\Users\CW\Downloads\FSS.exe
MOD - [2012/06/06 08:37:15 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/06/06 08:37:15 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/06/05 16:34:56 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/06/05 15:38:14 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/06/05 15:38:14 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/05/04 03:50:37 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/02/22 20:49:38 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/01/29 22:06:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\9b8e883fd5fa51f026577156a0ee9d57\System.Runtime.Remoting.ni.dll
MOD - [2011/01/29 22:03:41 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ed6ae2749d12c4729ee43ff339de4bb8\System.ni.dll
MOD - [2011/01/29 22:02:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\98bbdd8c400493ad228b8283665cc9da\mscorlib.ni.dll
MOD - [2011/01/05 17:16:58 | 000,139,776 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/12/08 15:34:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\WLTRYSVC.EXE %C:\Windows%\System32\bcmwltry.exe -- (wltrysvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - File not found [Auto | Stopped] -- C:\Windows\system32\nvvsvc.exe -- (nvsvc)
SRV - File not found [Disabled | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - [2012/06/05 16:34:57 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/04 03:50:44 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 17:49:12 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/15 22:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/13 14:15:38 | 000,396,960 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ATWTUSB.EXE -- (WTService)
SRV - [2009/03/29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/18 12:38:44 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/01/20 22:25:11 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2008/01/20 22:24:20 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\aestsrv.exe -- (AESTFilters)
SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\STacSV.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\szkgfs.sys -- (szkgfs)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg5)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\CW\AppData\Local\Temp\pgtdqpoc.sys -- (pgtdqpoc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | System | Stopped] -- system32\drivers\tsk426C.tmp -- (NetBIOS)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\CW\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\CW\AppData\Local\Temp\kbeepm.sys -- (kbeepm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012/06/05 11:38:37 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/18 21:25:14 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/03/18 21:25:08 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009/06/25 17:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 17:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 17:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/16 02:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/17 07:17:54 | 000,006,144 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\walvhid.sys -- (vhidmini)
DRV - [2009/04/10 22:14:00 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/03/08 23:15:14 | 000,006,144 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2008/09/26 06:04:10 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/05/06 04:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/02/11 15:42:38 | 000,232,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2008/02/04 13:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008/01/20 22:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:26 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:24 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:22 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:20 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2008/01/20 22:23:20 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2008/01/20 22:23:20 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2008/01/20 22:23:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/20 22:23:02 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/01/20 22:23:01 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/01/20 22:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/01/20 22:23:01 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/01/20 22:23:00 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2008/01/20 22:23:00 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/20 22:23:00 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2008/01/20 22:23:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev)
DRV - [2007/10/10 18:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/03/05 11:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/16 05:05:48 | 000,014,464 | ---- | M] (Christian Diefer) [Kernel | System | Running] -- C:\Windows\System32\drivers\fanio.sys -- (fanio)
DRV - [2006/11/21 05:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 05:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 04:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 04:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 04:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006/11/02 04:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 04:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 04:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2983540585-2013573526-3603927823-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKU\S-1-5-21-2983540585-2013573526-3603927823-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2983540585-2013573526-3603927823-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2983540585-2013573526-3603927823-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2983540585-2013573526-3603927823-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.ca"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.9
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.9
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\Windows\ [2012/06/05 15:30:10 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\CW\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\CW\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/05 17:06:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/05 17:06:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{2E24FA3E-AF45-11E1-8270-B8AC6F996F26}: C:\Users\CW\AppData\Local\{2E24FA3E-AF45-11E1-8270-B8AC6F996F26}\ [2012/06/05 15:32:58 | 000,000,000 | ---D | M]

[2011/01/10 04:24:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CW\AppData\Roaming\Mozilla\Extensions
[2012/06/05 16:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CW\AppData\Roaming\Mozilla\Firefox\Profiles\t42tfozs.default\extensions
[2011/03/06 10:16:04 | 000,002,567 | ---- | M] () -- C:\Users\CW\AppData\Roaming\Mozilla\Firefox\Profiles\t42tfozs.default\searchplugins\askcom.xml
[2012/01/29 17:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/09 22:06:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/05 15:32:58 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\CW\APPDATA\LOCAL\{2E24FA3E-AF45-11E1-8270-B8AC6F996F26}
[2012/06/05 16:11:31 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\CW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T42TFOZS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/04 03:50:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll
[2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/29 17:26:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 17:26:04 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Skype Click to Call = C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TblMouse] TblMouse.exe File not found
O4 - HKLM..\Run: [tcoxy] C:\Users\CW\AppData\Roaming\tcoxy.dll (DT Soft Ltd)
O4 - HKU\S-1-5-21-2983540585-2013573526-3603927823-1000..\Run: [ChromeFrameHelper] C:\Users\CW\AppData\Local\Google\Chrome\Application\19.0.1084.52\chrome_frame_helper.exe (Google Inc.)
O4 - HKU\S-1-5-21-2983540585-2013573526-3603927823-1000..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
O4 - HKU\S-1-5-21-2983540585-2013573526-3603927823-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2983540585-2013573526-3603927823-1000..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\CW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe ()
O4 - Startup: C:\Users\CW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\CW\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2983540585-2013573526-3603927823-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2983540585-2013573526-3603927823-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2983540585-2013573526-3603927823-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_3/DaumActiveX.cab?ver=2,0,1,3 (Daum ActiveX manager Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.100.100.128 128.100.96.34
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1844231D-006C-430C-A823-7E4B2B0516C9}: DhcpNameServer = 172.16.48.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99B44AD6-AAF4-4FF1-AC2F-10424C791EE5}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED924AA9-2D31-4977-A7F4-2CD29B6E911E}: DhcpNameServer = 128.100.100.128 128.100.96.34
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\CW\Pictures\Military Stuff\Firearms\Rifles\Mosin-Nagant M1891-30 7.62mm Rifle, 1938 & 1944 7.62mm Carbines\3-4-Mosin-Nagant-1200-watermark.jpg
O24 - Desktop BackupWallPaper: C:\Users\CW\Pictures\Military Stuff\Firearms\Rifles\Mosin-Nagant M1891-30 7.62mm Rifle, 1938 & 1944 7.62mm Carbines\3-4-Mosin-Nagant-1200-watermark.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - StartUpFolder: C:^Users^CW^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 0

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2012/06/05 17:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/05 17:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/06/05 16:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/05 16:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/05 16:26:35 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/05 16:26:35 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/05 16:26:15 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/05 16:26:15 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/05 15:37:40 | 000,000,000 | ---D | C] -- C:\Users\CW\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/05 15:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/05 15:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/05 15:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/05 15:32:58 | 000,000,000 | ---D | C] -- C:\Users\CW\AppData\Local\{2E253531-AF45-11E1-8270-B8AC6F996F26}
[2012/06/05 15:32:57 | 000,000,000 | ---D | C] -- C:\Users\CW\AppData\Local\{2E24FA3E-AF45-11E1-8270-B8AC6F996F26}
[2012/06/05 15:32:28 | 000,266,240 | ---- | C] (M-Audio) -- C:\Users\CW\AppData\Roaming\vcesp.dll
[2012/06/05 11:38:37 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/06/04 19:05:31 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\CW\Desktop\TDSSKiller.exe
[2012/06/04 17:25:03 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\CW\Desktop\junction.exe
[2012/06/02 15:15:47 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/06/02 15:04:07 | 000,130,560 | ---- | C] (DT Soft Ltd) -- C:\Users\CW\AppData\Roaming\tcoxy.dll
[2012/06/02 11:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bk-Tools English
[2012/06/02 11:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Bk-Tools English
[2012/06/02 11:12:03 | 001,329,302 | ---- | C] (www.promoffice.com ) -- C:\Users\CW\Desktop\bk-tools-eng-102.exe
[2012/05/25 11:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\9b3555
[2012/05/24 18:14:21 | 000,000,000 | ---D | C] -- C:\Users\CW\AppData\Local\PunkBuster
[2012/05/24 18:14:20 | 000,000,000 | ---D | C] -- C:\Users\CW\AppData\Local\CrashRpt
[2012/05/24 18:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Chart Controls
[2012/05/24 14:57:03 | 000,000,000 | ---D | C] -- C:\Users\CW\AppData\Roaming\Yahoo!
[2012/05/22 16:03:46 | 000,000,000 | ---D | C] -- C:\Windows\APW_DATA
[2012/05/22 16:03:46 | 000,000,000 | ---D | C] -- C:\Users\CW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3M Learning Software
[2012/05/22 10:46:53 | 000,000,000 | ---D | C] -- C:\Users\CW\Desktop\Star Trek Borg
[2012/05/21 20:37:25 | 000,000,000 | ---D | C] -- C:\Users\CW\VirtualDubMod_1_5_10_2_b2542
[2012/05/17 02:17:26 | 000,006,144 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\moufiltr.sys
[2012/05/17 02:16:03 | 000,006,144 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\walvhid.sys
[2012/05/17 02:15:56 | 000,000,000 | ---D | C] -- C:\Windows\vhid
[2012/05/17 02:14:02 | 000,114,336 | ---- | C] (WALTOP International Corp.) -- C:\Windows\System32\WINTAB32.DLL
[2012/05/17 02:14:02 | 000,000,000 | ---D | C] -- C:\Windows\udtablet
[2012/05/17 02:14:01 | 001,753,088 | ---- | C] (WALTOP International Corp.) -- C:\Windows\System32\TblRes.dll
[2012/05/17 02:14:01 | 001,515,168 | ---- | C] (WALTOP International Corp.) -- C:\Windows\System32\TABLET.CPL
[2012/05/17 02:14:01 | 000,106,144 | ---- | C] (Aiptek) -- C:\Windows\System32\Tblfunc.dll
[2012/05/17 02:14:01 | 000,049,152 | ---- | C] (WALTOP International Corp.) -- C:\Windows\System32\ATWinLog.dll
[2012/05/17 02:14:01 | 000,036,864 | ---- | C] (Aiptek) -- C:\Windows\System32\UTBLFILT.DLL
[2012/05/17 02:14:00 | 000,073,376 | ---- | C] (WALTOP International Corp.) -- C:\Windows\System32\Funckey.dll
[2012/05/17 02:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Tablet
[2012/05/17 02:13:58 | 000,000,000 | ---D | C] -- C:\Windows\calib_da
[2012/05/14 02:53:14 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/14 02:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/05/10 14:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AppData
[2012/05/09 22:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/09 22:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[18 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/06 11:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/06 11:08:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2983540585-2013573526-3603927823-1000UA.job
[2012/06/06 09:48:50 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/06 09:48:50 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/05 23:16:50 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
[2012/06/05 19:50:59 | 000,047,746 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/06/05 19:48:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/05 19:46:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/05 16:34:56 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/05 16:34:56 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/05 16:24:59 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/05 16:24:58 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/05 16:08:09 | 000,115,712 | ---- | M] () -- C:\Users\CW\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/05 15:37:25 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/05 15:32:29 | 000,266,240 | ---- | M] (M-Audio) -- C:\Users\CW\AppData\Roaming\vcesp.dll
[2012/06/05 14:08:31 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2983540585-2013573526-3603927823-1000Core.job
[2012/06/05 11:38:37 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/06/05 11:29:22 | 000,853,862 | ---- | M] () -- C:\Users\CW\Desktop\SecurityCheck.exe
[2012/06/04 17:01:10 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/04 16:58:09 | 008,595,692 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/04 16:58:08 | 003,035,372 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/02 15:04:28 | 000,000,432 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/06/02 15:04:07 | 000,130,560 | ---- | M] (DT Soft Ltd) -- C:\Users\CW\AppData\Roaming\tcoxy.dll
[2012/06/02 14:43:46 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/05/31 03:56:54 | 008,102,964 | ---- | M] () -- C:\Users\CW\Osprey Duel 34 E Boat vs MTB The English Channel 1941 1945.rar
[2012/05/29 01:54:38 | 000,001,944 | ---- | M] () -- C:\Users\CW\Documents\Oruzhie Pobeda.mpcpl
[2012/05/28 23:20:47 | 009,137,951 | ---- | M] () -- C:\Users\CW\Desktop\Osprey Duel 34 E Boat vs MTB The English Channel 1941 1945.pdf
[2012/05/28 21:47:52 | 000,000,600 | ---- | M] () -- C:\Users\CW\AppData\Local\PUTTY.RND
[2012/05/28 04:23:11 | 000,011,162 | ---- | M] () -- C:\Users\CW\Documents\rp.rtf
[2012/05/27 14:18:51 | 000,114,718 | ---- | M] () -- C:\Users\CW\Documents\fs.rtf
[2012/05/25 17:56:10 | 000,006,230 | ---- | M] () -- C:\Users\CW\Documents\The Mechanical Universe.mpcpl
[2012/05/24 18:08:32 | 000,138,056 | ---- | M] () -- C:\Users\CW\AppData\Roaming\PnkBstrK.sys
[2012/05/24 15:44:35 | 000,000,785 | ---- | M] () -- C:\Users\CW\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/24 15:44:35 | 000,000,761 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/05/21 16:40:50 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\CW\Desktop\TDSSKiller.exe
[2012/05/20 23:23:17 | 000,002,318 | ---- | M] () -- C:\Users\CW\Documents\Connections 2.mpcpl
[2012/05/20 12:30:40 | 000,000,048 | ---- | M] () -- C:\Windows\Sierra.ini
[2012/05/18 10:04:06 | 000,045,194 | ---- | M] () -- C:\Users\CW\AppData\Roaming\room_v3.dat
[2012/05/17 01:54:02 | 000,005,817 | ---- | M] () -- C:\Users\CW\Desktop\SAI brushes.zip
[2012/05/14 02:52:58 | 000,000,973 | ---- | M] () -- C:\Users\CW\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[18 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/05 23:16:50 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
[2012/06/05 15:37:25 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/05 11:28:55 | 000,853,862 | ---- | C] () -- C:\Users\CW\Desktop\SecurityCheck.exe
[2012/06/04 17:16:07 | 000,302,592 | ---- | C] () -- C:\Users\CW\Desktop\gmer.exe
[2012/06/04 16:57:53 | 000,001,817 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/31 10:26:01 | 009,137,951 | ---- | C] () -- C:\Users\CW\Desktop\Osprey Duel 34 E Boat vs MTB The English Channel 1941 1945.pdf
[2012/05/31 03:56:53 | 008,102,964 | ---- | C] () -- C:\Users\CW\Osprey Duel 34 E Boat vs MTB The English Channel 1941 1945.rar
[2012/05/29 01:54:38 | 000,001,944 | ---- | C] () -- C:\Users\CW\Documents\Oruzhie Pobeda.mpcpl
[2012/05/28 04:23:10 | 000,011,162 | ---- | C] () -- C:\Users\CW\Documents\rp.rtf
[2012/05/25 17:56:10 | 000,006,230 | ---- | C] () -- C:\Users\CW\Documents\The Mechanical Universe.mpcpl
[2012/05/24 18:08:30 | 000,138,056 | ---- | C] () -- C:\Users\CW\AppData\Roaming\PnkBstrK.sys
[2012/05/24 18:05:51 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/05/24 18:05:39 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/05/24 15:44:35 | 000,000,785 | ---- | C] () -- C:\Users\CW\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/24 15:44:35 | 000,000,761 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/05/20 23:23:17 | 000,002,318 | ---- | C] () -- C:\Users\CW\Documents\Connections 2.mpcpl
[2012/05/17 02:14:00 | 000,396,960 | ---- | C] () -- C:\Windows\System32\ATWTUSB.EXE
[2012/05/17 02:14:00 | 000,118,432 | ---- | C] () -- C:\Windows\System32\Calibration.exe
[2012/05/17 02:14:00 | 000,106,144 | ---- | C] () -- C:\Windows\RmTablet.exe
[2012/05/17 02:14:00 | 000,052,896 | ---- | C] () -- C:\Windows\System32\InstallService.exe
[2012/05/17 02:13:58 | 000,007,582 | ---- | C] () -- C:\Windows\aiptbl.ini
[2012/05/17 01:53:13 | 000,005,817 | ---- | C] () -- C:\Users\CW\Desktop\SAI brushes.zip
[2012/05/14 02:53:16 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/14 02:52:58 | 000,000,973 | ---- | C] () -- C:\Users\CW\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/05/10 14:14:18 | 000,001,638 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes.lnk
[2012/05/10 14:14:17 | 000,001,738 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Journal.lnk
[2012/01/24 11:17:28 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/12/31 14:29:32 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/12/31 14:29:32 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/12/24 02:04:50 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2011/12/15 12:08:12 | 000,000,600 | ---- | C] () -- C:\Users\CW\AppData\Local\PUTTY.RND
[2011/09/29 00:57:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/29 00:57:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/29 00:57:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/29 00:57:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/29 00:57:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/25 19:36:33 | 000,354,304 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2011/09/25 19:36:33 | 000,110,080 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2011/09/25 19:36:33 | 000,008,192 | ---- | C] () -- C:\Windows\System32\pythoncomloader26.dll
[2011/09/23 18:10:48 | 000,132,560 | R--- | C] () -- C:\Windows\System32\IS3HTUI5.dll
[2011/09/23 18:10:46 | 000,546,256 | R--- | C] () -- C:\Windows\System32\SZComp5.dll
[2011/09/23 18:10:46 | 000,480,720 | R--- | C] () -- C:\Windows\System32\SZBase5.dll
[2011/09/23 18:10:44 | 000,398,800 | R--- | C] () -- C:\Windows\System32\IS3DBA5.dll
[2011/09/23 18:10:44 | 000,099,792 | R--- | C] () -- C:\Windows\System32\IS3Svc5.dll
[2011/09/23 18:10:44 | 000,067,024 | R--- | C] () -- C:\Windows\System32\IS3Hks5.dll
[2011/06/17 22:04:14 | 000,000,024 | ---- | C] () -- C:\Windows\MSBSETUP.INI
[2011/06/09 10:00:22 | 000,085,658 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/05/25 10:47:51 | 000,045,194 | ---- | C] () -- C:\Users\CW\AppData\Roaming\room_v3.dat
[2011/05/21 11:14:18 | 000,000,339 | ---- | C] () -- C:\Windows\EDofMA.ini
[2011/05/20 11:16:00 | 000,001,211 | ---- | C] () -- C:\Windows\eReg.dat
[2011/05/19 01:07:37 | 000,047,746 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/05/19 01:07:37 | 000,047,746 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/05/18 10:14:43 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/05/18 01:21:16 | 000,000,096 | ---- | C] () -- C:\Windows\conserv.ini
[2011/05/18 01:12:52 | 000,000,227 | ---- | C] () -- C:\Windows\CLIMATE.INI
[2011/05/18 00:58:15 | 000,000,181 | ---- | C] () -- C:\Windows\ASSESS.INI
[2011/05/18 00:58:15 | 000,000,106 | ---- | C] () -- C:\Windows\GEOGRPHY.INI
[2011/05/18 00:47:10 | 000,000,266 | ---- | C] () -- C:\Windows\DWINDLE.INI
[2011/05/18 00:34:03 | 000,000,141 | ---- | C] () -- C:\Windows\asym.ini
[2011/05/15 00:50:30 | 000,000,552 | ---- | C] () -- C:\Users\CW\AppData\Local\d3d8caps.dat
[2011/05/13 11:42:05 | 000,027,050 | ---- | C] () -- C:\Users\CW\AppData\Roaming\nvModes.001
[2011/05/13 11:41:53 | 000,027,050 | ---- | C] () -- C:\Users\CW\AppData\Roaming\nvModes.dat
[2011/05/13 11:40:23 | 000,000,048 | ---- | C] () -- C:\Windows\Sierra.ini
[2011/04/17 02:45:08 | 000,046,658 | ---- | C] () -- C:\Users\CW\AppData\Roaming\room.dat
[2011/03/28 01:58:09 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2011/03/18 21:25:14 | 000,165,376 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011/03/18 21:25:08 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011/03/03 16:27:53 | 000,000,231 | ---- | C] () -- C:\Windows\QTW.INI
[2011/03/03 16:26:15 | 000,000,037 | ---- | C] () -- C:\Windows\MARIS.INI
[2011/02/20 23:52:29 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2011/02/02 11:34:01 | 000,002,587 | ---- | C] () -- C:\Windows\WAVEMIX.INI
[2011/01/28 22:46:32 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2011/01/28 19:47:14 | 000,069,632 | ---- | C] () -- C:\Windows\UNINSTCC.EXE
[2011/01/15 18:19:54 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/01/15 18:19:54 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2011/01/15 18:19:54 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/01/15 18:17:31 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2011/01/10 04:24:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/08 00:42:47 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011/01/07 23:12:39 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/01/07 01:37:44 | 000,006,427 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/01/07 00:03:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/07 00:01:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/06 18:41:31 | 000,115,712 | ---- | C] () -- C:\Users\CW\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/06 17:40:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/01/06 16:01:56 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2011/01/06 15:26:58 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/01/06 02:32:07 | 000,008,484 | ---- | C] () -- C:\Users\CW\AppData\Local\d3d9caps.dat

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/06/05 11:38:37 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamswissarmy.sys

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]

< MD5 for: AFD.SYS >
[2008/01/20 22:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/10 22:47:04 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\System32\drivers\afd.sys
[2009/04/10 22:47:04 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: NETBT.SYS >
[2008/01/20 22:24:59 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2009/04/10 22:45:38 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2009/04/10 22:45:38 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

< MD5 for: TDX.SYS >
[2011/09/27 18:34:42 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\System32\drivers\tdx.sys
[2011/09/27 18:34:42 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[2008/01/20 22:24:53 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2006/11/02 05:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 00:32:56 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 00:32:56 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 00:32:56 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/20 22:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 22:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/04 03:50:32 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/04 03:50:32 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/04 03:50:32 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/04 03:50:41 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/04 03:50:41 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/04 03:50:41 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\CW\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\CW\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\CW\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\CW\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/02/22 00:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/02/22 00:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/02/22 00:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/02/22 02:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/02/22 02:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/04 03:50:32 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/04 03:50:32 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/04 03:50:32 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/04 03:50:41 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/04 03:50:41 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/04 03:50:41 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\CW\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\CW\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\CW\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\CW\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/02/22 00:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/02/22 00:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/02/22 00:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/02/22 02:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/02/22 02:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)

========== Files - Unicode (All) ==========
[2012/02/04 12:36:52 | 050,015,637 | ---- | C] ()(C:\Users\CW\Documents\????? - ?. ?????????? - ?????????? ?????. ????????????? ????? ?????????.pdf) -- C:\Users\CW\Documents\Эксмо - С. Виноградов - Броненосец Слава. Непобежденный герой Моонзунда.pdf
[2011/06/27 18:27:40 | 050,015,637 | ---- | M] ()(C:\Users\CW\Documents\????? - ?. ?????????? - ?????????? ?????. ????????????? ????? ?????????.pdf) -- C:\Users\CW\Documents\Эксмо - С. Виноградов - Броненосец Слава. Непобежденный герой Моонзунда.pdf

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

< End of report >

Extras.txt

OTL Extras logfile created on: 6/6/2012 11:32:19 AM - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\CW\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 39.89% Memory free
6.21 Gb Paging File | 4.07 Gb Available in Paging File | 65.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.00 Gb Total Space | 15.26 Gb Free Space | 10.45% Space Free | Partition Type: NTFS
Drive D: | 570.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 298.06 Gb Total Space | 35.94 Gb Free Space | 12.06% Space Free | Partition Type: NTFS
Drive Z: | 3.00 Gb Total Space | 2.95 Gb Free Space | 98.41% Space Free | Partition Type: FAT32

Computer Name: CW-PC | User Name: CW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2983540585-2013573526-3603927823-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F5E899F-7622-468A-9C0A-9CE49833829E}" = GZM
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{43D1A6DC-F2D3-4EBC-8851-CC8B9C0C8763}_is1" = ApexDC++ 1.5.2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E27575D-3EC5-49E9-AADD-BC2520609642}" = CNC 3 Map Manager
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5673CFC4-FFEA-4B55-986E-62AB26F8D4AA}" = Flexible Survival
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6151CF20-0BD8-4023-A4A0-6A86DCFE58E5}" = Python 2.6.6
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E3F691A-4972-47FF-9E09-1981B62A5D5A}_is1" = Moyea FLV Editor Lite version: 1.1.1.846
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5670-0000-A00000000003}" = Korean Fonts Support For Adobe Reader X
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D064F16E-88DA-4E8F-BBAE-0E2AA9A6AE61}" = VP6 Decoder
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"All Units Mod" = All Units Mod
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Banshee Screamer Alarm_is1" = Banshee Screamer Alarm 2.55
"Bink and Smacker" = Bink and Smacker
"Bk-Tools English_is1" = Bk-Tools English 1.0.2
"Blitzkrieg" = Blitzkrieg Anthology: Blitzkrieg
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"Command & Conquer 95" = Command & Conquer Windows 95
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"DiGi Internet" = DiGi Internet
"DivX Setup" = DivX Setup
"DjVuLibre+DjView" = DjVuLibre+DjView
"DragonUnPACKer5_is1" = Dragon UnPACKer 5
"eMule" = eMule
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow" = ffdshow
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"Garena" = Garena 2010
"I8kfanGUI" = I8kfanGUI V3.1
"ImgBurn" = ImgBurn
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Maxima-5.25.1_is1" = Maxima 5.25.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSB Dino" = Magic School Bus - Dinosaurs
"NVIDIA Drivers" = NVIDIA Drivers
"PageNest_is1" = PageNest
"PaintToolSAI" = PaintTool SAI Ver.1
"pepakura_viewer3en" = Pepakura Viewer 3
"PowerISO" = PowerISO
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PunkBusterSvc" = PunkBuster Services
"PuTTY_is1" = PuTTY version 0.62
"PyQt4 - QtHelp 4.7.1" = PyQt4 - QtHelp 4.7.1
"PyQt4 - Qwt5 5.2.1" = PyQt4 - Qwt5 5.2.1
"Python 2.6 - Cython 0.14.1" = Python 2.6 - Cython 0.14.1
"Python 2.6 - docutils 0.7" = Python 2.6 - docutils 0.7
"Python 2.6 - EnthoughtToolSuite 3.6.0" = Python 2.6 - EnthoughtToolSuite 3.6.0
"Python 2.6 - formlayout 1.0.9" = Python 2.6 - formlayout 1.0.9
"Python 2.6 - gdal 1.8.0" = Python 2.6 - gdal 1.8.0
"Python 2.6 - Gnuplot 1.8" = Python 2.6 - Gnuplot 1.8
"Python 2.6 - guidata 1.3.0" = Python 2.6 - guidata 1.3.0
"Python 2.6 - guiqwt 2.1.0" = Python 2.6 - guiqwt 2.1.0
"Python 2.6 - h5py 1.3.1" = Python 2.6 - h5py 1.3.1
"Python 2.6 - IPython 0.10.1" = Python 2.6 - IPython 0.10.1
"Python 2.6 - jinja2 2.5.5" = Python 2.6 - jinja2 2.5.5
"Python 2.6 - matplotlib 1.0.1" = Python 2.6 - matplotlib 1.0.1
"Python 2.6 - mdp 3.1" = Python 2.6 - mdp 3.1
"Python 2.6 - netcdf4 0.9.3" = Python 2.6 - netcdf4 0.9.3
"Python 2.6 - networkx 1.4" = Python 2.6 - networkx 1.4
"Python 2.6 - numexpr 1.4.2" = Python 2.6 - numexpr 1.4.2
"Python 2.6 - numpy 1.5.1" = Python 2.6 - numpy 1.5.1
"Python 2.6 - opencv 2.1.0.wr1.1.0" = Python 2.6 - opencv 2.1.0.wr1.1.0
"Python 2.6 - PIL 1.1.7.1" = Python 2.6 - PIL 1.1.7.1
"Python 2.6 - pp 1.6.1" = Python 2.6 - pp 1.6.1
"Python 2.6 - py2exe 0.6.9" = Python 2.6 - py2exe 0.6.9
"Python 2.6 - pygments 1.4.0" = Python 2.6 - pygments 1.4.0
"Python 2.6 - pyhdf 0.8.3" = Python 2.6 - pyhdf 0.8.3
"Python 2.6 - pyparallel 0.2.0.1" = Python 2.6 - pyparallel 0.2.0.1
"Python 2.6 - PyQt4 4.8.3" = Python 2.6 - PyQt4 4.8.3
"Python 2.6 - pyreadline 1.6" = Python 2.6 - pyreadline 1.6
"Python 2.6 - pyserial 2.5.0" = Python 2.6 - pyserial 2.5.0
"Python 2.6 - pyvisa 1.3" = Python 2.6 - pyvisa 1.3
"Python 2.6 - pywin32 2.16" = Python 2.6 - pywin32 2.16
"Python 2.6 - pywinauto 0.4.0" = Python 2.6 - pywinauto 0.4.0
"Python 2.6 - reportlab 2.5" = Python 2.6 - reportlab 2.5
"Python 2.6 - rst2pdf 0.16" = Python 2.6 - rst2pdf 0.16
"Python 2.6 - scikits.timeseries 0.91.3" = Python 2.6 - scikits.timeseries 0.91.3
"Python 2.6 - scipy 0.9.0" = Python 2.6 - scipy 0.9.0
"Python 2.6 - SendKeys 0.3" = Python 2.6 - SendKeys 0.3
"Python 2.6 - setuptools 0.6.11" = Python 2.6 - setuptools 0.6.11
"Python 2.6 - simplejson 2.1.3" = Python 2.6 - simplejson 2.1.3
"Python 2.6 - sphinx 1.0.7" = Python 2.6 - sphinx 1.0.7
"Python 2.6 - spyder 2.0.10" = Python 2.6 - spyder 2.0.10
"Python 2.6 - tables 2.2.1" = Python 2.6 - tables 2.2.1
"Python 2.6 - vitables 2.1" = Python 2.6 - vitables 2.1
"Python 2.6 - vpython 5.41" = Python 2.6 - vpython 5.41
"Python 2.6 - vtk 5.6.1.1" = Python 2.6 - vtk 5.6.1.1
"Python 2.6 - wxPython 2.8.11.0" = Python 2.6 - wxPython 2.8.11.0
"Python 2.6 - xy 1.2.5" = Python 2.6 - xy 1.2.5
"Python(x,y)" = Python(x,y)
"Python(x,y) - xydoc 1.0.4" = Python(x,y) - xydoc 1.0.4
"QuickTime32" = QuickTime for Windows (32-bit)
"Red Alert" = Red Alert Windows 95
"Red Alert 2" = Command & Conquer Red Alert 2
"Rmtablet" = USB Tablet Manager
"ST6UNST #1" = SAM Simulator
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"TexMakerX_is1" = TexMakerX 2.1
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.8
"VobSub" = VobSub v2.23 (Remove Only)
"Warcraft III" = Warcraft III
"Warhammer 40000 Dawn of War II - Retribution_is1" = Warhammer 40000 Dawn of War II - Retribution
"WChat" = Westwood Online
"WindowsFrotz" = Windows Frotz
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.45-3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 4 (32-bit)
"XCC Utilities" = XCC Utilities 1.46
"XML Marker_is1" = XML Marker version 1.1
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"Yahoo! Messenger" = Yahoo! Messenger
"Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2983540585-2013573526-3603927823-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Google Chrome Frame" = Google Chrome Frame
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/4/2012 6:11:47 PM | Computer Name = CW-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/4/2012 6:13:13 PM | Computer Name = CW-PC | Source = WinMgmt | ID = 28
Description =

Error - 6/4/2012 7:27:21 PM | Computer Name = CW-PC | Source = Application Error | ID = 1000
Description = Faulting application game.exe, version 1.2.0.0, time stamp 0x3ea91468,
faulting module game.exe, version 1.2.0.0, time stamp 0x3ea91468, exception code
0xc0000005, fault offset 0x00026952, process id 0xed4, application start time 0x01cd42a6b76d9970.

Error - 6/4/2012 7:48:46 PM | Computer Name = CW-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 19.0.1084.52, time stamp
0x4fbc2f58, faulting module chrome.dll, version 19.0.1084.52, time stamp 0x4fbc2ede,
exception code 0x80000003, fault offset 0x00c7dbf6, process id 0xc0, application
start time 0x01cd42a9ef603ba0.

Error - 6/4/2012 11:40:23 PM | Computer Name = CW-PC | Source = Application Error | ID = 1000
Description = Faulting application game.exe, version 1.2.0.0, time stamp 0x3ea91468,
faulting module game.exe, version 1.2.0.0, time stamp 0x3ea91468, exception code
0xc0000005, fault offset 0x00026952, process id 0x1630, application start time 0x01cd42c82c1d42e0.

Error - 6/4/2012 11:58:11 PM | Computer Name = CW-PC | Source = Application Error | ID = 1000
Description = Faulting application game.exe, version 1.2.0.0, time stamp 0x3ea91468,
faulting module game.exe, version 1.2.0.0, time stamp 0x3ea91468, exception code
0xc0000005, fault offset 0x00009d36, process id 0x1700, application start time 0x01cd42cf5e44e7d0.

Error - 6/5/2012 12:32:40 AM | Computer Name = CW-PC | Source = Application Error | ID = 1000
Description = Faulting application game.exe, version 1.2.0.0, time stamp 0x3ea91468,
faulting module game.exe, version 1.2.0.0, time stamp 0x3ea91468, exception code
0xc0000005, fault offset 0x00026952, process id 0xde4, application start time 0x01cd42cf9deeaa60.

Error - 6/5/2012 3:30:45 PM | Computer Name = CW-PC | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1033
Description =

Error - 6/5/2012 3:31:16 PM | Computer Name = CW-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/5/2012 3:32:07 PM | Computer Name = CW-PC | Source = WinMgmt | ID = 28
Description =

[ System Events ]
Error - 6/3/2012 9:23:34 AM | Computer Name = CW-PC | Source = bowser | ID = 8003
Description =

Error - 6/4/2012 10:01:55 AM | Computer Name = CW-PC | Source = bowser | ID = 8003
Description =

Error - 6/4/2012 5:01:25 PM | Computer Name = CW-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.966.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error
code: 0x80096001 Error description: A system-level error occurred while verifying
trust.

Error - 6/4/2012 6:11:23 PM | Computer Name = CW-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Brother DCP-115C USB Printer
with shared resource name Brother DCP-115C USB Printer. Error 2114. The printer
cannot be used by others on the network.

Error - 6/4/2012 6:11:57 PM | Computer Name = CW-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 6/5/2012 3:30:47 PM | Computer Name = CW-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Brother DCP-115C USB Printer
with shared resource name Brother DCP-115C USB Printer. Error 2114. The printer
cannot be used by others on the network.

Error - 6/5/2012 3:31:23 PM | Computer Name = CW-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 6/5/2012 7:48:59 PM | Computer Name = CW-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Brother DCP-115C USB Printer
with shared resource name Brother DCP-115C USB Printer. Error 2114. The printer
cannot be used by others on the network.

Error - 6/5/2012 7:49:24 PM | Computer Name = CW-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 6/5/2012 7:59:15 PM | Computer Name = CW-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.1325.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error
code: 0x80096001 Error description: A system-level error occurred while verifying
trust.


< End of report >

5. Human input devices still not functioning, still using USB keyboard and mouse.

Thanks agains for your help! :)

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:25 AM

Posted 07 June 2012 - 02:14 AM

Hi cwjian90!

Not a problem! I'm glad to be of assistance! :)

Nope, no need to repost the SuperAntiSpyware log, I did take a look at it in your other thread.

We have some corruption with some registry keys as well as some other issues.

Lets see where we stand after you performing the following below:

ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.

ERUNT utility program
Download:

  • Please download ERUNT...by Lars Hederer. Save it to your desktop.
  • Double-click erunt-setup-exe to start the install process. Follow the install prompts.
  • Use the default install settings...
    say "NO" to the section that asks you to add ERUNT to the Start-Up folder. Enable this option later if desired.
  • Start ERUNT by opting to start the program at the end of setup -or- double click the desktop icon.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK ... Then click on "YES" to create the folder.
Run:
  • Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


NEXT:



Download the following registry fixes to your Desktop.

MpsSvc.reg
bfe.reg
mpsdrv.reg
wscsvc.reg
WinDefend.reg

Double click on each of the above registry fixes and allow it to be merged with your registry.

If you get a prompt from User Account Control, please allow it access.


NEXT:



OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\nvvsvc.exe -- (nvsvc)
    SRV - File not found [Disabled | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\CW\AppData\Local\Temp\pgtdqpoc.sys -- (pgtdqpoc)
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [TblMouse] TblMouse.exe File not found
    O4 - HKLM..\Run: [tcoxy] C:\Users\CW\AppData\Roaming\tcoxy.dll (DT Soft Ltd)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    [2012/06/05 15:32:58 | 000,000,000 | ---D | C] -- C:\Users\CW\AppData\Local\{2E253531-AF45-11E1-8270-B8AC6F996F26}
    [2012/06/05 15:32:57 | 000,000,000 | ---D | C] -- C:\Users\CW\AppData\Local\{2E24FA3E-AF45-11E1-8270-B8AC6F996F26}
    [2012/06/05 15:32:28 | 000,266,240 | ---- | C] (M-Audio) -- C:\Users\CW\AppData\Roaming\vcesp.dll
    [2012/06/02 15:15:47 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2012/06/02 15:04:07 | 000,130,560 | ---- | C] (DT Soft Ltd) -- C:\Users\CW\AppData\Roaming\tcoxy.dll
    [2012/05/25 11:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\9b3555
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL Fix log file.
3. ComboFix.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 cwjian90

cwjian90
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 14 June 2012 - 10:43 PM

Hi ST,

1. Nothing seems to have gone wrong so far...

2. Here is the OTL log:

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Service nvsvc stopped successfully!
Service nvsvc deleted successfully!
File C:\Windows\system32\nvvsvc.exe not found.
Service LiveUpdate stopped successfully!
Service LiveUpdate deleted successfully!
File C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE not found.
Error: No service named pgtdqpoc was found to stop!
Service\Driver key pgtdqpoc not found.
File C:\Users\CW\AppData\Local\Temp\pgtdqpoc.sys not found.
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TblMouse deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tcoxy not found.
File C:\Users\CW\AppData\Roaming\tcoxy.dll not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
C:\Users\CW\AppData\Local\{2E253531-AF45-11E1-8270-B8AC6F996F26} folder moved successfully.
C:\Users\CW\AppData\Local\{2E24FA3E-AF45-11E1-8270-B8AC6F996F26}\chrome\content folder moved successfully.
C:\Users\CW\AppData\Local\{2E24FA3E-AF45-11E1-8270-B8AC6F996F26}\chrome folder moved successfully.
C:\Users\CW\AppData\Local\{2E24FA3E-AF45-11E1-8270-B8AC6F996F26} folder moved successfully.
C:\Users\CW\AppData\Roaming\vcesp.dll moved successfully.
C:\Windows\System32\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\System32\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Windows\System32\%APPDATA%\Microsoft folder moved successfully.
C:\Windows\System32\%APPDATA% folder moved successfully.
File C:\Users\CW\AppData\Roaming\tcoxy.dll not found.
C:\ProgramData\9b3555 folder moved successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?
C:\Users\CW\Downloads\cmd.bat deleted successfully.
C:\Users\CW\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\CW\Downloads\cmd.bat deleted successfully.
C:\Users\CW\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
System Restore Service not available.

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 56502 bytes

User: All Users

User: CW
->Flash cache emptied: 264258 bytes

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: CW
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.46.1 log created on 06142012_103649

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
-----------------------------

3. Here's ComboFix:
ComboFix 12-06-14.01 - CW 06/14/2012 11:15:01.5.2 - x86
Running from: c:\users\CW\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Mozilla Maintenance Service
c:\program files\Mozilla Maintenance Service\maintenanceservice.exe
c:\program files\Mozilla Maintenance Service\Uninstall.exe
c:\program files\Mozilla Maintenance Service\updater.ini
c:\users\CW\ActOfWar_High_Treason_Patch1.exe
c:\users\CW\GCM_2-0-0_Installer.exe
c:\windows\~GLC0000.TMP
c:\windows\~GLC0001.TMP
c:\windows\~GLC0002.TMP
c:\windows\~GLC0003.TMP
c:\windows\~GLC0004.TMP
c:\windows\~GLC0005.TMP
c:\windows\~GLC0006.TMP
c:\windows\~GLH0000.TMP
c:\windows\~GLH0001.TMP
c:\windows\~GLH0002.TMP
c:\windows\~GLH0003.TMP
c:\windows\~GLH0004.TMP
c:\windows\~GLH0005.TMP
c:\windows\~GLH0006.TMP
c:\windows\Installer\{eda91281-93df-6658-3563-59120e5e5b5d}\@
c:\windows\Installer\{eda91281-93df-6658-3563-59120e5e5b5d}\L\00000004.@
c:\windows\Installer\{eda91281-93df-6658-3563-59120e5e5b5d}\L\1afb2d56
c:\windows\Installer\{eda91281-93df-6658-3563-59120e5e5b5d}\L\201d3dde
c:\windows\Installer\{eda91281-93df-6658-3563-59120e5e5b5d}\U\00000004.@
c:\windows\system32\~GLH00c5.TMP
c:\windows\system32\~GLH00c8.TMP
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MozillaMaintenance
-------\Service_MozillaMaintenance
.
.
((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 )))))))))))))))))))))))))))))))
.
.
2012-06-14 15:30 . 2012-06-14 15:34 -------- d-----w- c:\users\CW\AppData\Local\temp
2012-06-14 15:30 . 2012-06-14 15:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-14 15:30 . 2012-06-14 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 15:30 . 2012-06-14 15:30 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-14 14:48 . 2012-06-14 14:48 -------- d-----w- c:\program files\Dropbox
2012-06-14 14:36 . 2012-06-14 14:36 -------- d-----w- C:\_OTL
2012-06-14 14:33 . 2012-06-14 14:34 -------- d-----w- c:\program files\ERUNT
2012-06-12 03:05 . 2012-06-12 03:05 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-12 03:05 . 2012-06-12 03:05 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-11 21:49 . 2012-06-11 21:49 -------- d-----w- c:\program files\Datel
2012-06-11 21:44 . 2001-05-07 10:56 19805 ----a-w- c:\windows\system32\drivers\usbio.sys
2012-06-10 23:57 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59B30163-659A-4FD9-B95E-1ECC14DC0EB2}\mpengine.dll
2012-06-05 20:31 . 2012-06-05 20:31 -------- d-----w- c:\program files\Common Files\Java
2012-06-05 20:27 . 2012-06-05 20:27 -------- d-----w- c:\program files\Oracle
2012-06-05 20:26 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-05 19:37 . 2012-06-05 19:37 -------- d-----w- c:\users\CW\AppData\Roaming\SUPERAntiSpyware.com
2012-06-05 19:36 . 2012-06-05 19:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-05 19:36 . 2012-06-05 19:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-05 15:38 . 2012-06-05 15:38 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-04 21:02 . 2012-02-09 17:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C248074E-0300-47A8-8A50-F0ABE393689A}\gapaengine.dll
2012-06-04 20:54 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-06-02 15:12 . 2012-06-02 15:12 -------- d-----w- c:\program files\Bk-Tools English
2012-05-30 17:59 . 2012-05-30 17:59 4966600 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-05-24 22:14 . 2012-05-24 22:14 -------- d-----w- c:\users\CW\AppData\Local\PunkBuster
2012-05-24 22:14 . 2012-05-24 22:14 -------- d-----w- c:\users\CW\AppData\Local\CrashRpt
2012-05-24 22:09 . 2012-05-24 22:09 -------- d-----w- c:\program files\Microsoft Chart Controls
2012-05-24 22:08 . 2012-05-24 22:08 138056 ----a-w- c:\users\CW\AppData\Roaming\PnkBstrK.sys
2012-05-24 22:05 . 2012-05-24 22:05 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-05-24 22:05 . 2012-05-24 22:05 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-05-24 18:57 . 2012-05-24 18:57 -------- d-----w- c:\users\CW\AppData\Roaming\Yahoo!
2012-05-22 20:03 . 2012-05-26 03:04 -------- d-----w- c:\windows\APW_DATA
2012-05-22 00:37 . 2012-05-22 00:37 -------- d-----w- c:\users\CW\VirtualDubMod_1_5_10_2_b2542
2012-05-17 06:17 . 2009-03-09 03:15 6144 ----a-w- c:\windows\system32\drivers\moufiltr.sys
2012-05-17 06:16 . 2009-04-17 11:17 6144 ----a-w- c:\windows\system32\drivers\walvhid.sys
2012-05-17 06:15 . 2012-05-17 06:15 -------- d-----w- c:\windows\vhid
2012-05-17 06:14 . 2012-05-17 06:14 -------- d-----w- c:\windows\udtablet
2012-05-17 06:14 . 2009-07-10 13:48 114336 ----a-w- c:\windows\system32\WINTAB32.DLL
2012-05-17 06:14 . 2009-07-03 18:14 1515168 ----a-w- c:\windows\system32\TABLET.CPL
2012-05-17 06:14 . 2009-04-14 19:25 106144 ----a-w- c:\windows\system32\Tblfunc.dll
2012-05-17 06:14 . 2006-02-21 12:38 1753088 ------w- c:\windows\system32\TblRes.dll
2012-05-17 06:14 . 2005-06-18 14:51 49152 ------w- c:\windows\system32\ATWinLog.dll
2012-05-17 06:14 . 2001-05-24 07:58 36864 ------w- c:\windows\system32\UTBLFILT.DLL
2012-05-17 06:14 . 2009-07-13 18:15 106144 ----a-w- c:\windows\RmTablet.exe
2012-05-17 06:14 . 2009-07-13 18:15 396960 ----a-w- c:\windows\system32\ATWTUSB.EXE
2012-05-17 06:14 . 2009-06-26 18:54 118432 ------w- c:\windows\system32\Calibration.exe
2012-05-17 06:14 . 2007-08-11 09:30 52896 ------w- c:\windows\system32\InstallService.exe
2012-05-17 06:14 . 2007-04-25 12:27 73376 ------w- c:\windows\system32\Funckey.dll
2012-05-17 06:13 . 2012-05-17 06:13 -------- d-----w- c:\windows\calib_da
2012-05-17 06:13 . 2012-05-17 06:13 -------- d-----w- c:\programdata\Tablet
2012-05-17 06:13 . 2004-10-22 06:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-05 20:34 . 2012-05-14 06:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-05 20:34 . 2012-01-06 06:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 16:40 . 2011-11-16 07:01 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 22:47 . 2011-01-06 20:48 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2011-01-10 03:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 03:05 . 2012-01-29 21:26 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-10-06 23:35 177128 --sha-r- c:\windows\System32\hal.dll
2011-10-06 23:35 1083880 --sha-r- c:\windows\System32\drivers\ntfs.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\CW\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\CW\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\CW\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\CW\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800]
"ChromeFrameHelper"="c:\users\CW\AppData\Local\Google\Chrome\Application\19.0.1084.56\chrome_frame_helper.exe" [2012-06-07 96792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-10-07 279144]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-05-20 184320]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\CW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Banshee Screamer Alarm.lnk - c:\program files\Banshee Screamer Alarm\alarm.exe [2012-1-30 274432]
Dropbox.lnk - c:\users\CW\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 1 (0x1)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^CW^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\CW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2007-02-15 19:29 622592 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2006-07-19 19:51 65536 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-23 00:49 6591800 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 12:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-03 11:38 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 257696]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPNWMON
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 20:34]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2983540585-2013573526-3603927823-1000Core.job
- c:\users\CW\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-13 08:54]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2983540585-2013573526-3603927823-1000UA.job
- c:\users\CW\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-13 08:54]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.ca/
uInternet Settings,ProxyOverride = local;*.local
TCP: DhcpNameServer = 128.100.100.128 128.100.96.34
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_3/DaumActiveX.cab?ver=2,0,1,3
FF - ProfilePath - c:\users\CW\AppData\Roaming\Mozilla\Firefox\Profiles\t42tfozs.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.ca
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-All Units Mod - i:\allunits\Uninstal.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
AddRemove-MozillaMaintenanceService - c:\program files\Mozilla Maintenance Service\uninstall.exe
AddRemove-Red Alert 2 - c:\westwood\RA2\Uninstll.EXE
AddRemove-WChat - c:\westwood\WWONLINE\UNINSTWC.EXE
AddRemove-WindowsFrotz - c:\program files\Windows Frotz\Uninstall.exe
AddRemove-Yuri's Revenge - c:\westwood\RA2\Uninstll.EXE
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetBIOS]
"ImagePath"="system32\drivers\tsk426C.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5660)
c:\users\CW\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\brss01a.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\atwtusb.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\System32\rundll32.exe
c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe
c:\program files\Yahoo!\Messenger\YahooMessenger.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Yahoo!\Messenger\YahooMessenger.exe
c:\program files\Combined Community Codec Pack\MPC\mpc-hc.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2012-06-14 23:39:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 03:39
ComboFix2.txt 2011-10-11 05:34
ComboFix3.txt 2011-10-01 05:05
ComboFix4.txt 2011-09-30 19:29
ComboFix5.txt 2011-11-20 20:19
.
Pre-Run: 7,063,912,448 bytes free
Post-Run: 8,133,111,808 bytes free
.
- - End Of File - - 004C26602A025ADCBB39DFAB97C17411

4. Things seem to be the same as earlier. Nothing bad's happened though the HIDs are still nonfunctional.

Thanks,

cwjian90

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:25 AM

Posted 15 June 2012 - 01:23 AM

Hi cwjian90!

Please delete your current copy of OTL.exe from your Desktop and download a new copy from this link: OTL

OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    netbt.sys
    NetBIOS.*
    NetBIOS
    usbio.sys
    /md5stop
    c:\windows\APW_DATA\*.* /s
    "%WinDir%\$NtUninstallKB*$."
    HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\NetBIOS
    %systemroot%\*. /rp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Quick Scan button.
  • A report will open. Copy and Paste that report in your next reply.

Edited by SweetTech, 15 June 2012 - 01:23 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 cwjian90

cwjian90
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 15 June 2012 - 08:12 PM

Hi ST,

Scan's done:

OTL logfile created on: 6/15/2012 8:03:35 PM - Run 2
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\CW\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.30% Memory free
6.21 Gb Paging File | 4.23 Gb Available in Paging File | 68.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.00 Gb Total Space | 7.06 Gb Free Space | 4.84% Space Free | Partition Type: NTFS
Drive D: | 3.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 298.09 Gb Total Space | 8.46 Gb Free Space | 2.84% Space Free | Partition Type: NTFS
Drive I: | 298.06 Gb Total Space | 42.03 Gb Free Space | 14.10% Space Free | Partition Type: NTFS
Drive Z: | 3.00 Gb Total Space | 2.95 Gb Free Space | 98.41% Space Free | Partition Type: FAT32

Computer Name: CW-PC | User Name: CW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/15 20:02:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\CW\Desktop\OTL.exe
PRC - [2012/06/11 23:05:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/07 04:13:22 | 000,096,792 | ---- | M] (Google Inc.) -- C:\Users\CW\AppData\Local\Google\Chrome\Application\19.0.1084.56\chrome_frame_helper.exe
PRC - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\CW\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/30 20:56:42 | 010,207,232 | ---- | M] (MPC-HC Team) -- C:\Program Files\Combined Community Codec Pack\MPC\mpc-hc.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/07/13 14:15:38 | 000,396,960 | ---- | M] () -- C:\Windows\System32\ATWTUSB.EXE
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\aestsrv.exe
PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\STacSV.exe
PRC - [2007/05/09 18:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/02/16 12:58:12 | 000,856,064 | ---- | M] (Christian Diefer) -- C:\Program Files\I8kfanGUI\I8kfanGUI.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/11 23:05:09 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/02/22 20:49:38 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/03 13:40:46 | 000,552,960 | ---- | M] () -- C:\Program Files\Combined Community Codec Pack\Filters\Haali\splitter.ax
MOD - [2011/03/03 13:40:08 | 000,150,528 | ---- | M] () -- C:\Program Files\Combined Community Codec Pack\Filters\Haali\mkx.dll
MOD - [2011/03/03 13:39:46 | 000,141,824 | ---- | M] () -- C:\Program Files\Combined Community Codec Pack\Filters\Haali\mp4.dll
MOD - [2011/03/03 13:35:32 | 000,080,384 | ---- | M] () -- C:\Program Files\Combined Community Codec Pack\Filters\Haali\mkzlib.dll
MOD - [2011/03/03 13:35:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Combined Community Codec Pack\Filters\Haali\mkunicode.dll
MOD - [2011/01/29 22:06:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\9b8e883fd5fa51f026577156a0ee9d57\System.Runtime.Remoting.ni.dll
MOD - [2011/01/29 22:03:41 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ed6ae2749d12c4729ee43ff339de4bb8\System.ni.dll
MOD - [2011/01/29 22:02:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\98bbdd8c400493ad228b8283665cc9da\mscorlib.ni.dll
MOD - [2011/01/05 17:16:58 | 000,139,776 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/12/08 15:34:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2005/11/24 15:51:22 | 002,891,776 | ---- | M] () -- C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ffdshow.ax


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\WLTRYSVC.EXE %C:\Windows%\System32\bcmwltry.exe -- (wltrysvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2012/06/05 16:34:57 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 17:49:12 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/15 22:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/13 14:15:38 | 000,396,960 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ATWTUSB.EXE -- (WTService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\aestsrv.exe -- (AESTFilters)
SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\STacSV.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\szkgfs.sys -- (szkgfs)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | System | Stopped] -- system32\drivers\tsk426C.tmp -- (NetBIOS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\CW\AppData\Local\Temp\kbeepm.sys -- (kbeepm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012/06/14 23:39:26 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59B30163-659A-4FD9-B95E-1ECC14DC0EB2}\MpKsl8cb9bad5.sys -- (MpKsl8cb9bad5)
DRV - [2012/06/05 11:38:37 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/18 21:25:14 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/03/18 21:25:08 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009/06/25 17:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 17:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 17:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/16 02:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/17 07:17:54 | 000,006,144 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\walvhid.sys -- (vhidmini)
DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/03/08 23:15:14 | 000,006,144 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2008/09/26 06:04:10 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/05/06 04:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/02/11 15:42:38 | 000,232,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2008/02/04 13:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007/10/10 18:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/03/05 11:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/16 05:05:48 | 000,014,464 | ---- | M] (Christian Diefer) [Kernel | System | Running] -- C:\Windows\System32\drivers\fanio.sys -- (fanio)
DRV - [2006/11/21 05:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2001/05/07 06:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.ca"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\Windows\ [2012/06/14 11:34:13 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\CW\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\CW\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/11 23:05:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/05 17:06:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{2E24FA3E-AF45-11E1-8270-B8AC6F996F26}: C:\Users\CW\AppData\Local\{2E24FA3E-AF45-11E1-8270-B8AC6F996F26}\

[2011/01/10 04:24:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CW\AppData\Roaming\Mozilla\Extensions
[2012/06/14 23:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CW\AppData\Roaming\Mozilla\Firefox\Profiles\t42tfozs.default\extensions
[2012/06/14 11:04:41 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\CW\AppData\Roaming\Mozilla\Firefox\Profiles\t42tfozs.default\extensions\anttoolbar@ant.com
[2011/03/06 10:16:04 | 000,002,567 | ---- | M] () -- C:\Users\CW\AppData\Roaming\Mozilla\Firefox\Profiles\t42tfozs.default\searchplugins\askcom.xml
[2012/01/29 17:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/07 16:39:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/05 16:11:31 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\CW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T42TFOZS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/11 23:05:14 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll
[2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/29 17:26:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 17:26:04 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Skype Click to Call = C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\

O1 HOSTS File: ([2012/06/14 11:33:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [ChromeFrameHelper] C:\Users\CW\AppData\Local\Google\Chrome\Application\19.0.1084.56\chrome_frame_helper.exe (Google Inc.)
O4 - HKCU..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\CW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe ()
O4 - Startup: C:\Users\CW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\CW\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_3/DaumActiveX.cab?ver=2,0,1,3 (Daum ActiveX manager Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.100.100.128 128.100.96.34
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1844231D-006C-430C-A823-7E4B2B0516C9}: DhcpNameServer = 172.16.48.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99B44AD6-AAF4-4FF1-AC2F-10424C791EE5}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED924AA9-2D31-4977-A7F4-2CD29B6E911E}: DhcpNameServer = 128.100.100.128 128.100.96.34
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\CW\Pictures\Military Stuff\Firearms\Rifles\Mosin-Nagant M1891-30 7.62mm Rifle, 1938 & 1944 7.62mm Carbines\3-4-Mosin-Nagant-1200-watermark.jpg
O24 - Desktop BackupWallPaper: C:\Users\CW\Pictures\Military Stuff\Firearms\Rifles\Mosin-Nagant M1891-30 7.62mm Rifle, 1938 & 1944 7.62mm Carbines\3-4-Mosin-Nagant-1200-watermark.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - StartUpFolder: C:^Users^CW^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 0

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 20:02:17 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\CW\Desktop\OTL.exe
[2012/06/14 11:34:07 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/14 11:30:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/14 11:30:25 | 000,000,000 | ---D | C] -- C:\Users\CW\AppData\Local\temp
[2012/06/14 11:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Alert 3 - Revolution
[2012/06/14 11:09:40 | 004,557,483 | R--- | C] (Swearware) -- C:\Users\CW\Desktop\ComboFix.exe
[2012/06/14 10:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/06/14 10:36:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/14 10:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/06/14 10:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/06/11 17:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay Code Manager
[2012/06/11 17:49:40 | 000,000,000 | ---D | C] -- C:\Users\CW\Documents\Datel
[2012/06/11 17:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Datel
[2012/06/11 17:44:39 | 000,019,805 | ---- | C] (Thesycon GmbH, Germany) -- C:\Windows\System32\drivers\usbio.sys
[2012/06/07 16:39:38 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/06/05 17:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/05 17:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/06/05 16:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/05 16:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/05 15:37:40 | 000,000,000 | ---D | C] -- C:\Users\CW\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/05 15:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/05 15:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/05 15:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/05 11:38:37 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/06/04 19:05:31 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\CW\Desktop\TDSSKiller.exe
[2012/06/04 17:25:03 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\CW\Desktop\junction.exe
[2012/06/02 11:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bk-Tools English
[2012/06/02 11:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Bk-Tools English
[2012/06/02 11:12:03 | 001,329,302 | ---- | C] (www.promoffice.com ) -- C:\Users\CW\Desktop\bk-tools-eng-102.exe
[2012/05/24 18:14:21 | 000,000,000 | ---D | C] -- C:\Users\CW\AppData\Local\PunkBuster
[2012/05/24 18:14:20 | 000,000,000 | ---D | C] -- C:\Users\CW\AppData\Local\CrashRpt
[2012/05/24 18:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Chart Controls
[2012/05/24 14:57:03 | 000,000,000 | ---D | C] -- C:\Users\CW\AppData\Roaming\Yahoo!
[2012/05/22 16:03:46 | 000,000,000 | ---D | C] -- C:\Windows\APW_DATA
[2012/05/22 16:03:46 | 000,000,000 | ---D | C] -- C:\Users\CW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3M Learning Software
[2012/05/22 10:46:53 | 000,000,000 | ---D | C] -- C:\Users\CW\Desktop\Star Trek Borg
[2012/05/21 20:37:25 | 000,000,000 | ---D | C] -- C:\Users\CW\VirtualDubMod_1_5_10_2_b2542
[2012/05/17 02:17:26 | 000,006,144 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\moufiltr.sys
[2012/05/17 02:16:03 | 000,006,144 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\walvhid.sys
[2012/05/17 02:15:56 | 000,000,000 | ---D | C] -- C:\Windows\vhid
[2012/05/17 02:14:02 | 000,114,336 | ---- | C] (WALTOP International Corp.) -- C:\Windows\System32\WINTAB32.DLL
[2012/05/17 02:14:02 | 000,000,000 | ---D | C] -- C:\Windows\udtablet
[2012/05/17 02:14:01 | 001,753,088 | ---- | C] (WALTOP International Corp.) -- C:\Windows\System32\TblRes.dll
[2012/05/17 02:14:01 | 001,515,168 | ---- | C] (WALTOP International Corp.) -- C:\Windows\System32\TABLET.CPL
[2012/05/17 02:14:01 | 000,106,144 | ---- | C] (Aiptek) -- C:\Windows\System32\Tblfunc.dll
[2012/05/17 02:14:01 | 000,049,152 | ---- | C] (WALTOP International Corp.) -- C:\Windows\System32\ATWinLog.dll
[2012/05/17 02:14:01 | 000,036,864 | ---- | C] (Aiptek) -- C:\Windows\System32\UTBLFILT.DLL
[2012/05/17 02:14:00 | 000,073,376 | ---- | C] (WALTOP International Corp.) -- C:\Windows\System32\Funckey.dll
[2012/05/17 02:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Tablet
[2012/05/17 02:13:58 | 000,000,000 | ---D | C] -- C:\Windows\calib_da
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/15 20:13:21 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/15 20:08:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2983540585-2013573526-3603927823-1000UA.job
[2012/06/15 20:02:37 | 000,117,760 | ---- | M] () -- C:\Users\CW\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/15 20:02:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\CW\Desktop\OTL.exe
[2012/06/15 19:25:50 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 19:25:50 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 14:08:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2983540585-2013573526-3603927823-1000Core.job
[2012/06/15 13:38:10 | 003,235,068 | ---- | M] () -- C:\Users\CW\UoT0001.jpg
[2012/06/15 09:58:04 | 008,626,332 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/15 09:58:04 | 003,046,896 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/14 11:35:34 | 000,047,746 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/06/14 11:33:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/14 11:33:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/14 11:32:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/14 11:10:42 | 004,557,483 | R--- | M] (Swearware) -- C:\Users\CW\Desktop\ComboFix.exe
[2012/06/14 10:49:37 | 000,000,957 | ---- | M] () -- C:\Users\CW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/14 10:33:58 | 000,000,742 | ---- | M] () -- C:\Users\CW\Desktop\NTREGOPT.lnk
[2012/06/14 10:33:58 | 000,000,723 | ---- | M] () -- C:\Users\CW\Desktop\ERUNT.lnk
[2012/06/14 01:31:13 | 000,008,333 | ---- | M] () -- C:\Users\CW\Documents\avgn.mpcpl
[2012/06/11 19:53:25 | 000,000,707 | ---- | M] () -- C:\Users\CW\HP code.rtf
[2012/06/05 23:16:50 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
[2012/06/05 15:37:25 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/05 11:38:37 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/06/05 11:29:22 | 000,853,862 | ---- | M] () -- C:\Users\CW\Desktop\SecurityCheck.exe
[2012/06/04 17:01:10 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/02 14:43:46 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/05/31 03:56:54 | 008,102,964 | ---- | M] () -- C:\Users\CW\Osprey Duel 34 E Boat vs MTB The English Channel 1941 1945.rar
[2012/05/29 01:54:38 | 000,001,944 | ---- | M] () -- C:\Users\CW\Documents\Oruzhie Pobeda.mpcpl
[2012/05/28 23:20:47 | 009,137,951 | ---- | M] () -- C:\Users\CW\Desktop\Osprey Duel 34 E Boat vs MTB The English Channel 1941 1945.pdf
[2012/05/28 21:47:52 | 000,000,600 | ---- | M] () -- C:\Users\CW\AppData\Local\PUTTY.RND
[2012/05/28 04:23:11 | 000,011,162 | ---- | M] () -- C:\Users\CW\Documents\rp.rtf
[2012/05/27 14:18:51 | 000,114,718 | ---- | M] () -- C:\Users\CW\Documents\fs.rtf
[2012/05/25 17:56:10 | 000,006,230 | ---- | M] () -- C:\Users\CW\Documents\The Mechanical Universe.mpcpl
[2012/05/24 18:08:32 | 000,138,056 | ---- | M] () -- C:\Users\CW\AppData\Roaming\PnkBstrK.sys
[2012/05/24 15:44:35 | 000,000,785 | ---- | M] () -- C:\Users\CW\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/24 15:44:35 | 000,000,761 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/05/21 16:40:50 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\CW\Desktop\TDSSKiller.exe
[2012/05/20 23:23:17 | 000,002,318 | ---- | M] () -- C:\Users\CW\Documents\Connections 2.mpcpl
[2012/05/20 12:30:40 | 000,000,048 | ---- | M] () -- C:\Windows\Sierra.ini
[2012/05/18 10:04:06 | 000,045,194 | ---- | M] () -- C:\Users\CW\AppData\Roaming\room_v3.dat
[2012/05/17 01:54:02 | 000,005,817 | ---- | M] () -- C:\Users\CW\Desktop\SAI brushes.zip
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/15 13:37:57 | 003,235,068 | ---- | C] () -- C:\Users\CW\UoT0001.jpg
[2012/06/14 10:33:58 | 000,000,742 | ---- | C] () -- C:\Users\CW\Desktop\NTREGOPT.lnk
[2012/06/14 10:33:58 | 000,000,723 | ---- | C] () -- C:\Users\CW\Desktop\ERUNT.lnk
[2012/06/11 19:53:17 | 000,000,707 | ---- | C] () -- C:\Users\CW\HP code.rtf
[2012/06/05 23:16:50 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
[2012/06/05 15:37:25 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/05 11:28:55 | 000,853,862 | ---- | C] () -- C:\Users\CW\Desktop\SecurityCheck.exe
[2012/06/04 17:16:07 | 000,302,592 | ---- | C] () -- C:\Users\CW\Desktop\gmer.exe
[2012/06/04 16:57:53 | 000,001,817 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/31 10:26:01 | 009,137,951 | ---- | C] () -- C:\Users\CW\Desktop\Osprey Duel 34 E Boat vs MTB The English Channel 1941 1945.pdf
[2012/05/31 03:56:53 | 008,102,964 | ---- | C] () -- C:\Users\CW\Osprey Duel 34 E Boat vs MTB The English Channel 1941 1945.rar
[2012/05/29 01:54:38 | 000,001,944 | ---- | C] () -- C:\Users\CW\Documents\Oruzhie Pobeda.mpcpl
[2012/05/28 04:23:10 | 000,011,162 | ---- | C] () -- C:\Users\CW\Documents\rp.rtf
[2012/05/25 17:56:10 | 000,006,230 | ---- | C] () -- C:\Users\CW\Documents\The Mechanical Universe.mpcpl
[2012/05/24 18:08:30 | 000,138,056 | ---- | C] () -- C:\Users\CW\AppData\Roaming\PnkBstrK.sys
[2012/05/24 18:05:51 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/05/24 18:05:39 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/05/24 15:44:35 | 000,000,785 | ---- | C] () -- C:\Users\CW\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/24 15:44:35 | 000,000,761 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/05/20 23:23:17 | 000,002,318 | ---- | C] () -- C:\Users\CW\Documents\Connections 2.mpcpl
[2012/05/17 02:14:00 | 000,396,960 | ---- | C] () -- C:\Windows\System32\ATWTUSB.EXE
[2012/05/17 02:14:00 | 000,118,432 | ---- | C] () -- C:\Windows\System32\Calibration.exe
[2012/05/17 02:14:00 | 000,106,144 | ---- | C] () -- C:\Windows\RmTablet.exe
[2012/05/17 02:14:00 | 000,052,896 | ---- | C] () -- C:\Windows\System32\InstallService.exe
[2012/05/17 02:13:58 | 000,007,582 | ---- | C] () -- C:\Windows\aiptbl.ini
[2012/05/17 01:53:13 | 000,005,817 | ---- | C] () -- C:\Users\CW\Desktop\SAI brushes.zip
[2012/01/24 11:17:28 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/12/31 14:29:32 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/12/31 14:29:32 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/12/24 02:04:50 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2011/12/15 12:08:12 | 000,000,600 | ---- | C] () -- C:\Users\CW\AppData\Local\PUTTY.RND
[2011/09/29 00:57:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/29 00:57:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/29 00:57:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/29 00:57:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/29 00:57:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/25 19:36:33 | 000,354,304 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2011/09/25 19:36:33 | 000,110,080 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2011/09/25 19:36:33 | 000,008,192 | ---- | C] () -- C:\Windows\System32\pythoncomloader26.dll
[2011/09/23 18:10:48 | 000,132,560 | R--- | C] () -- C:\Windows\System32\IS3HTUI5.dll
[2011/09/23 18:10:46 | 000,546,256 | R--- | C] () -- C:\Windows\System32\SZComp5.dll
[2011/09/23 18:10:46 | 000,480,720 | R--- | C] () -- C:\Windows\System32\SZBase5.dll
[2011/09/23 18:10:44 | 000,398,800 | R--- | C] () -- C:\Windows\System32\IS3DBA5.dll
[2011/09/23 18:10:44 | 000,099,792 | R--- | C] () -- C:\Windows\System32\IS3Svc5.dll
[2011/09/23 18:10:44 | 000,067,024 | R--- | C] () -- C:\Windows\System32\IS3Hks5.dll
[2011/06/17 22:04:14 | 000,000,024 | ---- | C] () -- C:\Windows\MSBSETUP.INI
[2011/06/09 10:00:22 | 000,085,658 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/05/25 10:47:51 | 000,045,194 | ---- | C] () -- C:\Users\CW\AppData\Roaming\room_v3.dat
[2011/05/21 11:14:18 | 000,000,339 | ---- | C] () -- C:\Windows\EDofMA.ini
[2011/05/20 11:16:00 | 000,001,211 | ---- | C] () -- C:\Windows\eReg.dat
[2011/05/19 01:07:37 | 000,047,746 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/05/19 01:07:37 | 000,047,746 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/05/18 10:14:43 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/05/18 01:21:16 | 000,000,096 | ---- | C] () -- C:\Windows\conserv.ini
[2011/05/18 01:12:52 | 000,000,227 | ---- | C] () -- C:\Windows\CLIMATE.INI
[2011/05/18 00:58:15 | 000,000,181 | ---- | C] () -- C:\Windows\ASSESS.INI
[2011/05/18 00:58:15 | 000,000,106 | ---- | C] () -- C:\Windows\GEOGRPHY.INI
[2011/05/18 00:47:10 | 000,000,266 | ---- | C] () -- C:\Windows\DWINDLE.INI
[2011/05/18 00:34:03 | 000,000,141 | ---- | C] () -- C:\Windows\asym.ini
[2011/05/15 00:50:30 | 000,000,552 | ---- | C] () -- C:\Users\CW\AppData\Local\d3d8caps.dat
[2011/05/13 11:42:05 | 000,027,050 | ---- | C] () -- C:\Users\CW\AppData\Roaming\nvModes.001
[2011/05/13 11:41:53 | 000,027,050 | ---- | C] () -- C:\Users\CW\AppData\Roaming\nvModes.dat
[2011/05/13 11:40:23 | 000,000,048 | ---- | C] () -- C:\Windows\Sierra.ini
[2011/04/17 02:45:08 | 000,046,658 | ---- | C] () -- C:\Users\CW\AppData\Roaming\room.dat
[2011/03/28 01:58:09 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2011/03/18 21:25:14 | 000,165,376 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011/03/18 21:25:08 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011/03/03 16:27:53 | 000,000,231 | ---- | C] () -- C:\Windows\QTW.INI
[2011/03/03 16:26:15 | 000,000,037 | ---- | C] () -- C:\Windows\MARIS.INI
[2011/02/20 23:52:29 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2011/02/09 15:43:43 | 000,002,048 | -HS- | C] () -- C:\Users\CW\AppData\Local\{eda91281-93df-6658-3563-59120e5e5b5d}\@
[2011/02/02 11:34:01 | 000,002,587 | ---- | C] () -- C:\Windows\WAVEMIX.INI
[2011/01/28 22:46:32 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2011/01/28 19:47:14 | 000,069,632 | ---- | C] () -- C:\Windows\UNINSTCC.EXE
[2011/01/15 18:19:54 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/01/15 18:19:54 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2011/01/15 18:19:54 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/01/15 18:17:31 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2011/01/10 04:24:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/08 00:42:47 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011/01/07 23:12:39 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/01/07 01:37:44 | 000,006,427 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/01/07 00:03:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/07 00:01:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/06 18:41:31 | 000,117,760 | ---- | C] () -- C:\Users\CW\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/06 17:40:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/01/06 16:01:56 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2011/01/06 15:26:58 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/01/06 02:32:07 | 000,008,484 | ---- | C] () -- C:\Users\CW\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/06/10 23:13:06 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\ApexDC++
[2012/06/15 14:51:57 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\Audacity
[2011/07/17 03:09:48 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\CNC_Generals_World
[2011/07/12 10:37:22 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2011/07/13 00:17:40 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/01/26 00:54:55 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\Command and Conquer 4
[2011/09/25 02:50:17 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\Downloaded Installations
[2012/06/14 23:28:07 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\Dropbox
[2011/02/05 22:55:23 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\ImgBurn
[2011/01/06 19:53:25 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\IrfanView
[2011/10/11 19:24:10 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\Moyea
[2011/07/05 13:31:19 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\OpenOffice.org
[2011/04/07 04:10:38 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\PCDr
[2012/04/30 16:31:33 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\PrimoPDF
[2011/01/08 00:48:47 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\Red Alert 3
[2012/04/26 21:22:40 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\SYSTEMAX Software Development
[2011/11/22 15:00:27 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\Tific
[2012/03/24 12:00:18 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\Tunngle
[2012/06/14 10:35:30 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\uTorrent
[2012/05/01 03:55:00 | 000,000,000 | ---D | M] -- C:\Users\CW\AppData\Roaming\WebStripper
[2012/06/14 11:32:03 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: AFD.SYS >
[2008/01/20 22:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/10 22:47:04 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\System32\drivers\afd.sys
[2009/04/10 22:47:04 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: NETBIOS.PY >
[2008/12/10 09:11:34 | 000,007,324 | ---- | M] () MD5=B8D1B045E61B8EFDE899FE6A54922748 -- C:\Python26\Lib\site-packages\win32\lib\netbios.py

< MD5 for: NETBIOS.SYS >
[2011/09/28 03:01:30 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=BCD093A5A6777CF626434568DC7DBA78 -- C:\Windows\System32\drivers\netbios.sys
[2011/09/28 03:01:30 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=BCD093A5A6777CF626434568DC7DBA78 -- C:\Windows\winsxs\x86_microsoft-windows-netbios_31bf3856ad364e35_6.0.6001.18000_none_59e1b82a6b1f4ec0\netbios.sys

< MD5 for: NETBT.SYS >
[2008/01/20 22:24:59 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2009/04/10 22:45:38 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2009/04/10 22:45:38 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

< MD5 for: TDX.SYS >
[2011/09/27 18:34:42 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\ERDNT\cache\tdx.sys
[2011/09/27 18:34:42 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\System32\drivers\tdx.sys
[2011/09/27 18:34:42 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[2008/01/20 22:24:53 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: USBIO.SYS >
[2001/05/07 06:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) MD5=F90D8F845095FCD6924E3D751C04E442 -- C:\Windows\System32\drivers\usbio.sys
[2001/05/07 06:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) MD5=F90D8F845095FCD6924E3D751C04E442 -- C:\Windows\System32\DriverStore\FileRepository\ndalink.inf_532114ad\usbio.sys

< MD5 for: VOLSNAP.SYS >
[2006/11/02 05:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 00:32:56 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 00:32:56 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 00:32:56 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/20 22:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 22:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< c:\windows\APW_DATA\*.* /s >
[2012/05/22 16:03:46 | 000,010,048 | ---- | M] () -- c:\windows\APW_DATA\LAUNCH.EXE
[2012/05/25 23:03:56 | 000,122,344 | ---- | M] () -- c:\windows\APW_DATA\NAARCAD.REC
[2012/05/25 23:04:23 | 000,064,590 | ---- | M] () -- c:\windows\APW_DATA\NABEES.REC
[2012/05/25 22:44:10 | 000,135,840 | ---- | M] () -- c:\windows\APW_DATA\NAHEART.REC
[2012/05/25 22:57:46 | 000,107,653 | ---- | M] () -- c:\windows\APW_DATA\NASOUND.REC
[2012/05/22 16:03:46 | 000,000,017 | ---- | M] () -- c:\windows\APW_DATA\NA_INST.INI
[2012/05/25 23:04:30 | 000,000,342 | ---- | M] () -- c:\windows\APW_DATA\RESUME.AP0
[2012/05/25 23:04:28 | 000,000,133 | ---- | M] () -- c:\windows\APW_DATA\NA01\CW.PAK

< "%WinDir%\$NtUninstallKB*$." >

< HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\NetBIOS >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\drivers\tsk426C.tmp
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\NetBIOS\Linkage]

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\NetBIOS\Parameters]

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\NetBIOS\Enum]

< %systemroot%\*. /rp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/11 23:05:06 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/11 23:05:06 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/11 23:05:06 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/11 23:05:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/11 23:05:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/11 23:05:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\CW\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\CW\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\CW\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\CW\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/02/22 00:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/02/22 00:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/02/22 00:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/02/22 02:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/02/22 02:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/11 23:05:06 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/11 23:05:06 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/11 23:05:06 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/11 23:05:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/11 23:05:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/11 23:05:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\CW\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\CW\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\CW\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\CW\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/02/22 00:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/02/22 00:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/02/22 00:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/02/22 02:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/02/22 02:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2012/06/05 15:33:55 | 000,000,006 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2012/06/05 15:33:17 | 000,009,819 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Local State
[2011/05/13 05:01:24 | 000,053,248 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2011/05/13 05:01:35 | 000,000,505 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2011/05/13 05:01:35 | 000,000,505 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2012/06/05 18:10:48 | 000,006,144 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2012/06/05 15:33:18 | 000,000,159 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2012/06/05 15:33:13 | 000,000,008 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2012/06/05 15:33:17 | 000,016,384 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2012/06/05 15:33:17 | 000,006,680 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
[2012/06/05 15:33:11 | 000,150,798 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
[2012/06/05 15:33:14 | 000,098,304 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\History
[2011/05/13 05:01:26 | 000,053,248 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-05
[2012/06/05 15:33:17 | 000,000,013 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2012/06/05 15:33:14 | 000,004,616 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\History-journal
[2011/10/17 11:29:07 | 000,000,144 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2011/06/08 14:37:22 | 000,000,713 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2012/06/07 16:39:37 | 000,006,622 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2012/06/05 15:33:18 | 000,012,288 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
[2012/06/05 15:33:19 | 000,000,512 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal
[2012/06/05 15:33:20 | 000,020,480 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2012/06/05 15:33:20 | 000,012,824 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
[2011/10/17 11:29:07 | 000,131,072 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2012/06/05 15:33:15 | 000,081,920 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2012/06/05 15:33:16 | 000,012,848 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
[2011/10/17 11:29:07 | 000,045,056 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
[2011/10/17 11:29:07 | 000,270,336 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
[2011/06/08 14:37:22 | 001,056,768 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
[2011/05/13 05:01:39 | 004,202,496 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
[2011/05/13 05:01:35 | 000,016,429 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
[2011/05/13 05:01:36 | 000,022,775 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
[2011/05/13 05:01:36 | 000,021,956 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
[2011/05/13 05:01:37 | 000,022,604 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
[2011/05/13 05:01:38 | 000,065,446 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
[2011/06/08 14:37:22 | 000,238,354 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
[2011/05/13 05:01:28 | 000,262,512 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Cache\index
[2011/10/17 11:29:02 | 000,004,580 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\background.html
[2011/10/17 11:29:02 | 000,006,629 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\change_sink.js
[2011/10/17 11:29:03 | 000,012,285 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\contentscript.js
[2011/10/17 11:29:03 | 000,013,606 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\document_iterator.js
[2011/10/17 11:29:03 | 000,005,122 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\dropdown_menu_icon_set.png
[2011/10/17 11:29:03 | 000,010,962 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\find_proxy.js
[2011/10/17 11:29:03 | 000,033,313 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\flags.gif
[2011/10/17 11:29:03 | 000,004,223 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\get_html_text.js
[2011/10/17 11:29:03 | 000,002,920 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\global_constants.js
[2011/10/17 11:29:03 | 000,000,834 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\manifest.json
[2011/10/17 11:29:03 | 000,001,984 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\name_injection_builder.js
[2011/10/17 11:29:03 | 004,000,928 | ---- | M] (Skype Technologies S.A.) -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
[2011/10/17 11:29:03 | 000,001,024 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\numbers_common_active_icon_set.gif
[2011/10/17 11:29:03 | 000,000,977 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\numbers_common_inactive_icon_set.gif
[2011/10/17 11:29:03 | 000,001,134 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\numbers_free_icon_set.gif
[2011/10/17 11:29:03 | 000,010,099 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\number_injection_builder.js
[2011/10/17 11:29:03 | 000,000,831 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\skype.png
[2011/10/17 11:29:03 | 000,001,876 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\skype_name_icon_set.gif
[2011/10/17 11:29:03 | 000,000,134 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\space.gif
[2011/10/17 11:29:03 | 000,009,935 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\string_finder.js
[2011/10/17 11:29:06 | 000,003,072 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lifbcibllhkdhoafpjfnlhfpfgnpldfl_0.localstorage
[2011/05/13 05:01:38 | 000,017,408 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db
[2011/05/13 05:01:38 | 000,019,456 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db
[2011/05/13 05:01:31 | 000,000,000 | ---- | M] () -- C:\Users\CW\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoRebootWithLoggedOnUsers" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-18 14:46:01

========== Files - Unicode (All) ==========
[2012/02/04 12:36:52 | 050,015,637 | ---- | C] ()(C:\Users\CW\Documents\????? - ?. ?????????? - ?????????? ?????. ????????????? ????? ?????????.pdf) -- C:\Users\CW\Documents\Эксмо - С. Виноградов - Броненосец Слава. Непобежденный герой Моонзунда.pdf
[2011/06/27 18:27:40 | 050,015,637 | ---- | M] ()(C:\Users\CW\Documents\????? - ?. ?????????? - ?????????? ?????. ????????????? ????? ?????????.pdf) -- C:\Users\CW\Documents\Эксмо - С. Виноградов - Броненосец Слава. Непобежденный герой Моонзунда.pdf

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

< End of report >

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:25 AM

Posted 16 June 2012 - 06:46 AM

Hi!

Thanks for posting that log file for me. I can see where the issue is.

Run the following script with ComboFix.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
Registry::
[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\NetBIOS]
"ImagePath"=System32\drivers\netbios.sys

Folder::
C:\Users\CW\AppData\Local\{eda91281-93df-6658-3563-59120e5e5b5d}\

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 cwjian90

cwjian90
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 23 June 2012 - 01:40 AM

Hi ST,

Here are the results:
ComboFix 12-06-23.01 - CW 06/23/2012 2:00.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1795 [GMT -4:00]
Running from: c:\users\CW\Desktop\ComboFix.exe
Command switches used :: c:\users\CW\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\CW\AppData\Local\{eda91281-93df-6658-3563-59120e5e5b5d}
c:\users\CW\AppData\Local\{eda91281-93df-6658-3563-59120e5e5b5d}\@
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 06:17 . 2012-06-23 06:24 -------- d-----w- c:\users\CW\AppData\Local\temp
2012-06-23 06:17 . 2012-06-23 06:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-23 06:17 . 2012-06-23 06:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 06:17 . 2012-06-23 06:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-19 21:35 . 2012-06-19 21:35 4967624 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-19 15:34 . 2012-06-19 15:50 -------- d-----w- c:\program files\Mass Effect
2012-06-17 03:33 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9527C270-ED8F-430C-913D-6F28478F5D5D}\mpengine.dll
2012-06-14 14:48 . 2012-06-14 14:48 -------- d-----w- c:\program files\Dropbox
2012-06-14 14:36 . 2012-06-14 14:36 -------- d-----w- C:\_OTL
2012-06-14 14:33 . 2012-06-14 14:34 -------- d-----w- c:\program files\ERUNT
2012-06-12 03:05 . 2012-06-12 03:05 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-12 03:05 . 2012-06-12 03:05 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-11 21:49 . 2012-06-11 21:49 -------- d-----w- c:\program files\Datel
2012-06-11 21:44 . 2001-05-07 10:56 19805 ----a-w- c:\windows\system32\drivers\usbio.sys
2012-06-05 20:31 . 2012-06-05 20:31 -------- d-----w- c:\program files\Common Files\Java
2012-06-05 20:27 . 2012-06-05 20:27 -------- d-----w- c:\program files\Oracle
2012-06-05 20:26 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-05 19:37 . 2012-06-05 19:37 -------- d-----w- c:\users\CW\AppData\Roaming\SUPERAntiSpyware.com
2012-06-05 19:36 . 2012-06-05 19:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-05 19:36 . 2012-06-05 19:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-05 15:38 . 2012-06-05 15:38 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-04 21:02 . 2012-02-09 17:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C248074E-0300-47A8-8A50-F0ABE393689A}\gapaengine.dll
2012-06-04 20:54 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-06-02 15:12 . 2012-06-02 15:12 -------- d-----w- c:\program files\Bk-Tools English
2012-05-24 22:14 . 2012-05-24 22:14 -------- d-----w- c:\users\CW\AppData\Local\PunkBuster
2012-05-24 22:14 . 2012-05-24 22:14 -------- d-----w- c:\users\CW\AppData\Local\CrashRpt
2012-05-24 22:09 . 2012-05-24 22:09 -------- d-----w- c:\program files\Microsoft Chart Controls
2012-05-24 22:08 . 2012-05-24 22:08 138056 ----a-w- c:\users\CW\AppData\Roaming\PnkBstrK.sys
2012-05-24 22:05 . 2012-05-24 22:05 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-05-24 22:05 . 2012-05-24 22:05 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-05-24 18:57 . 2012-05-24 18:57 -------- d-----w- c:\users\CW\AppData\Roaming\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-05 20:34 . 2012-05-14 06:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-05 20:34 . 2012-01-06 06:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 16:40 . 2011-11-16 07:01 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 22:47 . 2011-01-06 20:48 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2011-01-10 03:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-18 06:01 . 2012-01-29 21:26 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-10-06 23:35 177128 --sha-r- c:\windows\System32\hal.dll
2011-10-06 23:35 1083880 --sha-r- c:\windows\System32\drivers\ntfs.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\CW\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\CW\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\CW\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\CW\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800]
"ChromeFrameHelper"="c:\users\CW\AppData\Local\Google\Chrome\Application\19.0.1084.56\chrome_frame_helper.exe" [2012-06-07 96792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-10-07 279144]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-05-20 184320]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\CW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Banshee Screamer Alarm.lnk - c:\program files\Banshee Screamer Alarm\alarm.exe [2012-1-30 274432]
Dropbox.lnk - c:\users\CW\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 1 (0x1)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^CW^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\CW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2007-02-15 19:29 622592 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2006-07-19 19:51 65536 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-23 00:49 6591800 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 12:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-03 11:38 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 257696]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 20:34]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2983540585-2013573526-3603927823-1000Core.job
- c:\users\CW\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-13 08:54]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2983540585-2013573526-3603927823-1000UA.job
- c:\users\CW\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-13 08:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.my/
uInternet Settings,ProxyOverride = local;*.local
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_3/DaumActiveX.cab?ver=2,0,1,3
FF - ProfilePath - c:\users\CW\AppData\Roaming\Mozilla\Firefox\Profiles\t42tfozs.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.ca
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-23 02:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetBIOS]
"ImagePath"="system32\drivers\tsk426C.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6008)
c:\users\CW\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\brss01a.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\windows\system32\STacSV.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\atwtusb.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\System32\rundll32.exe
c:\program files\Yahoo!\Messenger\YahooMessenger.exe
c:\program files\Yahoo!\Messenger\YahooMessenger.exe
c:\windows\system32\WUDFHost.exe
c:\program files\uTorrent\uTorrent.exe
c:\program files\Combined Community Codec Pack\MPC\mpc-hc.exe
c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2012-06-23 02:37:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 06:36
ComboFix2.txt 2012-06-15 03:39
ComboFix3.txt 2011-10-11 05:34
ComboFix4.txt 2011-10-01 05:05
ComboFix5.txt 2012-06-23 05:56
.
Pre-Run: 10,365,616,128 bytes free
Post-Run: 10,505,564,160 bytes free
.
- - End Of File - - 47CE2584C21E1712ADE64F2F9045655B

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:25 AM

Posted 23 June 2012 - 03:49 AM

Hi!

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. MalwareBytes' Anti-Malware log file.
3. ESET Online Virus Scan log file.
4. SecurityCheck log file.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:25 AM

Posted 05 July 2012 - 08:41 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:25 AM

Posted 28 July 2012 - 06:21 PM

This topic has been re-opened at the request of the person who originally posted.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 cwjian90

cwjian90
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 28 July 2012 - 10:19 PM

Hi ST,

Again, sorry about the late reply.

MBAM Log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.24.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19048
CW :: CW-PC [administrator]

6/24/2012 3:11:25 AM
mbam-log-2012-06-24 (03-11-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229976
Time elapsed: 10 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET

C:\_OTL\MovedFiles\06142012_103649\C_Users\CW\AppData\Roaming\vcesp.dll a variant of Win32/Medfos.AD trojan cleaned by deleting - quarantined

SecurityCheck

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Python 2.6 - spyder 2.0.10
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.0
Java™ 6 Update 22
Java™ 6 Update 29
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 11.2.202.235
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 15 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:25 AM

Posted 29 July 2012 - 03:36 PM

Hi!

Again, sorry about the late reply.

No worries!

I understand how real life works. :)

These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\_OTL\MovedFiles\06142012_103649\C_Users\CW\AppData\Roaming\vcesp.dll a variant of Win32/Medfos.AD trojan cleaned by deleting - quarantined


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

-----


Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u4-windows-i586-s.exe (or jre-7u4-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Your version of Internet Explorer is outdated.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %systemroot%\*. /rp /s
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 cwjian90

cwjian90
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 06 August 2012 - 11:03 AM

Hi ST,

Just a head's up, but I have to go to Singapore tomorrow for visa stuff, I will bring my laptop with me to run the procedures, but may be slow in posting for the next week.

Thanks again,

cwjian90

Edited by cwjian90, 06 August 2012 - 11:04 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users